Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks
Abstract
:1. Introduction
2. Machine Learning
- Logistic regression: a statistical method for assessing the associations between several predictor variables (either continuous or categorical) and a binary result.
- Decision tree (DT): a supervised learning approach for regression and classification problems. The internal nodes, leaf nodes, branches, and root nodes make up its hierarchical tree structure.
- Naïve Bayes (NB): a classification method with an independent assumption among predictors that is based on Bayes’ theorem.
- Stochastic gradient descent (SGD): an iterative technique for maximizing an objective function with appropriate smoothness qualities.
- K-nearest neighbors (KNN): a non-parametric supervised-learning classifier that employs closeness to classify or anticipate how a single datum point will be grouped.
- Random forest (RF): a popular machine learning approach that aggregates the output of several decision trees to produce a single outcome.
- AdaBoost and CatBoost: boosting algorithms that create the final result by combining many simple models.
3. ERF-ABE for Detecting Attack Nodes
4. K-Means Clustering Algorithm for Classifying Attack Type
5. ERF-KMC Algorithm
- The server collects the message’s crucial features, like duration, FlowBytesSent, FlowSentRate, FlowBytesReceived, FlowReceivedRate, etc., with a total of 27 features.
- PCA is performed to reduce 27 features to 12.
- The ERF-ABE algorithm determines whether the message represents an attack.
- If the ERF-ABE detection indicates that the message is normal, the message is permitted into the server processes.
- If ERF-ABE detects an attack, the message information and the node’s IP are stored in the ERF-KMC memory.
- K-means then identifies the attack type, distinguishing between DDoS and MITM attacks.
- Based on the attack type, the ERF-KMC algorithm prevents messages by blocking the node’s IP, in the case of MITM attacks, or limits the broadcasting for DDoS attacks by sending the node’s IP to the cloud.
- The ERF-KMC algorithm prevents future messages from attack nodes by comparing the node’s IP to the IP addresses of attacking nodes stored by the ERF-KMC algorithm, thereby effectively preventing any more intrusion attempts.
6. Simulation Approach
6.1. Simulation Components
6.2. Simulation Experiments
7. Results and Discussion
7.1. Performance Evaluation and Security Analysis of Wireless Body
- Throughput: The amount of data that can be sent from one node to another within a given period. Data packets per time slot, data packets per second, and bits per second are the most common units of measurement. Several variables have an impact on the throughput of a network, such as a network’s node count, traffic load, and communication-channel bandwidth.
- Packet loss rate (PLR): A measurement of the proportion of data packets that are missed or lost during transmission. It is frequently stated as a percentage. The effectiveness of the communication channel, the volume of traffic on the network, and the routing algorithm all have an impact on the PLR.
- End-to-end delay (E2ED): The total amount of time a packet takes to travel from the time it is created by a source node to the time it is received by a destination node. Usually, it is expressed in seconds (s). The distance between the source and destination nodes, the number of hops in the path, and the amount of network traffic all have an impact on the E2ED.
7.2. Comparative Analysis of End-to-End Delay
7.3. Comparative Analysis of Packet Loss Rate
7.4. Comparative Analysis of Throughput
7.5. The Significance of Systematic Data Management and Comprehensive Documentation Practices
7.6. Discussion
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
ERF-KMC | Enhanced Random Forest Classifier with K-Means Clustering |
ERF-ABE | Enhanced Random Forest classifier for Achieving the Best Execution Time |
WBSNs | Wireless Body Sensor Networks |
IoMT | Internet of Medical Things |
MITM | Man-in-the-Middle |
PLR | Packet Loss Rate |
E2ED | End-to-End Delay |
References
- Kumar, A.; Singh, K.; Khan, T. L-RTAM: Logarithm based reliable trust assessment model for WBSNs. J. Discret. Math. Sci. Cryptogr. 2021, 24, 1701–1716. [Google Scholar] [CrossRef]
- Papaioannou, M.; Karageorgou, M.; Mantas, G.; Sucasas, V.; Essop, I.; Rodriguez, J.; Lymberopoulos, D. A survey on security threats and countermeasures in internet of medical things (IoMT). Trans. Emerg. Telecommun. Technol. 2022, 33, e4049. [Google Scholar] [CrossRef]
- Sami, I.; Ahmad, M.B.; Asif, M.; Ullah, R. DoS/DDoS Detection for E-Healthcare in Internet of Things. Int. J. Adv. Comput. Sci. Appl. 2018, 9, 297–300. [Google Scholar]
- Hady, A.A.; Ghubaish, A.; Salman, T.; Unal, D.; Jain, R. Intrusion detection system for healthcare systems using medical and network data: A comparison study. IEEE Access 2020, 8, 106576–106584. [Google Scholar] [CrossRef]
- Iwendi, C.; Anajemba, J.H.; Biamba, C.; Ngabo, D. Security of things intrusion detection system for smart healthcare. Electronics 2021, 10, 1375. [Google Scholar] [CrossRef]
- Kamble, P.; Gawade, A. Automation in Healthcare Using IoT and Cryptographic Encryption against DOS and MIM Attacks. In Advanced Computing Technologies and Applications, Proceedings of the 2nd International Conference on Advanced Computing Technologies and Applications—ICACTA, Mumbai, India, 28–29 February 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 97–105. [Google Scholar] [CrossRef]
- Hussain, F.; Abbas, S.G.; Shah, G.A.; Pires, I.M.; Fayyaz, U.U.; Shahzad, F.; Zdravevski, E. A framework for malicious traffic detection in IoT healthcare environment. Sensors 2021, 21, 3025. [Google Scholar] [CrossRef] [PubMed]
- Newaz, A.I.; Haque, N.I.; Sikder, A.K.; Rahman, M.A.; Uluagac, A.S. Adversarial attacks to machine-learning-based smart healthcare systems. In Proceedings of the GLOBECOM 2020—2020 IEEE Global Communications Conference, Taipei, Taiwan, 7–11 December 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Kore, A.; Patil, S. IC-MADS: IoT enabled cross layer man-in-middle attack detection system for smart healthcare application. Wirel. Pers. Commun. 2020, 113, 727–746. [Google Scholar] [CrossRef]
- Yaser, A.L.; Mousa, H.M.; Hussein, M. Improved DDoS Detection Utilizing Deep Neural Networks and Feedforward Neural Networks as Autoencoder. Future Internet 2022, 14, 240. [Google Scholar] [CrossRef]
- Wang, Y.; Li, Y.; Wang, X.; Zhao, X. A novel traffic generator for switch testing. In Proceedings of the 2015 International Conference on Environmental Engineering and Remote Sensing, Phuket, Thailand, 23–24 August 2015; pp. 66–69. [Google Scholar] [CrossRef]
- Megyesi, P.; Szabo, G.; Molnár, S. User behavior based traffic emulator: A framework for generating test data for DPI tools. Comput. Netw. 2015, 92, 41–54. [Google Scholar] [CrossRef]
- Mohamed, M.B.; Meddeb-Makhlouf, A.; Fakhfakh, A.; Kanoun, O. Secure and Reliable ML-based Disease Detection for a Medical Wireless Body Sensor Networks. Int. J. Biol. Biomed. Eng. 2022, 16, 196–206. [Google Scholar] [CrossRef]
- Lee, S.-H.; Shiue, Y.-L.; Cheng, C.-H.; Li, Y.-H.; Huang, Y.-F. Detection and Prevention of DDoS Attacks on the IoT. Appl. Sci. 2022, 12, 12407. [Google Scholar] [CrossRef]
- Jing, H.; Wang, J. Detection of DDoS Attack within Industrial IoT Devices Based on Clustering and Graph Structure Features. Secur. Commun. Netw. 2022, 2022, 1401683. [Google Scholar] [CrossRef]
- Allouzi, M.A.; Khan, J.I. Identifying and modeling security threats for IoMT edge network using markov chain and common vulnerability scoring system (CVSS). arXiv 2021, arXiv:2104.11580. [Google Scholar]
- Aljumaie, G.S.; Alzeer, G.H.; Alghamdi, R.K.; Alsuwat, H.; Alsuwat, E. Modern study on internet of medical things (IOMT) security. Int. J. Comput. Sci. Netw. Secur. 2022, 21, 254–266. [Google Scholar] [CrossRef]
- Si-Ahmed, A.; Al-Garadi, M.A.; Boustia, N. Survey of Machine Learning based intrusion detection methods for Internet of Medical Things. Appl. Soft Comput. 2023, 140, 110227. [Google Scholar] [CrossRef]
- Kumar, P.; Gupta, G.P.; Tripathi, R. An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks. Comput. Commun. 2021, 166, 110–124. [Google Scholar] [CrossRef]
- Binbusayyis, A.; Alaskar, H.; Vaiyapuri, T.; Dinesh, M. An investigation and comparison of machine-learning approaches for intrusion detection in IoMT network. J. Supercomput. 2022, 78, 17403–17422. [Google Scholar] [CrossRef]
- Hernandez-Jaimes, M.L.; Martinez-Cruz, A.; Ramírez-Gutiérrez, K.A.; Feregrino-Uribe, C. Artificial intelligence for IoMT security: A review of intrusion detection systems, attacks, datasets and Cloud-Fog-Edge architectures. Internet Things 2023, 23, 100887. [Google Scholar] [CrossRef]
- Faruqui, N.; Yousuf, M.A.; Whaiduzzaman, M.; Azad, A.; Alyami, S.A.; Liò, P.; Kabir, M.A.; Moni, M.A. SafetyMed: A Novel IoMT Intrusion Detection System Using CNN-LSTM Hybridization. Electronics 2023, 12, 3541. [Google Scholar] [CrossRef]
- Salem, O.; Alsubhi, K.; Shaafi, A.; Gheryani, M.; Mehaoua, A.; Boutaba, R. Man-in-the-Middle attack mitigation in internet of medical things. IEEE Trans. Ind. Inform. 2021, 18, 2053–2062. [Google Scholar] [CrossRef]
- Janiesch, C.; Zschech, P.; Heinrich, K. Machine learning and deep learning. Electron. Mark. 2021, 31, 685–695. [Google Scholar] [CrossRef]
- Al-Abadi, A.A.J.; Mohamed, M.B.; Fakhfakh, A. Robust and Reliable Security Approach for IoMT: Detection of DoS and Delay Attacks through a High-Accuracy Machine Learning Model. Int. J. Recent Innov. Trends Comput. Commun. 2023, 11, 239–247. [Google Scholar] [CrossRef]
- Al-Abadi, A.A.J.; Mohamed, M.B.; Fakhfakh, A. Impact Of Availability Attacks On Enabling IoT Based Healthcare Applications. In Proceedings of the 2023 International Wireless Communications and Mobile Computing (IWCMC), Marrakesh, Morocco, 19–23 June 2023; pp. 1666–1671. [Google Scholar] [CrossRef]
Logistic Regression | Decision Tree | Naïve Bayes | Stochastic Gradient Descent | K-Nearest Neighbors | Random Forest | |
---|---|---|---|---|---|---|
Execution time (s) | 0.047 | 0.071 | 0.088 | 0.042 | 28.255 | 3.795 |
Logistic Regression | Decision Tree | Naïve Bayes | Stochastic Gradient Descent | K-Nearest Neighbors | Random Forest | |
---|---|---|---|---|---|---|
Accuracy (%) | 89.73 | 98.41 | 79.98 | 88.66 | 99.05 | 99.13 |
Logistic Regression | Decision Tree | Naïve Bayes | Stochastic Gradient Descent | K-Nearest Neighbors | Random Forest | |
---|---|---|---|---|---|---|
Sensitivity (%) | 99.70 | 94.24 | 98.95 | 46.41 | 92.15 | 99.77 |
Random Forest | ERF-ABE | |
---|---|---|
Execution time (s) | 3.795 | 0.679 |
Accuracy (%) | 99.126 | 99.053 |
Sensitivity (%) | 99.772 | 99.701 |
ERF-ABE | AdaBoost | CatBoost | |
---|---|---|---|
Accuracy (%) | 99.053 | 92.654 | 98.855 |
Execution time (s) | 0.679 | 1.533 | 0.851 |
Logistic Regression | Decision Tree | Naïve Bayes | Stochastic Gradient Descent | K-Nearest Neighbors | Random Forest | AdaBoost | CatBoost | ERF-ABE | |
---|---|---|---|---|---|---|---|---|---|
Accuracy (%) | 91.357 | 99.178 | 88.57 | 93.142 | 99.568 | 99.894 | 95.891 | 99.304 | 99.845 |
Execution time (s) | 0.105 | 0.108 | 0.12 | 0.09 | 25.78 | 2.458 | 1.547 | 0.754 | 0.551 |
Sensitivity (%) | 99.265 | 95.784 | 97.87 | 66.48 | 93.54 | 99.359 | 97.152 | 99.125 | 99.282 |
Precision (%) | 99.325 | 69.45 | 98.154 | 88.51 | 98.48 | 99.651 | 98.654 | 99.452 | 99.564 |
Parameter | Value |
---|---|
Network simulator | Python version 3.11.4 |
Network area | 2000 m × 2000 m |
Network components | Five base stations, two routers, cloud, server |
Simulation time | 300 s |
Number of nodes | 25, 50, 100 nodes |
Number of attacks | 20% of total nodes |
Packet size | 512 B |
Node mobility | Random |
Transmission protocol | TCP protocol |
Attack types | DDoS and MITM |
Machine learning | ERF-KMC |
Time | Node_ID | IP_Address | Flow-BytesSent | Flow-SentRate | … | Flag | Type |
---|---|---|---|---|---|---|---|
2.95939 | 90 | 192.168.1.92 | 9132 | 356.45742 | … | 1 | MITM |
2.99429 | 93 | 192.168.1.95 | 1579 | 85.150962 | … | 1 | MITM |
1.47790 | 14 | 192.168.1.16 | 110 | 2.4418721 | … | 0 | |
3.02530 | 81 | 192.168.1.83 | 1153 | 260.62075 | … | 1 | MITM |
3.03020 | 82 | 192.168.1.84 | 166736 | 1382.3347 | … | 1 | DDoS |
3.03320 | 97 | 192.168.1.99 | 52721 | 439.27005 | … | 1 | DDoS |
6.98640 | 60 | 192.168.1.62 | 342 | 5.7868757 | … | 0 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Al-Abadi, A.A.J.; Mohamed, M.B.; Fakhfakh, A. Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks. Computers 2023, 12, 262. https://doi.org/10.3390/computers12120262
Al-Abadi AAJ, Mohamed MB, Fakhfakh A. Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks. Computers. 2023; 12(12):262. https://doi.org/10.3390/computers12120262
Chicago/Turabian StyleAl-Abadi, Abdullah Ali Jawad, Mbarka Belhaj Mohamed, and Ahmed Fakhfakh. 2023. "Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks" Computers 12, no. 12: 262. https://doi.org/10.3390/computers12120262