The emerging technologies of the Internet of Things (IoTs) have started a new chapter for healthcare. IoT technologies have transformed the way healthcare delivering care to patients. As the network-enabled IoT devices are integrated with healthcare network infrastructure, IoT security is a major concern for medical institutes. This study proposes a machine learning based detection model to identify malicious behaviors in such IoT network environments. The proposed two-phase LSTM detection method first identifies the network protocol of the traffic and then detects IoT anomalies. As most data is imbalanced with a small portion of malicious traffic, the study demonstrates the impact of imbalanced data in model training and suggests an effective approach to handle such a situation. The experimental results show that the proposed two-phase LSTM classification model outperforms onephase one and other classification models.

Internet of things, machine learning, anomaly detection.

J. Davis. "82% IoT Devices of Health Providers, Vendors Targeted by Cyberattacks." https://healthitsecurity.com/news/82-iot-devices-of-health-providers-vendors-targeted-by-cyberattacks (accessed: Jun. 12, 2020).

L. Pascu. "Medical IoT Security Incidents on the Rise in 2019, Survey Says." https://www.bitdefender.com/box/blog/iot-news/medical-iot-security-incidents-rise-2019-survey-says/ (accessed: Jun. 12, 2021).

J. Graham. "Hospitals hit hardest by ransomware attacks, study says." https://techxplore.com/news/2020-10-hospitals-hardest-ransomware.html (accessed: Jun. 12, 2021).

C. Boutin. "NIST Releases Draft Guidance on Internet of Things Device Cybersecurity." https://www.nist.gov/news-events/news/2020/12/nist-releases-draft-guidance-internet-things-device-cybersecurity (accessed: Jun. 12, 2021).

J. Davis. "Cybersecurity in 2020: IoT Medical Devices, Ransomware, Legacy OS." https://healthitsecurity.com/news/cybersecurity-in-2020-iot-medical-devices-ransomware-legacy-os (accessed: Jun. 12, 2021).

Y. Zhang, M. Qiu, C.-W. Tsai, M. Hassan, and A. Alamri, "Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data," IEEE Systems Journal, vol. 11, pp. 1-8, 08/24 2015, doi: 10.1109/JSYST.2015.2460747.

S. Rathore and J. Park, "Semi-supervised learning based distributed attack detection framework for IoT," Applied Soft Computing, vol. 72, 07/01 2018, doi: 10.1016/j.asoc.2018.05.049.

G. Thamilarasu, A. Odesile, and A. Hoang, "An Intrusion Detection System for Internet of Medical Things," IEEE Access, vol. 8, pp. 181560-181576, 2020.

Center of Disease Control and Prevention. "Health Insurance Portability and Accountability Act of 1996 (HIPAA)." https://www.cdc.gov/phlp/publications/topic/hipaa.html (accessed: Jun. 12, 2021).

Emsisoft Malware Lab. "State of Ransomware in the U.S.: 2019 Report for Q1 to Q3." https://blog.emsisoft.com/en/34193/state-of-ransomware-in-the-u-s-2019-report-for-q1-to-q3/ (accessed: Apr. 25, 2021).

M. Strong. "China hackers steal 3 million Taipei health department files." https://www.taiwannews.com.tw/en/news/3608912 (accessed: Jun. 16, 2021).

J. Davis. "UPDATE: The 10 Biggest Healthcare Data Breaches of 2020." https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2020 (accessed: Jun. 12, 2021).

S. Steffen. "Hackers hold German hospital data hostage." https://www.dw.com/en/hackers-hold-german-hospital-data-hostage/a-19076030?maca=en-rss-en-all-1573-rdf (accessed: Apr. 22, 2021).

M. N. Bhuiyan, M. M. Rahman, M. M. Billah, and D. Saha, "Internet of Things (IoT): A review of its enabling technologies in healthcare applications, standards protocols, security and market opportunities," IEEE Internet of Things Journal, 2021.

A. Chacko and T. Hayajneh, "Security and privacy issues with IoT in healthcare," EAI Endorsed Transactions on Pervasive Health and Technology, vol. 4, no. 14, 2018.

M. K. Kagita, N. Thilakarathne, T. R. Gadekallu, and P. K. R. Maddikunta, "A Review on Security and Privacy of Internet of Medical Things," arXiv preprint arXiv:2009.05394, 2020.

F. Hussain et al., "A Framework for Malicious Traffic Detection in IoT Healthcare Environment," Sensors, vol. 21, no. 9, p. 3025, 2021.

H. Hindy, D. Brosset, E. Bayne, A. Seeam, and X. Bellekens, "Improving SIEM for critical SCADA water infrastructures using machine learning," in Computer Security: Springer, 2018, pp. 3-19.

A. Rahman, M. S. Hossain, N. A. Alrajeh, and F. Alsolami, "Adversarial examples–security threats to COVID-19 deep learning systems in medical IoT devices," IEEE Internet of Things Journal, 2020.

F. Hussain, S. G. Abbas, M. Husnain, U. U. Fayyaz, F. Shahzad, and G. A. Shah, "IoTDoS and DDoS Attack Detection using ResNet," arXiv preprint arXiv:2012.01971, 2020.

B. Hussain, Q. Du, B. Sun, and Z. Han, "Deep Learning-Based DDoS-Attack Detection for Cyber–Physical System Over 5G Network," IEEE Transactions on Industrial Informatics, vol. 17, no. 2, pp. 860-870, 2020.

J. M. Taylor and H. R. Sharif, "Enhancing integrity of modbus TCP through covert channels," in 2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS), 2017: IEEE, pp. 1-6.

A. A. Hady, A. Ghubaish, T. Salman, D. Unal, and R. Jain, "Intrusion detection system for healthcare systems using medical and network data: A comparison study," IEEE Access, vol. 8, pp. 106576-106584, 2020.

O. Koucham, "Intrusion detection for industrial control systems," Doctor Thesis, Université Grenoble Alpes, 2018.

S. Zidi, T. Moulahi, and B. J. I. S. J. Alaya, "Fault detection in wireless sensor networks through SVM classifier," vol. 18, no. 1, pp. 340-347, 2017.

H. Wang, J. Gu, and S. J. K.-B. S. Wang, "An effective intrusion detection framework based on SVM with feature augmentation," vol. 136, pp. 130-139, 2017.

S. D. D. Anton, S. Sinha, and H. D. J. a. p. a. Schotten, "Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests," 2019.

B. J. Radford, L. M. Apolonio, A. J. Trias, and J. A. Simpson, "Network traffic anomaly detection using recurrent neural networks," arXiv preprint arXiv:1803.10769, 2018.

P. Prasse, L. Machlica, T. Pevný, J. Havelka, and T. Scheffer, "Malware detection by analysing network traffic with neural networks," in 2017 IEEE Security and Privacy Workshops (SPW), 2017: IEEE, pp. 205-210.

T.-Y. Kim and S.-B. Cho, "Web traffic anomaly detection using C-LSTM neural networks," Expert Systems with Applications, pp. 66-76, 2018.

C. Jeong, M. Ahn, H. Lee, and Y. Jung, "Automatic Classification of Transformed Protocols Using Deep Learning," in International Conference on Parallel and Distributed Computing: Applications and Technologies, 2018: Springer, pp. 153-158.

J. Xue, Y. Chen, O. Li, and F. Li, "Classification and identification of unknown network protocols based on CNN and T-SNE," in Journal of Physics: Conference Series, 2020, vol. 1617, no. 1: IOP Publishing, p. 012071.

R. Lin, O. Li, Q. Li, and Y. Liu, "Unknown network protocol classification method based on semi-supervised learning," in 2015 IEEE International Conference on Computer and Communications (ICCC), 2015: IEEE, pp. 300-308.

G. Hinton, N. Srivastava, and K. Swersky, "Neural networks for machine learning lecture 6a overview of mini-batch gradient descent," vol. 14, no. 8.

ODSC. "15 Open Datasets for Healthcare." https://medium.com/@ODSC/15-open-datasets-for-healthcare-830b19980d9 (accessed: Jun. 12, 2021).

Kaggle. "Healthcare Datasets." https://www.kaggle.com/tags/healthcare (accessed: Jun. 12, 2021).

U. Adhikari, S. Pan, and T. Morris. "Industrial Control System (ICS) Cyber Attack Datasets." https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets (accessed: 18 Dec., 2020).

A. Lemay. "A SCADA Dataset." https://github.com/antoine-lemay/Modbus_dataset (accessed: 18 Dec., 2020).

4SICS Geek Lounge. "Capture files from 4SICS Geek Lounge." https://www.netresec.com/?page=PCAP4SICS (accessed: 18 Dec., 2020).

A. Lemay and J. M. Fernandez, "Providing SCADA network data sets for intrusion detection research," in 9th Workshop on Cyber Security Experimentation and Test, 2016.

Y. Li, T. Zhang, Y. Y. Ma, and C. Zhou, "Anomaly detection of user behavior for database security audit based on ocsvm," in 2016 3rd International Conference on Information Science and Control Engineering (ICISCE), 2016: IEEE, pp. 214-219.