<p>With the increasing complexity of attacks on Internet of Medical Things (IoMT) systems, Cross-Protocol (CP) and Cross-Layer (CL) attacks have recently emerged as critical threats, further intensifying the challenges faced by intrusion detection systems (IDS). While most prior studies have focused on traditional binary or multi-class classification, CP and CL attacks remain largely overlooked. These attacks exploit interactions across protocols and layers to evade conventional IDS solutions that operate in a protocol- or layer-isolated manner. Our work introduces an Intrusion Detection System (IDS) framework designed to identify advanced threats effectively. We tested the proposed IDS framework using the CICIoMT2024 dataset. The CICIoMT2024 dataset contains Wi-Fi and Message Queuing Telemetry Transport (MQTT) traffic. We ran different algorithms through standardized preprocessing, both with and without Principal Component Analysis (PCA). Feature clustering and hierarchical balancing were also applied to ensure fair and reliable evaluation across label, category, and subcategory levels. Among the tested models, Random Forest (RF) without PCA achieved the most consistent performance, reaching accuracy values above 99% and F1-scores of 0.9951 (CP) and 0.9926 (CL). In addition, RF demonstrated high computational efficiency, requiring approximately 0.02&#xa0;s per test instance and consuming less than 1 MiB of memory, making it suitable for resource-constrained IoMT devices. This low-latency design supports real-time intrusion detection in safety–critical IoMT systems, where fast decisions are essential to prevent delayed or incorrect medical responses. PCA further demonstrated its value by stabilizing the performance of MLP, improving its F1-score in CP detection from 0.0385 to 0.9867. These results highlight the practicality of combining efficient models with resource-aware design to provide robust CP/CL detection in real-world IoMT environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Resource-aware ML framework for multi-level cross-layer and cross-protocol attack detection in IoMT

  • Doaa Shwayat,
  • Qasem Abu Al-Haija,
  • Abdallah Alma’aitah

摘要

With the increasing complexity of attacks on Internet of Medical Things (IoMT) systems, Cross-Protocol (CP) and Cross-Layer (CL) attacks have recently emerged as critical threats, further intensifying the challenges faced by intrusion detection systems (IDS). While most prior studies have focused on traditional binary or multi-class classification, CP and CL attacks remain largely overlooked. These attacks exploit interactions across protocols and layers to evade conventional IDS solutions that operate in a protocol- or layer-isolated manner. Our work introduces an Intrusion Detection System (IDS) framework designed to identify advanced threats effectively. We tested the proposed IDS framework using the CICIoMT2024 dataset. The CICIoMT2024 dataset contains Wi-Fi and Message Queuing Telemetry Transport (MQTT) traffic. We ran different algorithms through standardized preprocessing, both with and without Principal Component Analysis (PCA). Feature clustering and hierarchical balancing were also applied to ensure fair and reliable evaluation across label, category, and subcategory levels. Among the tested models, Random Forest (RF) without PCA achieved the most consistent performance, reaching accuracy values above 99% and F1-scores of 0.9951 (CP) and 0.9926 (CL). In addition, RF demonstrated high computational efficiency, requiring approximately 0.02 s per test instance and consuming less than 1 MiB of memory, making it suitable for resource-constrained IoMT devices. This low-latency design supports real-time intrusion detection in safety–critical IoMT systems, where fast decisions are essential to prevent delayed or incorrect medical responses. PCA further demonstrated its value by stabilizing the performance of MLP, improving its F1-score in CP detection from 0.0385 to 0.9867. These results highlight the practicality of combining efficient models with resource-aware design to provide robust CP/CL detection in real-world IoMT environments.