Securing the internet of medical things (IoMT): a multi-stage machine learning approach for effective intrusion detection
摘要
Recently, Internet of Medical Things (IoMT) devices have been shown to improve healthcare services and provide reliable medical data. However, IoMT devices are typically resource-constrained, highly heterogeneous, and operate in real-time environments, which makes them vulnerable to various cyberattacks. Therefore, in this study, we propose a novel artificial intelligence-based multi-stage framework that integrates sequential attack detection, hierarchical classification. In addition, six different feature selection techniques were evaluated–Chi-Square, XGBoost-based, PCA, particle Swarm Optimization (PSO), Ant Colony Optimization (ACO), and an Attention-based method–were evaluated to determine the most effective one. The best-performing technique was integrated into the final framework. The publicly available CICIoMT2024 dataset was utilized, which contains both normal and attack traffic collected from realistic IoMT environments. It includes 18 different types of attack that cover multiple communication protocols (such as MQTT, ARP, and ICMP). In addition to accuracy, evaluation metrics such as precision, recall, F1-score, ROC-AUC, and PR-AUC were considered to ensure a comprehensive performance assessment. For the model accuracy in classifying specific types of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, it was 100%, for the MQTT classification it was 93.10%, and for the RECON classification it was 99.97%.