IoMT-TrafficData: A Dataset for Benchmarking Intrusion Detection in IoMT
- 1. Politécnico de Leiria
Description
Article Information
The work involved in developing the dataset and benchmarking its use of machine learning is set out in the article ‘IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things’. DOI: 10.1109/ACCESS.2024.3437214.
Please do cite the aforementioned article when using this dataset.
Abstract
The increasing importance of securing the Internet of Medical Things (IoMT) due to its vulnerabilities to cyber-attacks highlights the need for an effective intrusion detection system (IDS). In this study, our main objective was to develop a Machine Learning Model for the IoMT to enhance the security of medical devices and protect patients’ private data. To address this issue, we built a scenario that utilised the Internet of Things (IoT) and IoMT devices to simulate real-world attacks. We collected and cleaned data, pre-processed it, and provided it into our machine-learning model to detect intrusions in the network. Our results revealed significant improvements in all performance metrics, indicating robustness and reproducibility in real-world scenarios. This research has implications in the context of IoMT and cybersecurity, as it helps mitigate vulnerabilities and lowers the number of breaches occurring with the rapid growth of IoMT devices. The use of machine learning algorithms for intrusion detection systems is essential, and our study provides valuable insights and a road map for future research and the deployment of such systems in live environments. By implementing our findings, we can contribute to a safer and more secure IoMT ecosystem, safeguarding patient privacy and ensuring the integrity of medical data.
ZIP Folder Content
The ZIP folder comprises two main components: Captures and Datasets. Within the captures folder, we have included all the captures used in this project. These captures are organized into separate folders corresponding to the type of network analysis: BLE or IP-Based. Similarly, the datasets folder follows a similar organizational approach. It contains datasets categorized by type: BLE, IP-Based Packet, and IP-Based Flows.
To cater to diverse analytical needs, the datasets are provided in two formats: CSV (Comma-Separated Values) and pickle. The CSV format facilitates seamless integration with various data analysis tools, while the pickle format preserves the intricate structures and relationships within the dataset.
This organization enables researchers to easily locate and utilize the specific captures and datasets they require, based on their preferred network analysis type or dataset type. The availability of different formats further enhances the flexibility and usability of the provided data.
Datasets' Content
Within this dataset, three sub-datasets are available, namely BLE, IP-Based Packet, and IP-Based Flows. Below is a table of the features selected for each dataset and consequently used in the evaluation model within the provided work.
Identified Key Features Within Bluetooth Dataset
| Feature | Meaning |
| btle.advertising_header | BLE Advertising Packet Header |
| btle.advertising_header.ch_sel | BLE Advertising Channel Selection Algorithm |
| btle.advertising_header.length | BLE Advertising Length |
| btle.advertising_header.pdu_type | BLE Advertising PDU Type |
| btle.advertising_header.randomized_rx | BLE Advertising Rx Address |
| btle.advertising_header.randomized_tx | BLE Advertising Tx Address |
| btle.advertising_header.rfu.1 | Reserved For Future 1 |
| btle.advertising_header.rfu.2 | Reserved For Future 2 |
| btle.advertising_header.rfu.3 | Reserved For Future 3 |
| btle.advertising_header.rfu.4 | Reserved For Future 4 |
| btle.control.instant | Instant Value Within a BLE Control Packet |
| btle.crc.incorrect | Incorrect CRC |
| btle.extended_advertising | Advertiser Data Information |
| btle.extended_advertising.did | Advertiser Data Identifier |
| btle.extended_advertising.sid | Advertiser Set Identifier |
| btle.length | BLE Length |
| frame.cap_len | Frame Length Stored Into the Capture File |
| frame.interface_id | Interface ID |
| frame.len | Frame Length Wire |
| nordic_ble.board_id | Board ID |
| nordic_ble.channel | Channel Index |
| nordic_ble.crcok | Indicates if CRC is Correct |
| nordic_ble.flags | Flags |
| nordic_ble.packet_counter | Packet Counter |
| nordic_ble.packet_time | Packet time (start to end) |
| nordic_ble.phy | PHY |
| nordic_ble.protover | Protocol Version |
Identified Key Features Within IP-Based Packets Dataset
| Feature | Meaning |
| http.content_length | Length of content in an HTTP response |
| http.request | HTTP request being made |
| http.response.code | Sequential number of an HTTP response |
| http.response_number | Sequential number of an HTTP response |
| http.time | Time taken for an HTTP transaction |
| tcp.analysis.initial_rtt | Initial round-trip time for TCP connection |
| tcp.connection.fin | TCP connection termination with a FIN flag |
| tcp.connection.syn | TCP connection initiation with SYN flag |
| tcp.connection.synack | TCP connection establishment with SYN-ACK flags |
| tcp.flags.cwr | Congestion Window Reduced flag in TCP |
| tcp.flags.ecn | Explicit Congestion Notification flag in TCP |
| tcp.flags.fin | FIN flag in TCP |
| tcp.flags.ns | Nonce Sum flag in TCP |
| tcp.flags.res | Reserved flags in TCP |
| tcp.flags.syn | SYN flag in TCP |
| tcp.flags.urg | Urgent flag in TCP |
| tcp.urgent_pointer | Pointer to urgent data in TCP |
| ip.frag_offset | Fragment offset in IP packets |
| eth.dst.ig | Ethernet destination is in the internal network group |
| eth.src.ig | Ethernet source is in the internal network group |
| eth.src.lg | Ethernet source is in the local network group |
| eth.src_not_group | Ethernet source is not in any network group |
| arp.isannouncement | Indicates if an ARP message is an announcement |
Identified Key Features Within IP-Based Flows Dataset
| Feature | Meaning |
| proto | Transport layer protocol of the connection |
| service | Identification of an application protocol |
| orig_bytes | Originator payload bytes |
| resp_bytes | Responder payload bytes |
| history | Connection state history |
| orig_pkts | Originator sent packets |
| resp_pkts | Responder sent packets |
| flow_duration | Length of the flow in seconds |
| fwd_pkts_tot | Forward packets total |
| bwd_pkts_tot | Backward packets total |
| fwd_data_pkts_tot | Forward data packets total |
| bwd_data_pkts_tot | Backward data packets total |
| fwd_pkts_per_sec | Forward packets per second |
| bwd_pkts_per_sec | Backward packets per second |
| flow_pkts_per_sec | Flow packets per second |
| fwd_header_size | Forward header bytes |
| bwd_header_size | Backward header bytes |
| fwd_pkts_payload | Forward payload bytes |
| bwd_pkts_payload | Backward payload bytes |
| flow_pkts_payload | Flow payload bytes |
| fwd_iat | Forward inter-arrival time |
| bwd_iat | Backward inter-arrival time |
| flow_iat | Flow inter-arrival time |
| active | Flow active duration |
Files
ML-Based IDS IoMT.zip
Files
(2.7 GB)
| Name | Size | Download all |
|---|---|---|
|
md5:f074d72ee924c3307d188deb7c663661
|
2.7 GB | Preview Download |