Anomaly-based threat detection in smart health using machine learning

Muntaha Tabassum; Saba Mahmood; Amal Bukhari; Bader Alshemaimri; Ali Daud; Fatima Khalique

doi:10.1186/s12911-024-02760-4

BMC Medical Informatics and Decision Making (Nov 2024)

Anomaly-based threat detection in smart health using machine learning

Muntaha Tabassum,
Saba Mahmood,
Amal Bukhari,
Bader Alshemaimri,
Ali Daud,
Fatima Khalique

Affiliations

Muntaha Tabassum: Department of Computer Science, Bahria University
Saba Mahmood: Department of Computer Science, Bahria University
Amal Bukhari: Department of Information Systems and Technology, Collage of Computer Science and Engineering, University of Jeddah
Bader Alshemaimri: Software Engineering Department, College of Computing and Information Sciences, King Saud University
Ali Daud: Faculty of Resilience, Rabdan Academy
Fatima Khalique: Centre of Excellence in Artificial Intelligence COE-AI, Bahria University

DOI: https://doi.org/10.1186/s12911-024-02760-4
Journal volume & issue: Vol. 24, no. 1
pp. 1 – 19

Abstract

Read online

Abstract Background Anomaly detection is crucial in healthcare data due to challenges associated with the integration of smart technologies and healthcare. Anomaly in electronic health record can be associated with an insider trying to access and manipulate the data. This article focuses around the anomalies under different contexts. Methodology This research has proposed methodology to secure Electronic Health Records (EHRs) within a complex environment. We have employed a systematic approach encompassing data preprocessing, labeling, modeling, and evaluation. Anomalies are not labelled thus a mechanism is required that predicts them with greater accuracy and less false positive results. This research utilized unsupervised machine learning algorithms that includes Isolation Forest and Local Outlier Factor clustering algorithms. By calculating anomaly scores and validating clustering through metrics like the Silhouette Score and Dunn Score, we enhanced the capacity to secure sensitive healthcare data evolving digital threats. Three variations of Isolation Forest (IForest)models (SVM, Decision Tree, and Random Forest) and three variations of Local Outlier Factor (LOF) models (SVM, Decision Tree, and Random Forest) are evaluated based on accuracy, sensitivity, specificity, and F1 Score. Results Isolation Forest SVM achieves the highest accuracy of 99.21%, high sensitivity (99.75%) and specificity (99.32%), and a commendable F1 Score of 98.72%. The Isolation Forest Decision Tree also performs well with an accuracy of 98.92% and an F1 Score of 99.35%. However, the Isolation Forest Random Forest exhibits lower specificity (72.84%) than the other models. Conclusion The experimental results reveal that Isolation Forest SVM emerges as the top performer showcasing the effectiveness of these models in anomaly detection tasks. The proposed methodology utilizing isolation forest and SVM produced better results by detecting anomalies with less false positives in this specific EHR of a hospital in North England. Furthermore the proposal is also able to identify new contextual anomalies that were not identified in the baseline methodology.

Published in BMC Medical Informatics and Decision Making

ISSN: 1472-6947 (Online)
Publisher: BMC
Country of publisher: United Kingdom
LCC subjects: Medicine: Medicine (General): Computer applications to medicine. Medical informatics
Website: http://bmcmedinformdecismak.biomedcentral.com

About the journal

Abstract

Keywords