关键词: 医疗物联网, 入侵检测, 深度学习, 异常检测, 未知攻击

Abstract: Abstract: Aiming at the problems that the intrusion detection methods of Internet of Medical Things (IoMT) rely on the balance of data samples, the misuse detection based on supervised learning cannot cope with unknown attacks, and the false alarm rate of anomaly detection based on unsupervised learning is high, an intrusion detection method with multi-stage fusion for Internet of Medical Things was proposed. First, a feature extraction method that adds header information and payload to the bidirectional flow features was adopted to reduce the dependence on the balance of data samples; Then, a three-stage intrusion detection framework was designed by combining supervised and unsupervised methods. The unsupervised learning AutoEncoder (AE) model was used to filter benign traffic and detect unknown attacks. The supervised learning hybrid model of Convolutional Neural Network (CNN), Gated Recurrent Unit (GRU) and attention mechanism (Attention) was used to detect known attacks and reduce false alarms,in order to improve the detection performance. The experimental results show that the intrusion detection system(MTIDS) constructed by the proposed method achieves 99.96% detection accuracy and 93.78% F1 value on the CICIoMT2024 and CICIoT2023 datasets. Compared with intrusion detection of single supervised or unsupervised models such as AE, MTIDS has an improvement of 0.82 percentage points in accurary and 5.58 percentage points in F1 value, which validates the accuracy of this method in detecting known and unknown attacks.

Key words: Internet of Medical Things (IoMT), intrusion detection, deep learning, anomaly detection, unknown attack