Real-time anomaly detection in IoMT networks using stacking model and a healthcare-specific dataset

The Internet of Medical Things (IoMT) connects medical devices to enable real-time monitoring and personalized care, significantly enhancing patient health and well-being. However, this connectivity also introduces substantial cybersecurity risks, including various attack types that compromise data integrity and availability, jeopardizing patient safety and healthcare service reliability. This study addresses these challenges by proposing a real-time anomaly detection model based on machine learning (ML) techniques, designed to detect and mitigate diverse cyber threats effectively. This paper proposes a new medical dataset for anomaly detection, inspired by the UNSW-NB15 dataset, and enriched with healthcare-relevant attack types, including falsification and DoS attacks, to reflect real-world IoMT scenarios. The dataset comprises 253680 records, with 60% anomalous data distributed across multiple attack types, offering a more challenging and realistic environment for evaluating ML models. Seven machine learning algorithms, including Random Forest, XGBoost, and Artificial Neural Networks (ANN), were rigorously tested, leading to the development of a novel stacking ensemble model. This model integrates XGBoost as the meta-learner with Random Forest and ANN as base models, leveraging their strengths to optimize anomaly detection. The proposed model was evaluated on both the UNSW-NB15 and the new medical dataset, achieving significant improvements across key metrics such as accuracy, precision, recall, and F1-score. A real-time prediction analysis further demonstrated its ability to detect anomalies efficiently during live data transmission, validating its suitability for detecting anomalies in real-time scenarios.

Mots clés

• anomaly detection
• intrusion detection system
• Internet of Medical Things
• medical dataset with anomalies
• machine learning
• healthcare security