Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study

Introducing IoT systems to healthcare applications has made it possible to remotely monitor patients& x2019; information and provide proper diagnostics whenever needed. However, providing high-security features that guarantee the correctness and confidentiality of patients& x2019; data is a significant challenge. Any alteration to the data could affect the patients& x2019; treatment, leading to human casualties in emergency conditions. Due to the high dimensionality and prominent dynamicity of the data involved in such systems, machine learning has the promise to provide an effective solution when it comes to intrusion detection. However, most of the available healthcare intrusion detection systems either use network flow metrics or patients& x2019; biometric data to build their datasets. This paper aims to show that combining both network and biometric metrics as features performs better than using only one of the two types of features. We have built a real-time Enhanced Healthcare Monitoring System (EHMS) testbed that monitors the patients& x2019; biometrics and collects network flow metrics. The monitored data is sent to a remote server for further diagnostic and treatment decisions. Man-in-the-middle cyber-attacks have been used, and a dataset of more than 16 thousand records of normal and attack healthcare data has been created. The system then applies different machine learning methods for training and testing the dataset against these attacks. Results prove that the performance has improved by 7& x0025; to 25& x0025; in some cases, and this shows the robustness of the proposed system in providing proper intrusion detection.