A Self-Learning Approach for Detecting Intrusions in Healthcare Systems

The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication and real-time monitoring. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases.