Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

Springer Nature Link
Log in

MLRA-Sec: an adaptive and intelligent cyber-security-assessment model for internet of medical things (IoMT)

  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Internet of Medical Things (IoMT) applications, called also Medical Internet of Things (MIoT) or IoT for e-health, allow integrating smart technologies to medical devices for a better monitoring of disease progression and patients tracking. While it offers extensive benefits and despite of its expansion, IoMT brings round additional security concerns. Connected Medical Devices (CMD) raise up several security and privacy problems. The complexity and heterogeneity of data and technology in IoMT communications create additional security risks and threats. Malicious users may exploit crucial vulnerabilities in a wide range of IoMT applications, networks and devices. Hence, thinking about smart and efficient security solutions is an urgent need to understand and assess IoMT-related threats. Existing traditional models are no longer convenient and remain unsuitable to address the various born risks. We present in the current manuscript an in depth study of security concerns within IoMT. We review popular risk assessment and management approaches and discuss their suitability to the IoMT context. The main shortcomings are inherent to the complex architecture, the lack of automation and the numerous stakeholders with different security needs and skills.With reference to the conducted study, we introduce our solution as a framework to enhance trustworthiness and support decision making within IoMT environments. The proposal relies on a fine-grained approach for managing associated risks with regard to different areas of focus and common risk factors. To do so, a Machine Learning (ML)-based anomaly detection model and a hybrid Risk Assessment (RA) model are defined to evaluate cumulative IoMT risk. Experiments show obtained competitive results compared to state of the art ML models to detect intrusions in IoT/IoMT systems and we obtained an accuracy rate of 100% with some algorithms. A use case of application is presented to highlight the efficiency of the proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Availability of data and materials

A part of this research was conducted based on the publicly available ’BoTNeT-IoT’ dataset.

References

  1. Statista: Number of internet of things (IoT) active connections in healthcare in the European Union (EU) in 2016, 2019, 2022 and 2025 (2020). www.statista.com/statistics/691848/iot-active-connections-in-healthcare-in-the-eu/

  2. Statista: Number of internet of things (IoT) connections worldwide in 2022 and 2023, by application (2023). http://www.statista.com/statistics/1403198/

  3. Bera, A.: 80 insightful internet of things statistics (infographic) (2019). https://safeatlast.co/blog/iot-statistics/

  4. Mckinsey: Digital ecosystems for insurers: opportunities through the internet of things (2019). https://www.mckinsey.com/industries/financial-services/our-insights

  5. Ksibi, S., Jaidi, F., Bouhoula, A.: A comprehensive study of security and cyber-security risk management within e-health systems: synthesis, analysis and a novel quantified approach. Mobile Netw. Appl pp. 1–21 (2022)

  6. Jaïdi, F., Labbene Ayachi, F., Bouhoula, A.: A methodology and toolkit for deploying reliable security policies in critical infrastructures. Secur. Commun. Netw. 2018(1), 7142170 (2018)

    Google Scholar 

  7. Jaidi, F., Ayachi, F.L.: A risk awareness approach for monitoring the compliance of RBAC-based policies. In: 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), Vol. 4, IEEE, 2015, pp. 454–459

  8. Ksibi, S., Jaidi, F., Bouhoula, A.: IoMT security model based on machine learning and risk assessment techniques. In: International Wireless Communications and Mobile Computing (IWCMC). IEEE 2023, 614–619 (2023)

  9. Abdullah, A., Ismael, A., Rashid, A., Abou-ElNour, A., Tarique, M.: Real time wireless health monitoring application using mobile devices. Int. J. Comput. Netw. Commun. (IJCNC) 7(3), 13–30 (2015)

    Article  Google Scholar 

  10. AllTheResearch: Global internet of medical things (IoMT) market—segment analysis, opportunity assessment, competitive intelligence, industry outlook 2016–2026 (2019). https://www.alltheresearch.com/report/166/internet-of-medical-things-market

  11. OWASP: Top IoT vulnerabilities (2016). https://www.owasp.org/index

  12. Khan, M.A., Salah, K.: IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)

    Article  Google Scholar 

  13. Jiang, X., Lora, M., Chattopadhyay, S.: An experimental analysis of security vulnerabilities in industrial IoT devices. ACM Trans. Intern. Technol. (TOIT) 20(2), 1–24 (2020)

    Article  Google Scholar 

  14. Chen, K., Zhang, S., Li, Z., Zhang, Y., Deng, Q., Ray, S., Jin, Y.: Internet-of-things security and vulnerabilities: taxonomy, challenges, and practice. J. Hardw. Syst. Secur. 2(2), 97–110 (2018)

    Article  Google Scholar 

  15. Grammatikis, P.I.R., Sarigiannidis, P.G., Moscholios, I.D.: Securing the internet of things: challenges, threats and solutions. Intern. Things 5, 41–70 (2019)

    Article  Google Scholar 

  16. Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Improving the information security risk assessment process (2007)

  17. Wynn, J., Whitmore, J., Upton, G., Spriggs, L., McKinnon, D., McInnes, R., Graubart, R., Clausen, L.: Threat assessment and remediation analysis (TARA): methodology description version 1.0, Technical report, MITRE CORP BEDFORD MA (2011)

  18. Institute, C.: What is capability maturity model integration (CMMI) (2017). http://cmmiinstitute.com/capability-maturity-model-integration

  19. FIRST, S.: Common vulnerability scoring system sig (2017). https://www.first.org/cvss/

  20. Shaw, R., Takanti, V., Zullo, T., Director, M., Llc, E.: Best practices in cyber supply chain risk management Boeing and Exostar cyber security supply chain risk management interviews (2017)

  21. F. A. of Information Risk: Quantitative information risk management | the fair institute (2017). http://www.fairinstitute.org/

  22. ISO.: International Standard: Risk Management: Principles and Guidelines. ISO 31000. Principes Et Lignes Directrices, ISO, 2009

  23. Force, J.T.: Risk management framework for information systems and organizations. NIST Spec. Public. 800, 37 (2018)

    Google Scholar 

  24. F. A. of Information Risk, What is a cyber value-at-risk model? (2017). http://www.fairinstitute.org/blog/what-is-a-cyber-value-at-risk-model

  25. Radanliev, P., De Roure, D.C., Nicolescu, R., Huth, M., Montalvo, R.M., Cannady, S., Burnap, P.: Future developments in cyber risk assessment for the internet of things. Comput. Ind. 102, 14–22 (2018)

    Article  Google Scholar 

  26. Radanliev, P., De Roure, D., Cannady, S., Montalvo, R. M., Nicolescu, R., Huth, M.: Economic impact of IoT cyber risk-analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance (2018)

  27. Malik, V., Singh, S.: Security risk management in IoT environment. J. Discrete Math. Sci. Cryptogr. 22(4), 697–709 (2019)

    Article  MathSciNet  Google Scholar 

  28. Radanliev, P., De Roure, D.C., Nurse, J. R., Burnap, P., Anthi,E., Uchenna, A., Santos, O., Montalvo, R.M., et al.: Cyber risk management for the internet of things (2019)

  29. Akinrolabu, O., New, S., Martin, A.: CSCCRA: A novel quantitative risk assessment model for SaaS cloud service providers. Computers 8(3), 66 (2019)

    Article  Google Scholar 

  30. Abou El Houda, Z., Moudoud, H., Khoukhi, L.: Secure and efficient federated learning for robust intrusion detection in IoT networks. In: GLOBECOM 2023-2023 IEEE Global Communications Conference, IEEE, pp. 2668–2673 (2023)

  31. Moudoud, H., Mlika, Z., Khoukhi, L., Cherkaoui, S.: Detection and prediction of FDI attacks in IoT systems via hidden Markov model. IEEE Transactions on Network Science and Engineering 9(5), 2978–2990 (2022)

    Article  Google Scholar 

  32. Banse, C., Kunz, I., Schneider, A., Weiss, K.: Cloud property graph: Connecting cloud security assessments with static code analysis. In: 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), IEEE, pp. 13–19 (2021)

  33. Sun, Y., Lin, D., Song, H., Yan, M., Cao, L.: A method to construct vulnerability knowledge graph based on heterogeneous data. In: 2020 16th International Conference on Mobility, Sensing and Networking (MSN), IEEE, pp. 740–745 (2020)

  34. Ksibi, S., Jaidi, F., Bouhoula, A.: Securing IoMT applications: an approach for enhancing the reliability of security policies within cloud databases. J. Inf. Sci. Eng. 40, 1197–1209 (2024)

    Google Scholar 

  35. Yaqoob, T., Abbas, H., Atiquzzaman, M.: Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices-a review. IEEE Commun. Surv. Tutor. 21(4), 3723–3768 (2019)

    Article  Google Scholar 

  36. Koutras, D., Stergiopoulos, G., Dasaklis, T., Kotzanikolaou, P., Glynos, D., Douligeris, C.: Security in iomt communications: A survey. Sensors 20(17), 4828 (2020)

    Article  Google Scholar 

  37. Jagannathan, S., Sorini, A.: A cybersecurity risk analysis methodology for medical devices. In: IEEE Symposium on Product Compliance Engineering (ISPCE). IEEE 2015, pp. 1–6 (2015)

  38. Alsubaei, F., Abuhussein, A., Shiva, S.: A framework for ranking IoMT solutions based on measuring security and privacy. In: Proceedings of the Future Technologies Conference (FTC) 2018: Volume 1, Springer, pp. 205–224 (2019)

  39. Alzahrani, F.A., Ahmad, M., Ansari, M.T.J.: Towards design and development of security assessment framework for internet of medical things. Appl. Sci. 12(16), 8148 (2022)

    Article  Google Scholar 

  40. Lopatina, K., Dokuchaev, V., Maklachkova, V.: Data risks identification in healthcare sensor networks. In: 2021 International Conference on Engineering Management of Communication and Technology (EMCTECH), IEEE, pp. 1–7 (2021)

  41. Ksibi, S., Jaidi, F., Bouhoula, A.: A user-centric fuzzy ahp-based method for medical devices security assessment. In: 2022 15th International Conference on Security of Information and Networks (SIN), IEEE, pp. 01–07 (2022)

  42. Ahmed, M., Byreddy, S., Nutakki, A., Sikos, L.F., Haskell-Dowland, P.: ECU-IOHT: A dataset for analyzing cyberattacks in internet of health things. Ad Hoc Netw. 122, 102621 (2021)

  43. Malamas, V., Chantzis, F., Dasaklis, T.K., Stergiopoulos, G., Kotzanikolaou, P., Douligeris, C.: Risk assessment methodologies for the internet of medical things: a survey and comparative appraisal. IEEE Access 9, 40049–40075 (2021)

  44. Ksibi, S., Jaidi, F., Bouhoula, A.: IoMT applications perspectives: from opportunities and security challenges to cyber-risk management. In: Decision Making and Security Risk Management for IoT Environments. Springer, Berlin. pp. 21–37 (2023)

  45. Darwish, S., Nouretdinov, I., Wolthusen, S.D.: Towards composable threat assessment for medical IoT (MIoT). Procedia Comput. Sci. 113, 627–632 (2017)

    Article  Google Scholar 

  46. Shafiq, M., Tian, Z., Bashir, A.K., Du, X., Guizani, M.: CORRAUC: a malicious bot-IoT traffic detection method in IoT network using machine-learning techniques. IEEE Intern. Things J. 8(5), 3242–3254 (2020)

    Article  Google Scholar 

  47. Atuhurra, J., Hara, T., Zhang, Y., Sasabe, M., Kasahara, S.: Dealing with imbalanced classes in bot-IoT dataset, arXiv preprint arXiv:2403.18989 (2024)

  48. Churcher, A., Ullah, R., Ahmad, J., Ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., Buchanan, W.J.: An experimental analysis of attack classification using machine learning in IoT networks. Sensors 21(2), 446 (2021)

    Article  Google Scholar 

  49. McNeil, D.: Can Smart Thermometers Track the Spread of the Coronavirus? The New York Times, New York (2020)

    Google Scholar 

Download references

Funding

Not applicable.

Author information

Authors and Affiliations

  1. Innov’COM\Digital Security Research Lab, Higher School of Communications of Tunis, University of Carthage, Tunis, Tunisia

    Sondes Ksibi & Faouzi Jaidi

  2. National School of Engineers of Carthage, University of Carthage, Tunis, Tunisia

    Faouzi Jaidi

  3. Department of Next-Generation Computing, College of Graduate Studies, Arabian Gulf University, Manama, Kingdom of Bahrain

    Adel Bouhoula

Authors
  1. Sondes Ksibi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Faouzi Jaidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adel Bouhoula
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faouzi Jaidi.

Ethics declarations

Ethics approval

‘Not applicable’

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ksibi, S., Jaidi, F. & Bouhoula, A. MLRA-Sec: an adaptive and intelligent cyber-security-assessment model for internet of medical things (IoMT). Int. J. Inf. Secur. 24, 21 (2025). https://doi.org/10.1007/s10207-024-00923-y

Download citation

  • Published:

  • DOI: https://doi.org/10.1007/s10207-024-00923-y

Keywords

Search

Navigation