Federated Bayesian optimization XGBoost model for cyberattack detection in internet of medical things

Background

Hospitals and medical facilities are increasingly concerned about network security and patient data privacy as the Internet of Medical Things (IoMT) infrastructures continue to develop. Researchers have studied customized network security frameworks and cyberattack detection tools driven by Artificial Intelligence (AI) to counter different types of attacks, such as spoofing, data alteration, and botnet attacks. However, carrying out routine IoMT services and tasks during an under-attack scenario is challenging. Machine Learning has been extensively suggested for detecting cyberattacks in IoMT and IoT infrastructures. However, the conventional centralized approach in ML cannot effectively detect newly emerging attacks without compromising patient data privacy and network flow data confidentiality.

Aim

This study discusses a Federated Bayesian Optimization XGBoost framework that employs multimodal sensory signals from patient vital signs and network flow data to detect attack patterns and malicious network traffic in IoMT infrastructure while ensuring data privacy and detecting previously unknown attacks.

Methodology

The proposed model employs a Federated Bayesian Optimisation XGBoost approach, which allows us to search the parameter space quickly and find an optimal solution from each local server while aggregating the model parameters from each local server to the centralised server. The XGBoost algorithm generates a new tree by taking into account the previously estimated value for the tree's input data and then optimizing the prediction gain. This study used a dataset with 44 attributes and 16 318 instances. During the preprocessing phase, 10 features were dropped, and the remaining 34 features were used to evaluate the network flows and biometric data (patient vital signs).

Results

The performance evaluation reveals that the proposed model predicts data alteration, malware, and spoofing attacks in patients' vital signs and network flow data with a prediction accuracy of 0.96. The results obtained from the experiment demonstrate that both the centralized and federated models are synchronized, with the latter occasionally being slightly reduced.

Conclusion

The findings indicate that the suggested model can be incorporated into the IoMT domain to detect malicious patterns while maintaining data privacy and confidentiality efficiently.