1. Introduction
The rapid advancement in IoT technology plays a vital role in the healthcare sector, making the term IoMT more prevalent [
1]. Moreover, the development of high-speed network systems and the growing use of portable monitors, smartphones, wearable devices, and electronic health records in healthcare contribute to the tremendous growth of IoT devices in the healthcare sector [
2]. Integrating IoT devices in healthcare systems increases system interconnectivity and interoperability, allowing collaboration between isolated systems within the healthcare domain [
3]. Furthermore, it pushes toward transferring to the decentralized infrastructure since the computation and services can be processed through IoMT devices. However, IoT devices are susceptible and vulnerable to various security risks and attacks; they can be easily compromised since they lack self-protection capabilities. Recent research found that over 90% of IoT devices transmit data insecurely, meaning that 57% are vulnerable to attacks that leak sensitive data [
4]. Cyberattacks can pose a threat not only to the operated IoMT devices but also to human lives [
5].
Figure 1 illustrates the architecture of the IoMT and presents its common components. In addition, the figure shows how the IoMT is vulnerable to cyberattacks, as these attacks can be launched against any element of the model without security mechanisms. As shown in the figure, a threat actor can establish a cyberattack at various points of the architecture. For example, a threat actor could inject malicious data into the sensor measurements, transmitting inaccurate data to the receiver devices. In addition, a cyberattack can be launched on IoMT devices in the fog layer. Therefore, a security solution is required to identify cyberattacks and protect the integrity of information transferred or held in the fog or cloud layers [
6]. Several cyberattacks, including Denial of Service (DDoS) attacks, Injection attacks, Data leakage, and sensor assaults, can target IoMT systems. Thus, the security of IoMT considers a considerable challenge and more research is needed in this field.
Several research studies have been conducted to enhance the security of IoMT by using several technologies, including ML and blockchain [
7]. Researchers generally utilize three ML taxonomies: unsupervised, supervised, and reinforcement learning. Supervised learning is used when the model’s output is known and labeled; however, relationships between the input data are not always known. Unsupervised learning is the opposite approach to supervised learning, as the model’s output is unknown. In addition, during the training time, the output class of unsupervised learning is not labeled. Finally, reinforcement learning is used when the model can gain experience through its operational environment and learn based on trial and error [
8]. Machine learning can be utilized to develop intrusion detection systems (IDS) and intrusion classification systems (ICS) to tackle cyberattacks [
9]. IDS is typically used as a binary classification method to scan through data and distinguish between normal data and malicious data. In contrast, ICS is used to detect multiclass data, making it helpful in identifying different types of cyberattacks. To mitigate cyberattacks targeting IoMT devices, ML models based on artificial neural networks and blockchain can be employed.
A tri-layered neural network (TNN), called a three-layer feedforward neural network, is an artificial intelligence model comprising an input, hidden, and output layer [
10]. The input layer receives input data from several resources, such as sensors then the hidden layer obtains the data from the input layer for processing and computation purposes. A TNN can have multiple hidden layers to handle the complex nonlinear relationships of system inputs and outputs to devise the best decision boundaries [
11]. Eventually, the computation result of the hidden layer is submitted to the output layer.
TNN may be utilized to recognize and prevent cyberattacks in IoMT security by monitoring device activity and interactions. TNN may also be used to construct a predictive security model to detect and classify cyberattacks, which can assist in improving the security of the IoMT network. Furthermore, the TNN performs anomaly detection to identify malicious data collected from medical sensors. Therefore, cyberattacks are detected and removed from the IoMT systems before data is analyzed in the fog layer.
Blockchain is a groundbreaking technology first introduced by Satoshi Nakamoto in 2008 [
12]. It consists of a chain of blocks that holds information. Blockchain is a decentralized and distributed infrastructure that enables secure and transparent transactions without intermediaries [
13]. It is not limited to being used only with cryptocurrencies but can also be employed in various other applications, such as IoT, healthcare, and energy sectors [
14]. For example, in IoT security, blockchain may be utilized to construct a decentralized devices network capable of securely exchanging information and transactions [
15]. It becomes significantly more challenging for hackers to breach the security of a system built based on the blockchain’s decentralized structure [
16]. Furthermore, blockchain enables the creation of smart contracts that may be used to autonomously enforce security standards in an IoT network [
17].
Furthermore, using a decentralized system overcomes some drawbacks of the centralized system, such as a single point of failure, since centralized infrastructure relies on the client and server approach, which means all devices need to be authorized by a server [
18]. Blockchain is a peer-to-peer network that allows communication between untrusted devices without a third party [
1]. Therefore, data exchanged between the devices can be maintained and tracked without a centralized server. To add new data to the blockchain, users must solve a cryptographic puzzle (proof of work). Blockchain consists of N blocks; the first is called the Genesis block. Blockchain data is stored chronologically, and the information is held in the blocks and linked to each other through the chain. Participants can view the transaction; however, each user’s identity is kept secret.
This paper utilised a neural network with multiple hidden layers because it learns efficiently from vast quantities of data, unlike a neural network with a single hidden layer. Therefore, hidden layers collaborate to learn more about the complex relationship between the input and the output [
11]. Furthermore, the blockchain model is used to distribute the data after it has been cleared from a cyberattack to the IoMT devices in the fog layer. This ensures the security of the transactions since they cannot be altered, increasing the data’s trust and integrity. Therefore, this research proposes a resilient security framework that combines a TNN model and blockchain technology to leverage the security of IoMT.
The main contributions of this paper can be summarized as the following:
Reviewing recent state-of-the-art methods used to enhance the security of the IoMT.
Using a TNN to perform anomaly detection procedures for identifying normal data (true data) and malicious data (cyberattacks) collected from medical sensors.
Utilizing a blockchain-based scheme for non-financial applications to simulate blockchain activity in fog nodes of the IoMT to enhance the data’s integrity and privacy.
Proposing a security framework for IoMT that combines the power of TNN and blockchain. The TNN is utilized for anomaly detection to capture data injected with a cyberattack. Blockchain maintains the integrity and privacy of the data to ensure that stored and transmitted data cannot be altered.
The dataset called ICUDatasetProcessed [
19] was used to test and validate the performance of the proposed framework. The results show that the TNN model recorded 99.99% on the F1-score accuracy metric. In addition, the blockchain-based scheme offers the expected results.
This paper is structured as follows:
Section 2 presents the most current security methods used to leverage the security of the IoMT systems.
Section 3 provides information about the dataset for assessing this research’s proposed framework.
Section 4 discusses and explains the research methodology, TNN, and blockchain technology.
Section 5 investigates the result and discussion found in this research. Finally,
Section 6 provides a conclusion to this research work.
2. Related Work
This section presents the up-to-date security methods and strategies utilized to enhance the security of IoT devices. Also, it reviews recent technology used to mitigate malicious activities conducted through IoT devices targeting healthcare systems.
Artificial Intelligence (AI) is a common approach used by researchers for protecting IoT devices from threat actors, which provides detection techniques to scan for unusual activities. Several AI models exist, such as neural networks (NN), linear regression, and support vector machines (SVM) [
20]. In the research [
21], the authors used deep learning models to detect the DDoS targeting IoT systems using CICIDS2017 datasets. The authors implemented four deep-learning approaches: long short-term memory (LSTM), convolutional neural network (CNN), and CNN + LSTM. Among these deep learning approaches, CNN + LSTM achieved the highest accuracy, 97.16%.
The authors in [
9] utilized feature engineering techniques to improve ML’s detection and classification accuracy. The authors employed several ML models to identify cyberattacks such as DoS, Mirai, Scan, and man-in-the-middle (MITM) attacks in IoT systems. The authors used Support Vector Machine (SVM), Shallow Neural Networks (SNNs), K-Nearest Neighbor (KNN), Decision Trees (DT), and Bagged Trees (BT). To evaluate their models, they used the IoTID20 dataset. As a result, the accuracy of their ML models ranged between 99.40% to 100%.
The authors in [
17] proposed a data security paradigm in an IoT platform incorporating a deep neural network and blockchain. As a result, the platform improves performance regarding latency and accuracy. Furthermore, the work in [
22] presented the security architecture of the IoT platform to deliver secure and scalable IoT data for the IoT platform in a decentralised manner. This technology addresses the problem of centralized data in an IoT network.
The study [
23] explored the vulnerability of IoT in three layers: the terminal, network, and application layers. Different devices are connected through the network layer in the terminal layer, which transmits data to the cloud. To tackle that issues, the authors utilized blockchain technology to provide decentralized security for IoT devices without needing a third party. The study also uses verification and machine learning techniques to detect unusual network activity.
The authors in [
24] proposed a security mechanism based on the InterPlanetary File System (IPFS) and a blockchain network. IPFS is a cluster node primarily used to authenticate patients and their medical devices. The blockchain network is responsible for securing the transferred data between agents such as patients and doctors. Patients and medical devices are initially registered and authenticated before being submitted to the blockchain network through IPFS. Then, the authority and authenticity of the registered patients and medical devices are synchronized. Finally, the information is disseminated into the blockchain to allow the secure transmission of data among different users.
The authors of this study [
25] designed an IoMT security evaluation framework (IoMT-SAF) according to web-based applications. Therefore, the stakeholders such as system administrators, patients, and medical professionals through IoMT can examine the degree of security of the IoMT solutions. IoMT solution refers to medical devices’ services and platforms. Medical devices come in different types, for example, wearable devices such as heart monitors, implantable devices such as cardiac function monitors, ambient such as door sensors, and stationery such as computerized tomography scanners. Services refer to web or mobile applications and can be used to analyze data—platforms for facilitating and managing smart devices and applications. Then based on the scenario that the stakeholders selected, the system will show the possible security risks and recommended countermeasures.
Azeem et al. [
26] proposed an Efficient and Secure Data Transmission and Aggregation (ESDTA) model to enhance the security of the IoMT a the remote healthcare system. Their methods employ Secure Message Aggregation (SMA) and Security Message Decryption (SMD) algorithms to ensure aggregated and transmitted data security. Data aggregation decreases redundant communications while enabling efficient use of bandwidth and energy. However, data aggregation needs a security mechanism hence a symmetric key is used to encrypt the data in the sensor node, which is then encrypted in the fog node. In the beginning, sensor measurements of wearable devices such as blood pressure, body temperature, and oxygen level are collected and aggregated in a data collector node, a mobile node. Then, data is encrypted and transmitted to the fog node. After that, the data is decrypted and sent to the cloud node for storage and analytical purposes. Finally, doctors can access patient data for diagnosis.
According to several research papers, most IoMT approaches rely on a centralized cloud server [
27]. However, this will not cope with the tremendous growth of IoT devices in the healthcare domain. Therefore, blockchain technology can be exploited to move toward a decentralized architecture. Hence, transmitted data is safely stored in peers rather than a centralized server, exposed by a singular point of failure.
In this paper [
28], the authors introduced a blockchain model with IoT devices to increase the security and privacy of patient data collected by medical sensors, which doctors can access remotely. In the scenario, the authors considered that the patients use wearable devices to monitor health data such as heartbeats, sleeping conditions, and walking distance. The collected sensor data is sent to the smart contracts responsible for analyzing the received data. Smart contracts are automation algorithms on the blockchain to increase trust without relying on a third party. If a specific condition is met, an alert is sent from the smart contracts to the patient.
Meanwhile, the alert is transmitted to the cloud server, which confirms the digital signature of the node, and if the node is not verified, then the alert is ignored. Next, the hash function is calculated at the cloud server, and then data is transferred to the overlay, a peer-to-peer network consisting of cluster nodes. The overlay network has two types of nodes: patient devices and healthcare providers.
Table 1 contains a list of security methods discussed in the related work section.
Overall, the related work focused on security methods used to enhance the security of IoMT, which were implemented based on an ML model and blockchain technology. However, this research proposes a resilient security framework that integrates ML and blockchain technology to ensure the security of IoMT.
3. Dataset
This section introduces the ICUDatasetProcessed [
19] dataset, which is used to test and validate the proposed security framework in this research. First, the use case scenario for collecting the dataset, as employed by the authors [
19], is discussed. Subsequently, statistical information about the dataset is presented.
The IoMT dataset was generated using IoT-Flock, an open-source tool that can generate IoT synthetic traffic with many scenarios depending on a user’s choice [
29]. The scenario created by the authors of the ICUDatasetProcessed dataset is based on an Intensive Care Unit (ICU).
The following medical devices were used in the ICU scenario:
ECG monitoring: this device is used to monitor the heart rate.
Electromyography (EMG) Sensor is used for measuring the electrical signal produced by the muscles.
Infusion Pump: this device is used to deliver medications or nutrients.
AirFlow Sensor is utilized for measuring the patient’s breathing level.
Pulse Oximeter (SPO2): this device can be placed on the finger of the patient to measure the Oxygen level.
Glucometer: It measures the amount of glucose within the blood.
A blood pressure device is utilized for checking the individual’s blood pressure.
The Galvanic Skin Response (GSR) Sensor measures the skin’s electric signal.
Finally, a body Temperature Sensor is used for measuring the temperature of an individual’s body.
The following environmental sensors were used in the ICU scenario:
An air humidity sensor is utilized for measuring the air’s humidity.
Air temperature sensor: it calculates the temperature of the air.
CO sensor: this device is used to sense the carbon monoxide level in the ICU room.
Fire sensor: this device detects fire or flame in the ICU room.
Smoke sensor: this device is used to detect the level of smoke in the ICU room.
Barometer: this device measures the air pressure in the ICU room.
Solar radiation sensor: this device is used to measure the power of the heat of the light or the sun.
There are four cyberattacks generated at the application layer: MQTT DDoS, MQTT publishes flood attack, brute force attack, and SlowITE attack. MQTT is an acronym for Message Queuing Telemetry Transport. MQTT is a publisher and subscriber protocol used for message queuing at the application layer in IoT systems [
30]. All four cyberattacks are labeled as attacked data in the dataset.
The dataset contains 42 features and 187,643 records. In addition, it consists of three labels: patient monitoring, environment monitoring, and cyberattack.
Table 2 lists a statistical summary of the dataset records. There are 108,568 records labeled as normal data and 79,075 as malicious data.
5. Result and Discussion
Our solution combines the TNN and blockchain models. The TNN is responsible for detecting cyberattacks in the data collected from medical sensors. The blockchain model distributes and stores the data after being vetted and cleared of cyberattacks in the fog layer. Therefore, malicious data is detected and discarded by the TNN model before transmitting normal or clear data to the blockchain model. In other words, we use the blockchain algorithms to manage and store the normal or clear data acquired from the dataset Comma-Separated Values (CSV) file after data is filtrated by the TNN model.
The TNN model was evaluated using a confusion matrix to calculate the accuracy of the TNN. The general form of the confusion matrix is shown in
Figure 6. True positive (TP) means the TNN successfully classified normal sensor data as normal. True negative means the TNN was able to classify malicious data as anomalous. However, false positive (FP) means the TNN mistakenly classified normal sensor data as malicious. Finally, a false negative (FN) means the TNN mistakenly classified malicious data as normal [
39].
The detection result of the TNN model is represented in
Figure 7. Label 0 in the figure refers to normal data, and Label 1 refers to attacked data. TNN detector could classify 32,568 records of the tested data as normal and only missed classifying two records as attacked data. However, the model successfully classified all attacked data as attacked data. The classification accuracy was calculated using Equation (1), and the TNN model scored 99.99% [
40].
Also, the multiclassification result of the TNN model was computed in this study, as shown in
Figure 8. The reason for studying the multiclassification problem using the TNN model is to identify the class of data collected by the medical sensors. As mentioned in the dataset section, the ICUDatasetProcessed dataset consists of three categories: patient monitoring, environment monitoring, and cyberattack. The TNN classifier was able to categorize attacked data with zero misclassification instances. In addition, only three records of patient monitoring data were misclassified. However, 441 environmental monitoring records were mistakenly classified; meanwhile, the classification accuracy of the TNN classifier is 99.2%.
Researchers usually do not rely solely on classification accuracy. For that reason, F1-score is calculated using Equation (4). One way to easily calculate F1-score is by first calculating precision and recall, as shown in Equations (2) and (3). For example, the TNN detector model precision recorded 99.99%, recall recorded 100%, and the F1-score for the model was 99.99% [
36]. Similarly, the precision, recall, and F1-score metrics were calculated for the TNN classifier. The model scored 99.36% on precision, 98.45% on recall, and 98.91% on F1-score.
It can be observed that the TNN model achieved high accuracy based on the accuracy metrics discussed above; therefore, TNN can serve this research purpose as a detection model. To validate the performance of the TNN model, we compared our results with those of Hussian et al. [
19]. We chose to compare our findings with [
19] because the authors used the same dataset as we did in this research, ensuring a fair comparison.
Table 3 lists various detection models implemented based on ML algorithms to detect cyberattacks in the dataset ICUDatasetProcessed. Regarding the classification accuracy metric, our proposed TNN scored the highest results compared with the rest of the detection models. The Naive Bayes (NB) scored the lowest classification accuracy, precision, and F1-score results, but the TNN achieved the highest result in each metric. K-Nearest Neighbors (KNN) Random Forest (RF), Adaboost (AB), Logistic Regression (LogR), and Decision Tree (DT) scored very close results to the TNN. Overall, by looking at
Table 3, we can observe that TNN outperforms other ML models based on accuracy, precision, recall, and F1-score metrics. The closest model in terms of performance to our model is RF.
Figure 9 and
Figure 10 show samples of the JSON output of two consecutive blocks in the blockchain network recorded from Python. JSON stands for JavaScript Object Notation, a textual representation of transporting and storing data [
41]. JSON, which is a language-independent data format, can be used to transfer data between computers using any programming language. We used JSON to enable data interchange between peers and to enhance system interoperability.
Figure 9 represents the data extracted from the CSV file after data preparation and filtration by the TNN model. The practical blockchain environment and implementation are based on the foundational model of designing a public blockchain scheme, first introduced in Nakamoto’s paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System”.
Figure 9 shows a block sample with the following parameters: hash, previous_hash, difficulty, nonce, timestamp, and transactions. The transactions parameter has several transactions determined by the size of the block. In our case, we assumed that each block could contain up to 35 transactions, but users can customize this number based on the capacity of the IoMT devices.
Figure 10 represents a second block sample, and we noticed that the previous_hash parameter matches the hash value in
Figure 9 because the two block samples are consecutive.