Enhanced Anomaly Detection in IoMT Networks using Ensemble AI Models on the CICIoMT2024 Dataset

TL;DR

This paper presents a real-time anomaly detection framework for IoMT networks using ensemble AI models and the CICIoMT2024 dataset, integrating multi-protocol and device-specific data for improved cybersecurity.

Contribution

It introduces an ensemble AI approach combining multiple models to enhance anomaly detection accuracy in IoMT networks, addressing diverse protocols and attack types.

Findings

Ensemble model reduces false positive rates.

Sequential models effectively capture time dependencies.

Unsupervised models perform well in general anomaly detection.

Abstract

The rapid proliferation of Internet of Medical Things (IoMT) devices in healthcare has introduced unique cybersecurity challenges, primarily due to the diverse communication protocols and critical nature of these devices This research aims to develop an advanced, real-time anomaly detection framework tailored for IoMT network traffic, leveraging AI/ML models and the CICIoMT2024 dataset By integrating multi-protocol (MQTT, WiFi), attack-specific (DoS, DDoS), time-series (active/idle states), and device-specific (Bluetooth) data, our study captures a comprehensive range of IoMT interactions As part of our data analysis, various machine learning techniques are employed which include an ensemble model using XGBoost for improved performance against specific attack types, sequential models comprised of LSTM and CNN-LSTM that leverage time dependencies, and unsupervised models such as Autoencoders and Isolation Forest that are good in general anomaly detection The results of the experiment prove with an ensemble model lowers false positive rates and reduced detections.