Content uploaded by Vinayakumar Ravi
Author content
All content in this area was uploaded by Vinayakumar Ravi on Oct 08, 2023
Content may be subject to copyright.
IEEE INTERNET OF THINGS MAGAZINE 1
Deep learning-based Network Intrusion Detection
System for Internet of Medical Things
Vinayakumar Ravi, Tuan D. Pham, Mamoun Alazab
Abstract—This paper presents a deep learning-based approach
for network-based intrusion detection in the Internet of medical
things (IoMT) systems using features of network flows and patient
biometrics. The proposed approach effectively learns optimal
feature representation by passing the information of network
flows and patient biometrics into more than one hidden layer
of deep learning. The network includes a global attention layer
which helps to effectively extract the optimal features from the
spatial and temporal features of deep learning. To avoid data
imbalance, a cost-sensitive learning approach is integrated into
the deep learning model. The proposed model showed a 10-fold
cross-validation accuracy of 95% on network features, 89% on
patient biometrics, and 99% on combined features. In addition to
the IoMT environment, the robustness and generalization ability
of the proposed model is shown by conducting experiments on
other network-based intrusion datasets. The proposed approach
outperformed the existing methods in all the test cases mainly
showing a 3.9% higher accuracy on the IoMT intrusion dataset.
The proposed model can be used as an IoMT network monitoring
tool to safeguard the IoMT devices and networks from attackers
inside the healthcare and medical environment.
Index Terms—Healthcare, IoMT, cybersecurity, intrusion de-
tection, deep learning
I. INTRODUCTION
Recent advancements in information and communication
technologies enabled healthcare professionals and patients to
access Internet of things (IoT)-based medical (IoMT) devices
via Internet services. The recent literature on the global market
shows that the growth of the IoMT market is expected to
account for $135B by 2025 [1]. On the other hand, IoMT
devices and their networks have become a prime target for
cyberattacks by attackers globally. Since the IoMT devices are
not being designed with security in mind, most of the IoMT
devices are vulnerable to exploits. In 2021, 72% malicious
traffic targeted healthcare and IoMT devices and networks.
Overall, 40% increase in healthcare cyberattacks in the year
2021, and 81% of healthcare providers have revealed one or
more IoMT systems have been compromised [2]. These figures
on IoMT show that security plays an important role in securing
the patient’s data in IoMT systems and networks.
Due to the complexity, less memory, and heterogeneity of
IoMT devices and networks, the existing security solutions
of information technology (IT) cannot be easily adopted.
Vinayakumar Ravi is with the Center for Artificial Intelligence,
Prince Mohammad Bin Fahd University, Khobar, Saudi Arabia. e-mail:
(vravi@pmu.edu.sa).
Tuan D. Pham is with the Center for Artificial Intelligence, Prince Moham-
mad Bin Fahd University, Khobar, Saudi Arabia.
Mamoun Alazab is with the College of Engineering, IT & Environment,
Charles Darwin University, Casuarina, NT, Australia.
Corresponding Author: Vinayakumar Ravi
Cryptography-based encryption and decryption techniques,
authentication, and trust-based techniques were employed in
the beginning days of IoMT security. A literature survey
shows that in recent days intrusion detection is used as an
alternative to cryptographic solutions. Because cryptographic
solutions are difficult to implement in less memory IoMT
devices. An intrusion detection system (IDS) is a network
monitoring tool that can continuously monitor a single or a
network of computers in an IoMT environment and alerts the
system admin if there are any malicious activity and suspicious
behavior inside a healthcare organization [3]. Network-based
and host-based IDS are two types, but this work deals with
network-based IDS [4]. This is mainly due to the reason
that the IoMT devices don’t have sufficient memory, so
the deployment of host-based IDS is not preferred, instead,
network-based IDS can be placed at the network point in
the IoMT gateway. Rule-based and anomaly-based intrusion
detection was the most commonly used system to detect and
classify the attacks [2]. The rule-based systems are accurate
in detecting the existing patterns of attacks. Though rule-
based systems are not effective at detecting the unknown and
variants of existing attacks, rule-based systems are preferred
over anomaly-based systems. This is mainly due to the reason
that anomaly-based systems rise high false alarm rates. But,
anomaly-based systems can detect the unknown and variants
of existing attacks. A recent literature survey shows that
machine learning and deep learning approaches are leveraged
for network IDSs with the aim to detect unknown and variants
of existing attacks along with detecting the known attacks [4]
[3]. These methods replaced the rule-based systems in IoMT-
Network IDS.
Intrusion detection is a very important tool in the IoMT en-
vironment to secure the IoMT devices and their networks from
attackers. A survey on various existing security mechanisms
and their limitations in the IoMT environment is discussed by
the authors [1] [2]. A deep neural network (DNN) with an
optimization-based approach is proposed for intrusion detec-
tion in IoMT architecture [5]. The proposed method increased
the accuracy of existing methods by 15% on the knowledge
discovery and data mining tools competition 1999 (KDDCup-
99) intrusion dataset. An ensemble machine learning approach
is proposed for IoMT intrusion detection and the detailed
analysis was done using the Telemetry operating systems
Network traffic IoT (ToN-IoT) dataset [6]. The ensemble
models performed well compared to a single machine learning
model. Gradient boosting and Transformer-based models were
proposed for IoMT intrusion detection and IoMT malware de-
tection respectively [7]. The model performances were shown
IEEE INTERNET OF THINGS MAGAZINE 2
on ToN-IoT and endgame malware benchmark for research
(Ember) datasets. In all the experiments, the proposed models
showed better performances compared to the other existing
models. Recurrent neural network (RNN)-based intrusion de-
tection is proposed for the IoMT environment by authors [8].
The performance of the models is shown using the network
security laboratory-knowledge discovery and data mining tools
competition 1999 (NSL-KDD) dataset. The authors showed
a comparison of the proposed model with other traditional
machine learning algorithms. Swarm neural network-based
IoMT intrusion detection is shown on the ToN-IoT dataset [9].
An active learning-based model is proposed for IoMT intrusion
detection [10]. The random forest model performed better
compared to other models by showing an accuracy of 96.44%
on the intrusion detection evaluation dataset (CIC-IDS2017)
dataset. The network flows in KDDCup-99, ToN-IoT, NSL-
KDD, and Ember datasets are not from a realistic IoMT
environment. Though the studies reported better performances,
the models trained on KDDCup-99, ToN-IoT, NSL-KDD,
CIC-IDS2017, and Ember datasets will not work well in
accurately detecting the attacks in the IoMT environment.
An anomaly-based model is proposed for the IoMT en-
vironment using features from network traffic, IoT device
information, gateway information, and CPU and memory con-
sumption information [11]. Though the models have reported
better performances, the anomaly-based method false alarm
rate is high in a realistic IoMT environment. A Mobile
agent-based intrusion detection model is proposed for IoMT
environment [12]. The authors showed a detailed analysis
of various traditional machine learning-based model perfor-
mances for intrusion detection; however, the dataset is not
from a realistic IoMT environment. Intrusion detection using
machine learning in the IoMT environment is proposed and
its performance was shown on a realistic IoMT dataset by uti-
lizing the features from network flows and patient biometrics
sensing data [13]. The performance reported by the authors
can be further improved. This study is considered to be the
first work on intrusion detection in the IoMT environment.
Because the dataset is collected from the IoMT testbed and the
dataset named Washington University in St. Louis enhanced
healthcare monitoring system 2020 (WUSTL EHMS 2020) is
publicly available for further research with the aim to enhance
the reported results for intrusion detection in the IoMT envi-
ronment. Later, the Edith cowan university Internet of health
things (ECU-IoHT) dataset was introduced by the authors for
IoMT intrusion detection, however, WUSTL EHMS 2020 is
considered to be a good dataset over ECU-IoHT. Because
the WUSTL EHMS 2020 contains both features of network
flows and patient biometrics whereas ECU-IoHT contains
only a smaller number of network features. Since WUSTL
EHMS 2020 is highly imbalanced, authors [14] employed data
preprocessing and data augmentation approaches and used a
tree-based classifier that achieved better performances than
the [13]. The number of features in WUSTL EHMS 2020
was reduced using an optimization-based approach and later,
various traditional machine learning and deep neural network-
based models were employed for intrusion detection [15]. This
study reported that the model showed better performances
compared to [13] and [14]. Since the studies employed the
data preprocessing and data augmentation methodologies to
make the data imbalance prior to training machine learning
models [14] [15], the results are not directly comparable to
the [13]. Most importantly, the models [14] [15] will not show
the same reported accuracy in the realistic IoMT environment.
In addition, the performance of the model implicitly depends
on handling imbalance using data preprocessing and data
augmentation approaches. The literature on data imbalances
shows that methods based on cost-sensitive learning in the
field of data mining are considered to be effective in handling
imbalances compared to simple data preprocessing and data
augmentation methodologies. The current work proposes a
cost-sensitive learning approach instead of data preprocessing
and data augmentation to handle the imbalanced WUSTL
EHMS 2020 dataset. To effectively learn the features from the
network and patient biometrics, various deep learning layers
are employed with an attention model for optimal feature
selection to identify the attacks. The main contributions of
the proposed work are as follows:
•Propose a deep learning-based approach for network-
based IDS in the IoMT environment.
•The proposed model performance is evaluated on network
features, patients biometrics, and combined features of
network and patient biometric sensors.
•Since the dataset is highly imbalanced, the current work
integrates a cost-sensitive learning approach that employs
more weights to the classes that have a smaller number of
IoMT network traffic data samples and fewer weights to
the classes that have a greater number of IoMT network
traffic data samples during the training of a model.
•The proposed model employs both convolutional Neural
Network (CNN) and long short-term memory (LSTM)
to effectively extract the robust spatial and time-series
features of network flow and patient biometrics.
•The proposed model integrates global attention that helps
to extract important features from CNN and LSTM layers.
•A comparison of the proposed model with the existing
studies for intrusion detection in the IoMT environment.
II. IOMT NETWORK INTRUSION DETECTION SYSTEM
This work proposes an intrusion IDS, a network monitoring
tool that continuously monitors a single computer or network
of computers in an IoMT environment and alerts the system
administrator if there is any malicious activity and suspicious
behavior inside a healthcare organization. The proposed IoMT
security architecture is shown in Figures 1 and 2. This is
divided into two parts such as data collection and data analysis.
In the data collection phase, the data of network flow and
patient biometrics from the medical sensors are collected
through the IoMT gateway and sends the data to the server
for data analysis and visualization via the router and switch.
Next, these data are preprocessed and passed the 29 network
features and 8 features of patient biometrics into data analysis.
The data analysis contains a deep learning-based model to
detect the attacks in IoMT network traffic. The features are
passed as input to CNN and LSTM layers and these layers
IEEE INTERNET OF THINGS MAGAZINE 3
Fig. 1: IoMT Security Architecture
Fig. 2: Proposed IoMT-IDS
collectively learn the spatial and temporal features. Instead of
considering the last hidden states of CNN and LSTM models,
the current work considers all the hidden states and passed
them into a global attention layer. It is similar to soft attention
and additive attention. It employs a tanh activation function on
all the hidden state features of CNN and LSTM. The global
attention layer features are passed into a fully connected layer
with 50 neurons. Next, the features of CNN and LSTM are
fused. The fused feature contains 50 features and is passed
into a classification layer. The classification layer contains two
fully connected layers, one with 25 neurons and after that
another with 1 neuron. Between the classification and global
attention layer, the current work employs dropout and batch
normalization. The dropout layer helps to avoid overfitting by
randomly removing the neuron and its connections whereas
batch normalization increases the training speed. Finally, the
model classifies the network traffic as either normal or an
Attack. Since the IoMT network traffic is highly imbalanced,
the current work employs a cost-sensitive learning approach
that assigns more cost weights to the Attack class and less
cost weight to the Normal class during training a model.
Initially, the values for the cost matrix are chosen randomly
by following the Gaussian distribution and these are finetuned
during training across 40 epochs.
III. DESCRIPTION OF IOMT N ET WORK TRAFFIC DATASET
The WUSTL EHMS 2020 dataset is developed using IoMT
real-time health monitoring testbed [13]. The testbed con-
tains medical sensors, a gateway, a network, and a con-
troller. The data collected from the medical sensors are
transferred to servers via a gateway followed by a net-
work, i.e. switch, and router. The controller manages the
data visualization of network flow and patient biometrics.
Man-in-the-middle attacks, data injection, and spoofing at-
tacks were simulated in the testbed. The features of network
and patient biometrics were extracted using the ARGUS
IEEE INTERNET OF THINGS MAGAZINE 4
TABLE I: Details of IoMT-Network IDS datasets
Dataset Normal Attack Total
WUSTL EHMS 2020 14272 2046 16318
SDN-IoT 35000 175000 210000
KDDCup-99 97278 396743 494021
tool. Along with the WUSTL EHMS 2020 dataset, the cur-
rent work considers the software defined networking-Internet
of things (SDN-IoT) (https://github.com/AlperKaan35/SDN-
Dataset, accessed on May 02, 2022) and KDDCup-99
(http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, ac-
cessed on May 02, 2022) datasets. The SDN-IoT dataset was
collected in an SDN-based IoT environment and KDDCup-99
was collected from computer network traffic inside MIT Lin-
coln Labs. The detailed statistics of the datasets are included
in Table I.
IV. RES ULTS AND DISCUSSIONS
GPU-enabled Kaggle data science platform with K80 GPU
was utilized to run all the experiments of the proposed
models based on machine learning and deep learning. The
implementation of machine learning models was done using
scikit-learn library and deep learning models using Keras with
TensorFlow as the backend.
The proposed model is composed of one-dimensional CNN
(1D CNN) and LSTM layers. CNN contains filters and LSTM
contains memory blocks. Since the total number of features in
the WUSTL EHMS 2020 dataset is 37, this work employs
37 filters in CNN and 37 memory blocks in LSTM. Both
CNN and LSTM contain one hidden layer and after that
global attention layer is included. To achieve a better attack
detection rate, optimal parameters have to be chosen for the
deep learning models. Various trials of experiments were
conducted during training with the aim to choose the optimal
parameters in hyperparameter tuning. In the hyperparameter
selection approach, a simple deep learning model is developed
which contains an input layer, hidden layers, and an output
layer. The input layer includes network features and patient
biometric features of length 37, hidden layers such as attention
with CNN and LSTM in deep learning, and the output layer
contains 1 neuron. Based on the hyperparameter selection
approach, the values for the parameters such as learning rate,
batch size, and optimizer were set to 0.01, 64, and adam re-
spectively. Next, the experiments were run to 100 epochs. The
proposed model showed better performances across the epochs
from 1 to 45 and after that, the model started overfitting.
The deep learning models were run for 45 epochs on all the
datasets. Figure 3 shows the proposed model training accuracy
and training loss for all the datasets. The proposed model has
shown a successive increase in training and validation accuracy
and a successive decrease in training and validation loss. At the
end of 45 epochs, the model has achieved a training accuracy
of more than 99% with a training loss of less than 0.01. This
indicates that the model has learned the patterns of attacks and
normal IoMT network traffic.
With the aim to evaluate the performance of the models,
the dataset was randomly divided into 70% training and 30%
testing. 15% of training datasets are used for validation.
The trained model performances were reported in Table II.
The model has achieved above 99% performances for IoMT
datasets and showed similar performances on the dataset
from other than the IoMT environment. Since the dataset
is highly imbalanced, we have considered macro precision,
macro recall, and macro F1-score to find out the best model.
The proposed model has shown 99% precision and recall and
98% F1-score on IoMT dataset. It maintained the same per-
formances of precision, recall, and F1-score on other datasets
that are not from the IoMT environment.
The proposed model employs both the network flow and
patient biometric information to accurately identify the attacks
in the IoMT environment. The results reported in Table II
show that the model requires both the features of network
flow and patient biometrics. The experiments on individual
feature sets were done and the results show that the individual
feature set’s performances are less compared to the combined
features of network flow and patient biometrics. Moreover, the
performance of the model on network flow features performed
better than the patient biometrics. The model showed 95%
accuracy on network flow features and 88% accuracy on
patient biometrics. However, both features are important to
detect the attacks accurately and achieve a better detection
rate.
Though the proposed model achieved 99% accuracy and
above 99% precision, 98% recall, and 98% F1-score, the mod-
els have misclassifications. The proposed model misclassified
9 IoMT network traffic data samples of normal as attack and
29 samples of attack as normal for WUSTL EHMS 2020 using
combined features of network flow and patient biometrics. On
SDN-IoT, the model misclassified 222 normal IoMT network
traffic data samples as attacks and 192 attacks as normal. 345
normal IoMT network traffic data samples are misclassified as
normal and 2133 IoMT network traffic data samples of attacks
are misclassified as normal in KDDCup-99. The proposed
model misclassification of attack samples is high in SDN-
IoT and KDDCup-99 compared to the WUSTL EHMS 2020.
The reason can be WUSTL EHMS 2020 dataset contains
more attack IoMT network traffic data samples compared
to the normal IoMT network traffic data samples. These
misclassifications can be handled by enhancing the proposed
cost-sensitive-based deep learning with an attention model. In
addition, the proposal of a new approach to initialize weights
to the weight matrix at the beginning. Since the deep learning
models require more IoMT network traffic data samples during
the training, there may be an option that the misclassification
can be avoided by providing enough IoMT network traffic data
samples that are similar to the patterns of misclassified data.
As shown in Table III, the performance of the proposed
approach is compared with the existing studies for IoMT in-
trusion detection using the combined features of network flow
and patient biometrics of WUSTL EHMS 2020. Since there
was no separate training and the testing dataset was provided
for WUSTL EHMS 2020, the current work employed 10-fold
cross-validation instead of randomly dividing the dataset into
training and testing. The 10-fold cross-validation accuracy of
the proposed model and existing approaches are included in
IEEE INTERNET OF THINGS MAGAZINE 5
TABLE II: Results of the proposed method for IoMT-Network IDS
Dataset Accuracy Precision Recall F1-score Confusion matrix
Network-WUSTL EHMS 2020 0.95 0.94 0.85 0.88 [4211 41]
[ 193 451]
Biometric-WUSTL EHMS 2020 0.88 0.75 0.76 0.75 [3956 296]
[ 266 378]
Combined-WUSTL EHMS 2020 0.99 0.99 0.98 0.98 [4243 9]
[ 29 615]
SDN-IoT 0.99 0.99 0.99 0.99 [10190 222]
[192 52396]
KDDCup-99 0.98 0.96 0.99 0.97 [28847 345]
[2133 116882]
Fig. 3: Proposed IoMT intrusion detection model training and validation accuracy and loss (left to right)
TABLE III: Comparison of the proposed model performance
with the existing studies for IoMT-Network IDS
Method Accuracy
Training
time
(seconds)
Testing
time
(seconds)
Cost-
sensitive
Decision tree [6] 89.2 32 18 No
Random
Forest [14] 92.6 34 21 No
SVM [13] 93.2 37 35 No
DNN [15] 94.7 300 39 No
RNN [8] 95.1 340 50 No
LSTM 96.4 370 42 No
CNN 96.8 290 43 No
Proposed 99 410 96 Yes
Table III. The proposed model showed 99% 10-fold cross-
validation accuracy with an improvement of 4% compared
to the existing studies. All the existing approaches are not
effective for imbalanced IoMT network data. Most of the
studies employed data preprocessing and data augmentation
methodologies to balance the data before employing machine
learning and deep learning models. This may not be realistic
when it comes to the IoMT network environment, because
the proportion of normal and attacks traffic samples are not
always the same in a real-time environment. The proposed
approach employs a cost-sensitive learning approach to handle
an imbalance in the IoMT traffic dataset. In addition to
accuracy, average time information for performing the training
and testing of a model is included in Table III. The proposed
model took 410 seconds for training and 96 seconds for
testing, model can detect a single network attack during testing
in less than 2 seconds. Some of the existing models such as
decision tree and random forest classification models require
only half of the time of the proposed model, however, their
performance is less i.e. 8% less accuracy compared to the
proposed model. The other existing models such as support
vector machine (SVM) and other deep learning models such as
CNN, RNN, and LSTM require almost the same training and
testing time as the proposed models. Thus, the proposed model
is considered to be effective for IoMT intrusion detection.
In the proposed IoMT IDS, collecting the patient biometric
data raises ethical issues. The patient biometrics data can be
misused. A detailed study can be done on how to protect
the patient’s biometric data and the ethical risks and issues
involved during the data collection from the patients. Patient
biometric data protection can be done using the concept
of blockchain. However, the detailed regulations and risks
involved during biometric collection from the patients need to
be studied in detail. These works can be discussed as future
works.
IEEE INTERNET OF THINGS MAGAZINE 6
V. CONCLUSION AND FUTURE WORKS
This paper presents a deep learning-based approach for
network-based intrusion detection in an IoMT environment
using features of network flows and patient biometrics. The
integration of attention to the deep learning layers in the
proposed model helps to extract optimal features to accurately
detect the attacks. In addition, data imbalance in network intru-
sion data of the IoMT environment is handled by introducing
the costs to the classes during the training of a model. Cost-
sensitive learning approach with a deep learning model showed
better performances compared to all the existing systems, most
importantly the proposed system is able to detect IoMT attacks
with better accuracy compared to the existing systems. In
addition, the proposed system shows similar performances
on other network-based standard benchmark datasets. Thus,
the proposed approach for network-based IDS in the IoMT
environment is generalizable and robust to accurately detect
the attacks and alert the network admin to take necessary
actions. In addition to detecting the attacks of network flows,
the attacks can be further classified into types of attack.
Development of the types of the IoMT attack dataset and
evaluation of the proposed model performances on attack
classification will be considered as future work. Each layer
of deep learning features is unique and disjoint. Kernel-based
feature fusion learning approaches can be integrated at the
classification layer. This type of classification layer further
strengthens the model and classification performance for the
IoMT network.
REFERENCES
[1] J.-P. A. Yaacoub, M. Noura, H. N. Noura, O. Salman, E. Yaacoub,
R. Couturier, and A. Chehab, “Securing internet of medical things
systems: Limitations, issues and recommendations,” Future Generation
Computer Systems, vol. 105, pp. 581–606, 2020.
[2] A. Ghubaish, T. Salman, M. Zolanvari, D. Unal, A. Al-Ali, and R. Jain,
“Recent advances in the internet-of-medical-things (iomt) systems secu-
rity,” IEEE Internet of Things Journal, vol. 8, no. 11, pp. 8707–8718,
2020.
[3] M. M. Rathore, A. Ahmad, and A. Paul, “Real time intrusion detection
system for ultra-high-speed big data environments,” The Journal of
Supercomputing, vol. 72, pp. 3489–3510, 2016.
[4] A. Paul, A. Ahmad, M. M. Rathore, and S. Jabbar, “Smartbuddy:
defining human behaviors using big data analytics in social internet of
things,” IEEE Wireless Communications, vol. 23, no. 5, pp. 68–74, 2016.
[5] S. P. RM, P. K. R. Maddikunta, M. Parimala, S. Koppu, T. R. Gadekallu,
C. L. Chowdhary, and M. Alazab, “An effective feature engineering for
dnn using hybrid pca-gwo for intrusion detection in iomt architecture,”
Computer Communications, vol. 160, pp. 139–149, 2020.
[6] P. Kumar, G. P. Gupta, and R. Tripathi, “An ensemble learning and
fog-cloud architecture-driven cyber-attack detection framework for iomt
networks,” Computer Communications, vol. 166, pp. 110–124, 2021.
[7] A. Ghourabi, “A security model based on lightgbm and transformer to
protect healthcare systems from cyberattacks,” IEEE Access, vol. 10, pp.
48 890–48 903, 2022.
[8] Y. K. Saheed and M. O. Arowolo, “Efficient cyber attack detection on
the internet of medical things-smart environment based on deep recurrent
neural network and machine learning algorithms,” IEEE Access, vol. 9,
pp. 161 546–161 554, 2021.
[9] S. Nandy, M. Adhikari, M. A. Khan, V. G. Menon, and S. Verma,
“An intrusion detection mechanism for secured iomt framework based
on swarm-neural network,” IEEE Journal of Biomedical and Health
Informatics, vol. 26, no. 5, pp. 1969–1976, 2021.
[10] P. Radoglou-Grammatikis, P. Sarigiannidis, G. Efstathopoulos,
T. Lagkas, G. Fragulis, and A. Sarigiannidis, “A self-learning approach
for detecting intrusions in healthcare systems,” in ICC 2021-IEEE
International Conference on Communications. IEEE, 2021, pp. 1–6.
[11] G. Zachos, I. Essop, G. Mantas, K. Porfyrakis, J. C. Ribeiro, and
J. Rodriguez, “An anomaly-based intrusion detection system for internet
of medical things networks,” Electronics, vol. 10, no. 21, p. 2562, 2021.
[12] G. Thamilarasu, A. Odesile, and A. Hoang, “An intrusion detection
system for internet of medical things,” IEEE Access, vol. 8, pp. 181560–
181 576, 2020.
[13] A. A. Hady, A. Ghubaish, T. Salman, D. Unal, and R. Jain, “Intrusion
detection system for healthcare systems using medical and network data:
A comparison study,” IEEE Access, vol. 8, pp. 106 576–106 584, 2020.
[14] K. Gupta, D. K. Sharma, K. D. Gupta, and A. Kumar, “A tree classifier
based network intrusion detection model for internet of medical things,”
Computers and Electrical Engineering, vol. 102, p. 108158, 2022.
[15] R. Chaganti, A. Mourade, V. Ravi, N. Vemprala, A. Dua, and
B. Bhushan, “A particle swarm optimization and deep learning approach
for intrusion detection system in internet of medical things,” Sustainabil-
ity, vol. 14, no. 19, p. 12828, 2022.
Vinayakumar Ravi is an Assistant Research Profes-
sor at the Center for Artificial Intelligence, Prince
Mohammad Bin Fahd University, Khobar, Saudi
Arabia. His previous position was a Postdoctoral re-
search fellow in developing and implementing novel
computational and machine learning algorithms and
applications for big data integration and data mining
with Cincinnati Children’s Hospital Medical Cen-
ter, Cincinnati, OH, USA from September, 2019
to September, 2020. His current research interests
include applications of data mining, Artificial Intelli-
gence, machine learning (including deep learning) for biomedical informatics,
Cyber Security, image processing, and natural language processing. More
details available at https://vinayakumarr.github.io/.
Tuan D. Pham currently holds positions as (full)
Senior Research Professor in AI and Founding
Director of the Center for Artificial Intelligence
at Prince Mohammad Bin Fahd University, Saudi
Arabia. His previous position was (full) Professor
of Biomedical Engineering at Linkoping University,
University Hospital Campus, Linkoping, Sweden.
He was appointed as (full) Professor and Leader of
the Aizu Research Cluster for Medical Engineering
and Informatics, and the Medical Image Processing
Lab, both at the University of Aizu, Japan. Before
his appointments in Japan, he was appointed as Associate Professor and the
Bioinformatics Research Group Leader at the University of New South Wales,
Canberra, Australia. His current research focuses on AI and machine learning
methods for image processing, time-series analysis, complex networks, and
pattern recognition with applications to medicine, biology, and mental health.
He serves as an Associate/Section Editor for a number of scholarly journals,
series, and conference proceedings, such as Pattern Recognition (Elsevier),
Heliyon (Cell Press), IET Signal Processing, Entropy (MDPI), Frontiers in
Artificial Intelligence, Frontiers in Big Data, Frontiers in Network Phys-
iology, Computer Science Advisory Board (Cambridge Scholars), Current
Bioinformatics (Bentham), IEEE-EMBC (Theme 10: Biomedical & Health
Informatics), ACM, and SPIE conference proceedings.
Dr. Pham was selected to serve as an Expert in Artificial Intelligence for
consultation by the U.S. Food & Drug Administration (FDA) Center for
Devices and Radiological Health (CDRH) Network of Digital Health Experts
Program (NoDEx). Professor Pham was elected a full member of Sigma
Xi, The Scientific Research Honor Society, which is the international honor
society of science and engineering and one of the oldest and largest scientific
organizations in the world.
IEEE INTERNET OF THINGS MAGAZINE 7
Mamoun Alazab received his PhD degree in Com-
puter Science from the Federation University of Aus-
tralia, School of Science, Information Technology
and Engineering. He is a Professor in the College of
Engineering, IT and Environment at Charles Darwin
University, Australia. He is a Cyber Security re-
searcher and practitioner with industry and academic
experience. Alazab’s research is multidisciplinary
that focuses on Cyber Security and digital forensics
of computer systems including current and emerging
issues in the cyber environment like cyber-physical
systems and internet of things with a focus on cyber crime detection and
prevention. He is a Senior Member of the IEEE.