A minimalistic yet effective domain adaptation strategy for IoMT network intrusion detection
摘要
The growing complexity of technology heightens the security risks for Internet of Medical Things (IoMT) systems, as many IoMT devices were originally deployed with minimal attention to security. Intrusions can critically endanger the safety of these systems. Machine learning-assisted intrusion detection systems show promise in detecting such breaches. However, a significant challenge exists in the form of insufficient domain-specific datasets for IoMT intrusion detection, particularly those that categorise detailed attack types. Therefore, extensive IoT intrusion datasets can be domain-adapted for IoMT intrusion detection. This research provides a comprehensive evaluation of various feature-based domain adaptation (FDA) techniques for IoMT intrusion detection, using general IoT data. The ACIIoT2023 network dataset is used as the source domain, while the CICIoMT2024 dataset is used as the target domain. Using the proposed FDA method named Classwise Wasserstein Distance (CWD), a modification of the classical Wasserstein-2 distance, which is notable for its geometric sophistication and provides a holistic measure of distributional mismatch, thus capturing higher-order momentum, yielded optimal classification outcomes through lightweight Logistic Regression (LR). Our empirical analysis using authentic IoT datasets indicated that this classwise alignment significantly increases cross-domain detection precision, supporting reliable model development in evolving IoMT contexts. Additionally, integration of the Particle Swarm Optimization (PSO) algorithm with LR significantly improved the optimization effectiveness. The proposed CWD-based model consistently outperformed alternative methods, especially in identifying attack classes. The proposed PSO-adopted CWD-based LR model outperformed state-of-the-art FDA approaches, achieving an F1 score of 94.23% in the overall and 96.08% in the attack category of the target dataset.