IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things

Jose Areia; Ivo Afonso Bispo; Leonel Santos; Rogerio Luis de C. Costa

doi:10.1109/ACCESS.2024.3437214

IEEE Access (Jan 2024)

IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things

Jose Areia,
Ivo Afonso Bispo,
Leonel Santos,
Rogerio Luis de C. Costa

Affiliations

Jose Areia: ORCiD; Computer Science and Communications Research Centre (CIIC), School of Technology and Management (ESTG), Polytechnic of Leiria, Leiria, Portugal
Ivo Afonso Bispo: ORCiD; Computer Science and Communications Research Centre (CIIC), School of Technology and Management (ESTG), Polytechnic of Leiria, Leiria, Portugal
Leonel Santos: ORCiD; Computer Science and Communications Research Centre (CIIC), School of Technology and Management (ESTG), Polytechnic of Leiria, Leiria, Portugal
Rogerio Luis de C. Costa: ORCiD; Computer Science and Communications Research Centre (CIIC), School of Technology and Management (ESTG), Polytechnic of Leiria, Leiria, Portugal

DOI: https://doi.org/10.1109/ACCESS.2024.3437214
Journal volume & issue: Vol. 12
pp. 115370 – 115385

Abstract

Read online

The healthcare industry relies heavily on a robust medical infrastructure but generates sensitive data about patients whose confidentiality and integrity protection must be guaranteed. But, although the Internet of Medical Things (IoMT) facilitates the interconnection of medical devices, software applications, and health systems, it also introduces vulnerabilities for adversaries to exploit. Moreover, in recent years, integrating machine learning (ML) into intrusion detection systems (IDS) have shown great potential in identifying malicious actions in the Internet of Things. However, such methods often require representative data for training, which is not commonly available for the IoMT. In this work, we introduce the IoMT-TrafficData, a dataset comprising IoMT network traffic data with features built over packet and network flow information for benign traffic and eight types of attacks. We present results from using several traditional ML algorithms and deep models to identify malicious traffic (binary classification) and the type of attack (multiclass classification), along with a comparative analysis of employing packet and flow statistics in ML-based intrusion detection. We show that ML algorithms can achieve high performance in identifying malicious traffic and distinct attacks, as most of the evaluated methods achieved an F1-score of over 90%. We also show that their performance on traffic-packets is, on average, almost 3% better for identifying malicious traffic than the individual attacks, and they achieve up to 5% better performance when dealing with traffic-flow statistics than when working on packed-based features. Hence, our experiments show the potential of using IoMT traffic flows in ML-based IDS and the usefulness of the IoMT-TrafficData dataset in such a context and present results that may be a benchmark reference for those who work with the dataset. The dataset can be openly accessed through the DOI 10.5281/zenodo.8116337.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords