MediHunt: A Network Forensics Framework for Medical IoT Devices

TL;DR

MediHunt is a network forensics framework that uses machine learning to detect cyber-attacks on MQTT-based Medical IoT devices in real-time, addressing data log limitations and improving security.

Contribution

The paper introduces MediHunt, a novel real-time attack detection framework for MIoT devices using ML trained on a custom flow-based dataset, enhancing forensic capabilities.

Findings

F1 scores and detection accuracy exceeded 0.99

Effective real-time attack detection on MQTT-based MIoT devices

Addresses data log limitations in resource-constrained MIoT devices

Abstract

The Medical Internet of Things (MIoT) has enabled small, ubiquitous medical devices to communicate with each other to facilitate interconnected healthcare delivery. These devices interact using communication protocols like MQTT, Bluetooth, and Wi-Fi. However, as MIoT devices proliferate, these networked devices are vulnerable to cyber-attacks. This paper focuses on the vulnerabilities present in the Message Queuing Telemetry and Transport (MQTT) protocol. The MQTT protocol is prone to cyber-attacks that can harm the system's functionality. The memory-constrained MIoT devices enforce a limitation on storing all data logs that are required for comprehensive network forensics. This paper solves the data log availability challenge by detecting the attack in real-time and storing the corresponding logs for further analysis with the proposed network forensics framework: MediHunt. Machine learning (ML) techniques are the most real safeguard against cyber-attacks. However, these models require a specific dataset that covers diverse attacks on the MQTT-based IoT system for training. The currently available datasets do not encompass a variety of applications and TCP layer attacks. To address this issue, we leveraged the usage of a flow-based dataset containing flow data for TCP/IP layer and application layer attacks. Six different ML models are trained with the generated dataset to evaluate the effectiveness of the MediHunt framework in detecting real-time attacks. F1 scores and detection accuracy exceeded 0.99 for the proposed MediHunt framework with our custom dataset.