In the context of the Internet of Things (IoT), particularly within medical facilities, the detection and categorization of Internet traffic remain significant challenges. While conventional methods for IoT traffic analysis can be applied, obtaining suitable medical traffic data is challenging due to the stringent privacy constraints associated with the health domain. To address this, this study proposes a network traffic simulation approach using an open-source tool called IoT Flock, which supports both CoAP and MQTT protocols. The tool is used to create a synthetic dataset, to simulate IoT traffic originating from various smart devices in different hospital rooms. The study shows a complete anomaly detection analysis of IoT-Flock-generated traffic, both normal and malicious, by leveraging and comparing traditional machine learning techniques, deep learning models with multiple hidden layers, and explainable artificial intelligence techniques. The results are very promising. For the binary classification, for example, the obtained accuracy is close to in the case of the CoAP protocol. Good results are also obtained when the multinomial classification is performed, observing that CoAP packets are classified better than MQTT packets, even if the identification of the different MQTT packets reaches very high metrics for the most of the considered algorithms. Moreover, the obtained classification rules are also meaningful in the considered IoT context. The results indicate that IoT-Flock synthetic data can effectively be used to train and test machine and deep learning models for detecting abnormal IoT traffic in medical scenarios. This research attempts also to bridge the gap between IoT security and healthcare, providing useful insights into securing medical IoT networks in general.
Explainable Anomaly Detection of Synthetic Medical IoT Traffic Using Machine Learning
Pecori, Riccardo
;Veltri, Luca
2024-01-01
Abstract
In the context of the Internet of Things (IoT), particularly within medical facilities, the detection and categorization of Internet traffic remain significant challenges. While conventional methods for IoT traffic analysis can be applied, obtaining suitable medical traffic data is challenging due to the stringent privacy constraints associated with the health domain. To address this, this study proposes a network traffic simulation approach using an open-source tool called IoT Flock, which supports both CoAP and MQTT protocols. The tool is used to create a synthetic dataset, to simulate IoT traffic originating from various smart devices in different hospital rooms. The study shows a complete anomaly detection analysis of IoT-Flock-generated traffic, both normal and malicious, by leveraging and comparing traditional machine learning techniques, deep learning models with multiple hidden layers, and explainable artificial intelligence techniques. The results are very promising. For the binary classification, for example, the obtained accuracy is close to in the case of the CoAP protocol. Good results are also obtained when the multinomial classification is performed, observing that CoAP packets are classified better than MQTT packets, even if the identification of the different MQTT packets reaches very high metrics for the most of the considered algorithms. Moreover, the obtained classification rules are also meaningful in the considered IoT context. The results indicate that IoT-Flock synthetic data can effectively be used to train and test machine and deep learning models for detecting abnormal IoT traffic in medical scenarios. This research attempts also to bridge the gap between IoT security and healthcare, providing useful insights into securing medical IoT networks in general.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.