Computer Communications 213 (2024) 61–77

Contents lists available at ScienceDirect

Computer Communications
journal homepage: www.elsevier.com/locate/comcom

Review

A review of Machine Learning (ML)-based IoT security in healthcare: A

dataset perspective
Euclides Carlos Pinto Neto a , Sajjad Dadkhah a ,∗, Somayeh Sadeghi a , Heather Molyneaux b ,
Ali A. Ghorbani a
a
Canadian Institute for Cybersecurity - University of New Brunswick (UNB), Fredericton, New Brunswick, Canada
b National Research Council Canada, Fredericton, New Brunswick, Canada

ARTICLE INFO ABSTRACT

Keywords: The Internet of Things (IoT) is transforming society by connecting businesses and optimizing systems across
Internet of Things (IoT) industries. Its impact has been felt in healthcare, where it has the potential to revolutionize medical treatment.
Intrusion Detection System (IDS) Conversely, healthcare systems are targeted by attackers and security threats. Malicious activities against such
IoT security
systems intend to compromise privacy and acquire control over internal procedures. In this regard, advanced
IoT datasets
analytics can enhance these attacks’ detection, mitigation, and prevention and improve overall IoT security.
Internet of Medical Things (IoMT)
However, the process of producing realistic datasets is complex. There are critical aspects to consider when
developing models that can be directly deployed in real environments (e.g., multiple devices, features, and
realistic testbed). Thereupon, the main goal of this research is to conduct a review of Machine Learning (ML)
solutions for IoT security in healthcare. Furthermore, this review is conducted from a dataset standpoint,
focusing on existing datasets, resources, applications, and open challenges. Our primary objective is to highlight
the current landscape of datasets for IoT security in healthcare and the immediate requirements for future
datasets to support the development of novel approaches.

1. Introduction Conversely, healthcare systems are targeted by attackers and secu-

Nowadays, the Internet of Things (IoT) is transforming society in
various aspects of society. This technology connects businesses and
enables the optimization of systems across multiple industries [1].
There has been an increase in deployed IoT services in the past few
years, bringing much value to operations and society [2].
Several areas have benefited from the use of IoT. For example,
in transportation systems, there is the Internet of Vehicles (IoV) con-
cept [3,4]. Besides, several solutions have been proposed in the context
of smart logistics [5]. Finally, there are other successful IoT applications
in areas such as education [6] and agriculture [7].
IoT has been increasingly utilized in healthcare in recent years,
attracting attention for potential medical treatment enhancements. In
fact, specific procedures that were impossible in the past are becoming
more common in medical procedures, e.g., continuous patient monitor-
ing and more informed decision-making. Some areas, such as remote
monitoring, electronic records, and preventive healthcare, have also
been supported by IoT initiatives [8].
rity threats. Malicious activities against such systems intend to com-
promise privacy and acquire control over internal procedures [9]. The
challenging aspect is that it is not always simple to detect and mitigate
these threats since they are becoming more sophisticated and exploiting
multiple vulnerabilities in the IoT topology [4].
In this regard, advanced analytics can enhance the detection, mit-
igation, and prevention of these attacks and improve overall IoT se-
curity [10]. To accomplish this, underlying patterns in the network
traffic are identified in different ways and used for anomaly detection.
Enhancing existing healthcare systems with the deployment of IoT
technologies deeply depends on meeting security requirements, and
ML powered by realistic datasets can offer many advantages to real
applications.
Moreover, generating realistic datasets is a complicated process
that involves several steps [11]. Successful contributions are reviewed
in this paper toward collecting data to train models, e.g., WUSTL
EHMS [12], ICU [13], and BlueTack [14]. However, there are critical
aspects to consider to develop models that can be directly deployed

∗ Corresponding author.
E-mail addresses: e.neto@unb.ca (E.C.P. Neto), sdadkhah@unb.ca (S. Dadkhah), s.sadeghi@unb.ca (S. Sadeghi), Heather.Molyneaux@nrc-cnrc.gc.ca
(H. Molyneaux), ghorbani@unb.ca (A.A. Ghorbani).

https://doi.org/10.1016/j.comcom.2023.11.002
Received 29 June 2023; Received in revised form 7 September 2023; Accepted 2 November 2023
Available online 4 November 2023
0140-3664/© 2023 Elsevier B.V. All rights reserved.
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

in real environments (e.g., multiple devices, features, and realistic Table 1

Comparison of this research’s proposal with related works.
testbeds). Furthermore, extending existing solutions depends on data
resources with more extensive topologies and metrics. # Work Year IoT Security ML & DL Healthcare

Thereupon, the main goal of this research is to conduct a literature 1 [15] 2022 ✓ ✓ ✓ ✓
2 [16] 2022 ✓ ✓ ✓
review of Machine Learning (ML) solutions for IoT security in health-
3 [17] 2021 ✓ ✓ ✓ ✓
care. Furthermore, this review is conducted from a dataset standpoint, 4 [18] 2021 ✓ ✓ ✓ ✓
focussing on existing datasets, resources, applications, and open chal- 5 [19] 2021 ✓ ✓ ✓ ✓
lenges. Our primary objective is to highlight the current landscape of 6 [20] 2021 ✓ ✓ ✓
7 [21] 2021 ✓ ✓ ✓ ✓
datasets for IoT security in healthcare and the immediate requirements
8 [22] 2021 ✓ ✓ ✓ ✓
for future datasets to support the development of novel approaches. The 9 [23] 2021 ✓ ✓ ✓
main contributions of this research are: 10 [24] 2021 ✓ ✓ ✓
11 [25] 2020 ✓ ✓ ✓ ✓
• A comprehensive review of efforts on ML-Based solutions for 12 [26] 2020 ✓ ✓ ✓
IoT security in healthcare, their main contributions, methods, 13 [27] 2020 ✓ ✓ ✓
resources, future directions, data requirements, and supportive 14 [28] 2020 ✓ ✓ ✓
15 [29] 2020 ✓ ✓ ✓
resources available (e.g., existing datasets, potential features, at-
16 [30] 2019 ✓ ✓ ✓
tacks, tools); 17 [31] 2017 ✓ ✓ ✓
• An extensive investigation of open challenges regarding the pro-
posal of new IoT security datasets in healthcare based on the data
requirements of new endeavors. These opportunities are catego-
rized into diversity, threats, reproducibility, and behavior, and In [17], a review on the role of ML in IoT applications in health-
emphasize the current demand for extensive testbeds, realistic care is presented. The authors focus on multiple aspects, including
scenarios (e.g., collection and data transmission), execution of prognosis, diagnosis, and assistive systems. Security aspects are also
attacks, and profiling experiments. considered alongside the constraints and drawbacks of each applica-
tion. Then, the authors describe the areas of IoT in healthcare (di-
The paper is organized as follows: Section 2 reviews related works agnosis, prognosis and spread control, assistive systems, monitoring,
and identifies the main aspects of this research. Secondly, Section 3 and logistics) and technologies (Sensing, APIs, location, identification,
presents the main aspects of IoT applications in healthcare. Then, and communication). A discussion on several topics, such as cardio-
Section 4 reviews various ML-based solutions for IoT security in health- vascular and neurological disorders, is conducted for diagnosis. Then,
care and identifies future directions and data requirements. After that, cardiovascular and pulmonary disorders are highlighted in terms of
Section 5 depicts existing resources available for developing new solu- prognosis and spread control. Electroencephalogram (EEG) and Surface
tions, e.g., datasets, features, attacks, tools, and ML and DL methods. Electromyography (SEMG) systems are then presented as part of assis-
Finally, Sections 6 and 7 present, respectively, the open challenges in tive systems. Finally, the authors also emphasize aspects of monitoring
developing new IoT security datasets in the healthcare context and the and the importance of different areas in this ecosystem, e.g., emotion
conclusion of this research. recognition, cognitive monitoring systems, infant health monitoring
In [15,32], the authors aim to present the current state-of-the-art
2. Related works ML-based solutions for IoT in healthcare. Several critical aspects are
highlighted, focusing on specific healthcare requirements (e.g., medical
Several works have focussed on reviewing IoT applications, describ- imaging and diagnosis). THe authors in [32] present an overview of
ing implementations, comparing contributions, and identifying open ML solutions in IoT medical data and suggest that model selection
challenges. In fact, this Section presents works related to our con- is vital to solve problems related to critical healthcare data. The au-
thors present an in-depth review of ML methods and application areas
tribution classified into three categories: ML & DL Evaluation of IoT
(e.g., medical imaging, diagnosis of diseases, behavior modification or
Security in Healthcare, General Security Aspects of IoT in Healthcare,
treatment, clinical trial research, smart electronic health records, and
and Applications other than Healthcare. Table 1 compares the related
epidemic outbreak prediction). Similarly, the authors in [15] present
works, with columns representing the primary focus of these surveys.
and overview of health monitoring system using IoT and deep learning.
All of the papers focus on IoT and Security, and 14 out of 17 also
Multiple sensors are listed alongside DL models, including the analysis
cover Machine Learning (ML) and Deep Learning (DL) topics. Out of
of frameworks (e.g., tensorflow and keras).
17 papers, 10 also focused on aspects of healthcare. None of the papers
The authors in [18] focus on the implication of big data in IoT
focused on datasets — an important gap in the research that our paper
security in healthcare environments. A discussion on IoT applications
will address.
in multiple fields is conducted followed by a layered architecture of a
wireless body sensor network. It includes multiple layers, e.g., sensing,
2.1. ML & DL evaluation of IoT security in healthcare communication, processing, storage, and mining and learning. Finally,
the authors list open challenges, e.g., Resource scarcity, security and
Several works have focussed on reviewing IoT applications, describ- privacy, interoperability, energy management, and big data analytics
ing implementations, comparing contributions, and identifying open in the context of IoT in healthcare.
challenges. Hathaliya et al. [25] review security and privacy issues Bhuiyan et al. [19] presents a review of applications, standards,
in Healthcare 4.0, describing several relevant topics and open chal- protocols, and market opportunities from an IoT security standpoint
lenges. The authors focus on blockchain-based solutions and different in the context of healthcare. The authors classify existing IoT-based
taxonomies used in this context. The authors list previous surveys healthcare networks, analyze widely-used IoT healthcare protocols,
and highlight that this research was motivated by the vital impor- investigate aspects of IoT healthcare security, and propose a model for
tance of security and privacy in Healthcare 4.0, the lack of reviews IoT healthcare security. Thereupon, a list of opportunities for IoT-based
on telehealthcare, policy-based, and processing-based solutions, and technologies in the context of healthcare is presented and discussed.
opening doors for other researchers. Furthermore, the authors present The authors in [21,22] focus on describing important insights into
a background, architecture, and components of security and privacy current ML-based IoT security solutions in healthcare from different
in Healthcare 4.0. Finally, a taxonomy is presented alongside open perspectives. In [21], the authors summarize IoT security issues, frame-
challenges. works, and Artificial Intelligence (AI) solutions to face such problems.

62
E.C.P. Neto et al.
Besides, a discussion on how AI can be used in different healthcare
scenarios is also conducted. Furthermore, a list of IoT applications
in healthcare is presented in [22], including patient monitoring, dig-
ital drugs, medical equipment, and medical institutions. A list of ML
applications in this context is also discussed, e.g., health monitoring,
prognosis, treatments, and decision support systems.
All these contributions shed light on important aspects of IoT se-
curity in the context of healthcare. Considering the focus on Machine
Learning and Deep Learning, such approaches summarize the chal-
lenges intelligent solutions face, including the need for an extensive
and realistic dataset. In this sense, our focus is to present a compre-
hensive investigation of datasets and resources available to foster the
development of new solutions for IoT security in healthcare.
2.2. Applications other than healthcare
Tahsien et al. [26] discuss the IoT security architecture from an
ML standpoint alongside future directions. The authors summarize IoT
devices’ current and future presence in the global market and a detailed
list of IoT security attacks (e.g., Dos, Man in the Middle, data tamper-
ing, and selective forwarding) and their characteristics (e.g., surfaces
and effects). Finally, an extensive discussion is conducted on how ML
plays an important role in such scenarios.
In [27], the focus is on ML, Artificial Intelligence (AI), and
blockchain solutions for IoT security. The authors present IoT security
issues and multiple aspects of IoT operations, such as infrastructure,
protocols (e.g., MQTT, CoAP, REST, AMQP, TCP, UDP, DCCP, SCTP,
RSVP, QUIC, CLNS, DDP, ICMP, DSI, and ISDN), and applications
(e.g., smart farming, smart home, smart grid, smart hospital, smart city,
smart transportation, supply chain, and smart retail). Security attacks
are also discussed, including jamming, DoS, power analysis, and man
in the middle.
Ahmad et al. [24] and Al-Gardi et al. [28] present a review on ML
approaches to IoT security. The authors in [24] introduce a System-
atic Literature Review (SLR) and an IoT attack taxonomy, including
physical network attacks (e.g., encryption, DoS/DDoS, routing attacks,
and middleware attacks), physical attacks (e.g., physical damage and
node jamming), and application attacks (code attacks, privacy attacks,
and malware). Finally, an overview of important aspects is presented,
e.g., major security challenges in IoT, protection methods, large-scale
attacks, ML and DL techniques, and attack mitigation. In [28], the
authors review recent efforts in advanced methods to enhance the
overall security of IoT systems. A tailored taxonomy of ML and DL
solutions for IoT security is introduced, including IoT security threats
(e.g., types and surfaces), learning methods for IoT security (e.g., super-
vised approaches, RL methods, CNN, RNN, and GANs), ML and DL for
layer security (e.g., perception, networks, and application), and other
dimensions (e.g., data, learning strategies, and IoT systems). Besides,
potential threats in the IoT system are also discussed, e.g., threats
that comprise confidentiality, integrity, authentication, availability,
authorization, and non-repudiation.
Sarker et al. [16] focus on security intelligence for IoT. The authors
describe IoT security challenges applicable to several areas as well as
IoT system architectures and security issues. Then, they discuss IoT
security problems, layers, and different ML and DL methods that can
be used to mitigate them. Also, existing and potential issues and open
challenges are reviewed. The authors review multiple (i.e., percep-
tion and sensing, networking and data communication, middleware or
support, and application), emphasizing that attacks targeting differ-
ent layers are engineered differently. In fact, important insights are
highlighted, similar to those presented in [29], in which the authors
present characteristics of IoT networks, challenges in the deployment,
and ML solutions for security. In terms of attacks, several challenges are
discussed, e.g., multi-layer attacks, physical level attacks, issues in the
security architecture, transportation and application attacks, cloud con-
cerns, and network-level attacks. The use of ML is also discussed from
63
Computer Communications 213 (2024) 61–77
multiple perspectives, including the presentation of multiple techniques
(e.g., DL and Deep Reinforcement Learning — DRL) and their limita-
tions (e.g., processing power, energy, and hardware technologies. The
authors also present how ML and DL can be integrated into IoT security
solutions in areas such as malware analysis, authentication, intrusion
detection, and attack mitigation. Finally, several future directions are
identified and explained in detail.)
Furthermore, the authors in [30] present a review of security-
related challenges of IoT applications, focussing on security issues and
emerging and existing technologies. In the context of IoT security,
this paper introduces a classification of different IoT applications,
security and privacy issues (e.g., injection, phishing, flooding, and data
theft), and threat sources in for multiple layers (i.e., application, mid-
dleware, network, and sensing), recommendations, countermeasures,
and open challenges. The authors also emphasize the importance of
fog computing in this environment, considering its characteristics and
solutions (e.g., Decentralization, data dissemination, real-time services,
and transient storage).
2.3. General security aspects of IoT in healthcare
Abouzakhar et al. [31] and Somasundaram et al. [20] review IoT
risks and threats in healthcare, including aspects related to protocol,
infrastructure, and possible impacts of cybersecurity attacks. The au-
thors in [31] present a list of the most common protocols used in
IoT (e.g., SOAP, CoAP, SSH, TCP, ZigBee, Z-Wave, NFC, and CDMA)
alongside attacks and countermeasures (e.g., DoS, unauthorized access,
ARP spoofing, VM backdoors, hypervision attack, and rootkit attack).
In fact, the authors focus on the general aspect of security in IoT
operations in healthcare and do not focus on ML and DL. Moreover, the
authors in [20] review security challenges in healthcare related to IoT
and assess the risk of devices considering multiple attacks. The authors
assign different weights to the metrics considered: difficulty, awareness,
and Impact (Less Medium and High). Additionally, risk factors are cal-
culated based on multiple criteria. The authors also present concepts to
mitigate current and future security threats, e.g., device-level security,
continuous monitoring, prevention, detection, and response.
Finally, Ullah et al. [23] review strategies to secure IoT regarding
healthcare data transmission and aggregation. The authors illustrate the
data aggregation process in smart healthcare devices and how the data
can be securely transmitted and stored at FoG and cloud. In fact, the
review focuses on secure fog-based data aggregation, secure healthcare
data aggregation, and secure data aggregation using fog computing
in healthcare. Regarding future directions, the authors emphasize the
importance of new solutions for data aggregation security, data pri-
vacy in information exchange, scalability, resources management, data
deduplication, and optimization.
3. IoT in healthcare
The Internet of Things (IoT) concept has been widely adopted
recently. Furthermore, healthcare IoT solutions can potentially enhance
medical treatments. Although applications seem endless, the use of
IoT in remote patient monitoring, electronic healthcare records, and
preventive healthcare are the most promising efforts [8].
IoT supports healthcare solutions in several ways. This technology
can improve the accuracy of procedures [33], improve the decision-
making process [34], and create new models of healthcare solutions.
Besides, the benefits also include the relationship between smart homes
and the medical center. For example, using healthcare devices, real-
time capturing, motion tracking, and emergency monitoring enable
novel remote monitoring capabilities. It can also support the use of
analytics and improve overall communication.
Fig. 1 illustrates solutions enabled by IoT in Healthcare applica-
tions. The interaction between smart homes and health management
& medical centers unveils underlying opportunities to enhance existing
medical systems and treatments. For instance, several examples of how
IoT has enabled new approaches in this field include:
E.C.P. Neto et al.
Fig. 1. Solutions enabled by IoT in healthcare applications [47,48].
• Remote Monitoring: enabling a constant communication with
medical centers, IoT fosters more informed, quick, and effective
decision making in different treatments and procedures [35];
• Special Care: IoT enables healthcare solutions for children [36]
and elderly people [37] to be continuous and more effective with
remote monitoring;
• Health Record: IoT can support healthcare systems by providing
detailed information about patients through continuous and more
comprehensive data collection approaches [38];
• Mobile Assistance: Through the presence of multiple devices,
IoT can enable customized healthcare services [39] and availabil-
ity [40] to patients;
• Information Systems: IoT can support the optimization of stor-
age, access, and use of primary healthcare data in different
ways [41];
• Integrated Solutions: Multimodal scenarios can also be consid-
ered, in which healthcare IoT applications can be part of an
ecosystem composed of other applications (e.g., transportation
and logistics) [42,43];
• Knowledge Resources: In an IoT-enabled healthcare system,
professionals can rely on wider awareness, short response times,
and continuous data collection. This can improve the overall
system performance [44];
• Telemedicine: remote procedures can also benefit from using
IoT. Although different mechanisms can be adopted depend-
ing on the procedure considered, IoT can potentially transform
telemedicine in the next few years [45,46].
However, all these applications can be targeted by security threats.
In fact, attackers can focus on compromising privacy or even acquire
control over systems and communication. In this regard, advanced
analytics (e.g., Deep Learning — DL) can strengthen the detection,
prevention, and mitigation of such attacks and ensure secure IoT oper-
ations. Finally, enhancing existing healthcare systems with the several
benefits of IoT deeply relies on meeting security requirements, and
Machine Learning (ML) powered by realistic datasets can offer many
advantages to real applications.
Moreover, there are similarities and differences between IoT and
IoT in healthcare due to the specific context and requirements of the
64
Computer Communications 213 (2024) 61–77
healthcare industry. Healthcare IoT has unique considerations related
to data sensitivity, regulation, patient care, and ethical concerns that
set it apart from IoT in other industries. It is a specialized and highly
regulated field focusing on patient well-being and data security.
Regarding data sensitivity, data produced by IoT devices in various
industries may not necessarily contain confidential or personal details.
But, in the healthcare industry, IoT devices handle highly sensitive
patient data such as medical records, vital signs, and personal health
information, making it crucial to ensure the security and privacy of
such data. In healthcare IoT, inaccurate or unreliable data can pose
life-threatening risks. Vital sign monitors and treatment devices must
meet high accuracy and reliability standards.
The consequences and impacts of IoT and IoT in healthcare are
significantly different. Generally, IoT applications lead to efficiency
gains, economic benefits, data analytics for business decisions and
data security and privacy concerns. Their implications are not im-
mediate and critical. On the other hand, IoT in healthcare has more
immediate and life-critical consequences, directly affecting patient care
and outcomes. Their impacts are focused on saving lives, monitoring
patient health, and improving clinical decision-making. Data security
breaches in healthcare IoT can lead to severe patient harm, privacy
violations, and legal consequences. Regulatory compliance and ethical
considerations are vital in healthcare IoT. Interoperability issues in
healthcare IoT may disrupt medical device communication, potentially
affecting patient safety. The consequences and impacts in healthcare
IoT are particularly high-stakes and patient-centric.
The consequences and impacts of IoT and IoT in healthcare are
significantly different. Generally, IoT applications lead to efficiency
gains, economic benefits, data analytics for business decisions, and
data security and privacy concerns. Their implications are not im-
mediate and critical. On the other hand, IoT in healthcare has more
immediate and life-critical consequences, directly affecting patient care
and outcomes. Their impacts are focused on saving lives, monitoring
patient health, and improving clinical decision-making. Data security
breaches in healthcare IoT can lead to severe patient harm, privacy
violations, and legal consequences. Regulatory compliance and ethical
considerations are vital in healthcare IoT. Interoperability issues in
healthcare IoT may disrupt medical device communication, potentially
affecting patient safety. The consequences and impacts in healthcare
IoT are particularly high-stakes and patient-centric.
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

Table 2
Summary of ML-based IoT security applications in healthcare.
# Work Problem faced Method Future directions Data requirements
1 Kumar et al. 2023 Secure data transmission DSAE with BiLSTM Deployment of prototype Realistic testbed and IoT
[49] interoperability
2 Tekin et al. 2023 ML energy consumption LR, kNN, DT, RF, Evaluation in healthcare Extensive IoT profiling dataset
[50] NB, DNN in healthcare
3 Abd Elaziz et al. Intrusion detection CNN and CapSA Evaluation in healthcare Extensive IoT-healthcare
2023 [51] dataset
4 Liu et al. 2022 [52] Tradeoff between security and energy Deep Reinforcement Deployment and real-time Power consumption features
efficiency Learning (DRL) applications for IoT operation
5 Ho et al. 2022 [53] Data and model security Image-based Deep Mitigation of sophisticated Extensive datasets to validate
Learning adversarial attacks mitigation strategies
6 Sahu et al. 2022 Continuous authentication LSTM Unsupervised methods Extensive IoT profiling dataset
[54] in healthcare
7 Saif et al. 2022 [55] Intrusion detection kNN and DT Deep Learning to identify Extensive IoT-healthcare
patterns dataset
8 Thilagam et al. Access control CNN New policies and real-time Extensive datasets to validate
2022 [56] applications mitigation strategies
9 Unal et al. 2022 Risk assessment Privacy-preserving Mitigation of ML-based threats Extensive IoT-healthcare
[57] ML in IoT applications in healthcare dataset
10 Kumar et al. 2022 Secure data transmission RECC-VC Additional security constraints Multiple features of IoT
[58] security in healthcare
11 Aslam et al. 2022 Attack detection SVM, NB, kNN, LR, Evaluation in healthcare Extensive IoT-healthcare
[59] and RF dataset
12 Ravi et al. 2022 Attack detection RNN Evaluation in healthcare Extensive IoT-healthcare
[60] dataset (malwares)
13 Nandy et al. 2021 Intrusion detection Swarm-NN Personal identity protection in Extensive IoT profiling dataset
[61] healthcare in healthcare
14 Veeramakali et al. Secure transaction and hash value ODLSB Improvements of the proposed Extensive IoT-healthcare
2021 [62] encryption model dataset (malwares)
15 Ahmad et al. 2021 Efficiency in small datasets DNN Use of larger datasets Extensive IoT-healthcare
[63] dataset
16 Anand et al. 2021 Malware detection CNN-DMA Diversity in models and Extensive IoT-healthcare
[64] classification dataset (malwares)
17 Aruna et al. 2021 Attack detection Optimized DBN Simulation tools for IoT in Extensive IoT-healthcare
[65] Healthcare simulation
18 Kathamuthu et al. Secure data transmission Deep Q-learning Deployment of prototype Extensive IoT profiling dataset
2021 [66] in healthcare
19 Rahman et al. 2020 Adversarial attacks mitigation DNN Malware impacts in medical IoT Extensive IoT-healthcare
[67] dataset (malwares)
20 Pirbhulal et al. Authentication and tradeoff between ML-based biometric Comparison with state-of-the-art Extensive IoT-healthcare
2019 [68] security and energy efficiency security methods dataset (malwares)

4. ML-based IoT security in healthcare: Applications
Several contributions present in the literature depict Machine Learn-
ing (ML)-based solutions for IoT Security in Healthcare. Table 2 sum-
marizes such efforts and highlights the main problem faced and the
methods used. Then, we identify future directions and data require-
ments, either considering the authors’ statements or possible extensions
to their works. These research endeavors focus on different problems
in the security ecosystem and use different methods. However, their
future steps rely on multiple extensions of existing datasets. This Sec-
tion classifies these works into the following categories: Intrusion &
Attack Detection, Data Transmission, and Efficiency, Mitigation, and
Assessment.
4.1. Intrusion & attack detection
Saif et al. [55] introduce an Intrusion Detection System (IDS) for
IoT applications (e.g., healthcare) based on the combination of machine
learning and metaheuristic algorithms. The authors focus on anomaly-
based intrusion detection techniques applied to security attacks on
cloud servers. The dataset adopted contains 125,973 samples with
41 features and was used to evaluate the proposed strategy. Several
attack classes were considered and the results showed this method’s
effectiveness. Furthermore, Nandy et al. [61] identify attackers in the
edge-centric IoMT framework using an Empirical Intelligent Agent
(EIA) based on a Swarm-Neural Network (Swarm-NN) method. This
novel Intrusion Detection System (IDS) detects attackers during medical
data transmission through a wireless network.
A new DL model is proposed by Anand et al. [64] to detect malware
attacks in healthcare applications using CNN. The authors focus on
5G-IoT and unfold the discussion of generations and challenges of
healthcare systems and emphasize the importance of confidentiality,
integrity, and authentication in this field. The paper also depicts the at-
tacks tailored to 5G-IoT healthcare environments, focusing on malware
attacks. Experiments showed that the proposed approach presents an
accuracy of 99%.
The efforts presented in [63,65] are dedicated to using DL models to
secure IoT applications in healthcare contexts. The former aims to work
with small datasets efficiently and presents a comprehensive evaluation
of experiments using three small-scale publicly available benchmark
datasets. The latter tackles the challenges related to the Bring Your Own
Device (BYOD) concept in healthcare environments.
In [51], a combination of Deep Learning (DL) and a nature-inspired
optimization method is used as an intrusion detection approach for
cloud and IoT environments. The authors use DL and the Capuchin

65
E.C.P. Neto et al.
Search Algorithm (CapSA) to obtain and select features from the IoT
IDS data. The authors in [59,60] propose solutions for SND-enabled
IoT networks. The former introduces an Adaptive ML-based SDN-
enabled Distributed Denial-of-Services attacks Detection and Mitigation
(AMLSDM) framework, whereas the latter proposes a Gated Recurrent
Unit (GRU)-based approach to detect and classify attacks using a GRU-
based approach in the context of intrusion detection in the SDN-enabled
IoT environment.
4.2. Data transmission
The authors in [66] focus on secure data transmission using a
Deep Q-learning-based Neural Network with Privacy Preservation (DQ-
NNPP). Similarly, in [49], the authors present a Blockchain-
orchestrated Deep learning approach for Secure Data Transmission
(BDSDT) for IoT applications in healthcare. The main focus is to
mitigate the problems related to potential cyberattacks that may be
executed against the connectivity between IoT devices and servers in
a healthcare setting. Then, a Deep Sparse AutoEncoder (DSAE) with
Bidirectional Long Short-Term Memory (BiLSTM) is used to design an
effective intrusion detection system, achieving 99% accuracy in the
evaluation process (CICIDS-2017 and ToN-IoT).
Blockchain-based solutions are also proposed in [52,62]. In both
efforts, the authors propose combinations of blockchain with Deep
Learning (DL)-based methods to improve the overall security of IoT
in healthcare applications while observing specific metrics (e.g., ener-
getic efficiency and secure transactions). Finally, the authors in [58]
proposed the Rooted Elliptic Curve Cryptography with Vigenère cipher
(RECC-VC) centered security to enhance the security of the Internet of
Medical Things (IoMT). Besides, a novel RECC-VC is proposed for se-
cure data uploading to the cloud server. The experiments demonstrated
that the proposed methods outperform existing methods.
4.3. Efficiency, mitigation, and assessment
The authors in [53] review and discuss some potential risks of
several image-based healthcare IoT systems regarding data security.
The rising adoption of IoT technology in healthcare converged in devel-
oping new solutions and methods. In this sense, DNN-based automated
diagnosis has created several possibilities for such systems, although
posing some challenges. Throughout this work, the authors present
many issues on data security in image-based Deep Learning (DL),
e.g., poisoning and evasion attacks. Finally, the authors emphasize the
importance of countermeasures and awareness of the impacts these
threats could cause in IoT-based healthcare applications.
In [54], the authors propose a security system that continuously
authenticates legitimate users in a session, using data and authenti-
cating them using the Long Short-Term Memory (LSTM) classification
technique. In fact, the authors focus on internal IoT attacks rather than
attacks coming from outside the network. The challenge relies on the
fact that internal IoT devices can threaten the system’s security since
an intruder can physically use and impersonate them.
Pirbhulal et al. [68] focuses on developing a novel framework to
protect medical information while observing resource consumption of
low-powered medical devices. This initiative is also powered by ML-
based techniques, targeting intelligent biometric security. The authors
introduce a DL-based privacy preservation mechanism in [56]. With the
primary goal of securing IoT healthcare architecture, the authors collect
user data, separate data points based on sensitivity, and use a Convolu-
tional Neural Network (CNN) alongside a secure access control module.
The authors emphasize that increasing the training set improves overall
performance. In fact, data augmentation can also be helpful.
Privacy is a major concern in IoT security solutions for healthcare
applications. The authors in [57] focus on this issue from different
standpoints. This effort investigates the security risks in healthcare and
66
Computer Communications 213 (2024) 61–77
how machine learning can mitigate them. The authors discuss impor-
tant aspects of privacy-preserving Machine Learning (ML) and how
ML-based attacks can be mitigated. Furthermore, the former focuses
on designing a DL-based privacy-preserving system for IoT-enabled
healthcare.
Moreover, Rahman et al. [67] focus on adversarial attacks and
test different COVID-19 diagnostic methods that rely on DL algorithms
with relevant Adversarial Examples (AEs). The results obtained demon-
strated that DL models remain vulnerable to such attacks when no
defensive mechanism is adopted. This work demonstrates the impor-
tance of deploying specific countermeasures in the IoT topology to
avoid misleading outcomes. Finally, in [50], the authors conduct a
comparative analysis of on-device ML algorithms regarding energy
consumption for intrusion detection in IoT.
5. ML-based IoT security in healthcare: Resources
This Section highlights resources available for developing new IoT
security solutions in healthcare. In this sense, the resources are related
to existing datasets available and how they can be used in different
scenarios.
5.1. Healthcare datasets
In the past few years, there has been an increase in the interest in
datasets comprising IoT traffic [69]. This is due to the rising challenges
in securing current and future operations and the need for intelligent
solutions built using Artificial Intelligence (AI) [70]. Different efforts
have been made to provide the scientific community with realistic
and extensive datasets to foster the development of novel security
applications.
Conversely, IoT devices are dynamic and present different network-
ing behaviors depending on the application [71]. In fact, general-
purpose IoT testbeds can differ from specific applications in many ways
(e.g., requirements, data transmitted, and security capabilities). In this
context, producing a realistic and extensive IoT security dataset for
healthcare applications is challenging due to several factors. For ex-
ample, the requirement of having multiple healthcare devices that are
often expensive and unavailable, the need for a realistic environment
that mimics the topology and operation of hospitals and healthcare
organizations, multiple configurations of interaction between IoT de-
vices and other medical equipment (e.g., multiple protocols), and the
complex reproduction of realistic attacks (e.g., Mirai).
Hady et al. [12] show that the combination of both network and
biometric metrics as features can be beneficial in the context of Intru-
sion Detection Systems (IDS) for IoT in healthcare. Hence, the authors
introduce a new dataset base on this combination to build a proper and
realistic intrusion analysis. In this effort, the authors adopt a testbed
composed of a PM4100 Six Pe Multi-Sensor Board, an Electrocardio-
gram (ECG or EKG), a Blood Oxygen Saturation (SpO2), and a Windows
Laptop (Gateway). Besides, there is also a clear separation of medi-
cal devices, gateway, network, and visualization as subcomponents of
the topology adopted. Concerning the security aspect of this analysis,
the authors execute spoofing and data alteration attacks assuming an
attacker has established a new connection between the server and
the medical gateway. In this case, spoofing may entail confidentiality
violation [72], whereas data alteration may result in wrong treatment,
based on false diagnostics. The dataset shared presented 4.4 MB in
size, 16 318 rows, and 42 features. The authors used several tools to
produce this dataset, e.g., Argus and Scapy. Finally, Machine Learning
(ML) models were used to evaluate IDS capabilities. In this process,
the authors adopted multiple methods, e.g., Random Forest (RF), k-
Nearest Neighbors (kNN), Support Vector Machine (SVM), and Deep
Neural Networks (DNN).
The authors in [73] introduce the ECU-IoHT dataset, considering
an Internet of Health Things (IoHT) environment and having dif-
ferent attacks executed to exploit various vulnerabilities. With the
E.C.P. Neto et al.
growth of the so-called IoHT devices, developing robust countermea-
sures is paramount. In this effort, the authors focus on helping the
healthcare security community in analyzing attack behavior and de-
veloping effective security solutions. To produce realistic IoT traffic,
several devices were used, e.g., Libelium MySignals, Temperature sen-
sor, Blood pressure sensor, Heart rate sensor, Windows 10 laptop, Kali
Linux laptop, wireless network adapter, and Bluetooth Adapter. Then,
several attacks were executed, e.g., reconnaissance (Network scan),
ARP spoofing, Denial of Service (DoS), Smurf, and Script Injection.
The resulting dataset comprises 9 features and 111 207 rows (5.1
MB). Multiple supporting tools were used in the dataset development,
e.g., Argus, nmap, Ettercap, Zenmap, Wireshark, MITMf, and Bettercap.
Finally, the authors present a detailed description of the evaluation
process, which was based on the use of several machine learning
methods (i.e., k-Nearest Neighbors - k-NN, Local Outlier Factor —
LOF, Connectivity-Based Outlier Factor — COF [74,75], approximate
Local Correlation Integral - aLOCI [76], Local Outlier Probability —
LoOP [77], Influenced Outlierness — INFLO [78,79], Cluster-Based
Local Outlier Factor — CBLOF [80], Clustering-based Multivariate
Gaussian Outlier Score — CMGOS [81], Local Density Cluster-Based
Outlier Factor — LDCOF [82], Robust Principal Component Analysis
— RPCA [83,84], Histogram-based Outlier Score — HBOS, One Class
Support Vector Machine — LIBSVM [85,86]) to identify malicious
patterns in the network operation.
Zubair et al. [14] present a dataset for attacks against Internet of
Medical Things (IoMT) networks based on Bluetooth. This effort focuses
on developing a decentralized, predictive, Deep Learning (DL)-based
process to detect malicious network traffic and provide defense against
such attacks in IoMT devices. The authors explore and bring important
insights into the technical details of Bluetooth technology and how it
can be used in a Healthcare application of IoT. The data produced
is based on the use of multiple IoT devices (e.g., SpO2, heart rate,
and ECG) and comprises the execution of several attacks (i.e., DDoS,
Bluesmack, MITM, and DoS), presenting a total size of 2.8 MB, 30 628
rows, and 21 features. Finally, the authors also evaluated different ML
algorithms using the proposed dataset, i.e., Logistic Regression (LR),
Decision Tree (DT), Support Vector Machine (SVM), Random Forest
(RF), Naive Bayes (NB), Isolation Forest (IF), K-Means (KM), Local
Outlier Factor (LOF), and Deep Neural Network (DNN).
A framework to enable the development of context-aware solutions
for IoT security to detect malicious traffic in Healthcare use cases is pro-
posed by Hussain et al. [13]. This initiative is based on IoTFlock, a data
generator approach that enables the development of an IoT use case
including both normal and malicious IoT devices and generating traffic.
Besides, the authors generate an IoT healthcare dataset comprising
normal and IoT attack traffic. Then, ML techniques are trained to detect
cyber-attacks and protect IoT healthcare systems. This dataset, namely
ICU and comprising 52 features and 188 694 rows (107.8 MB), used a
range of IoT devices in the healthcare context: Air Humidity Sensor, Air
Temperature Sensor, CO Sensor, Fire Sensor, Smoke Sensor, Barometer,
Solar Radiation Sensor, Remote Electrocardiogram (ECG) monitoring,
Infusion Pump, Pulsoximeter (SPO2), Nasal/Mouth AirFlow Sensor,
Blood pressure monitor Sensor, Glucometer, Body Temperature Sensor,
Electromyography (EMG) Sensor, and Galvanic skin response (GSR)
Sensor. There is also a variety in the attacks executed, including MQTT
DDoS, MQTT publish flood, brute force, and SlowITE.
Finally, the authors in [87] focus on a protocol widely adopted in
industrial healthcare systems called IEC 60 870-5-104. Due to the lack
of available datasets for this protocol, the authors introduce a new IEC
60 870-5-104 intrusion detection dataset. Then, an Intrusion Detection
and Prevention System (IDPS) is proposed to discriminate and mitigate
cyberattacks, leveraging ML and Software-Defined Networking (SDN)
capabilities. Several attacks are performed against an Industrial Health-
care equipment testbed, including Man-In-The-Middle, Capturing and
Dropping, Traffic sniffing, Counter Interrogation, Single Command, Set-
point, Read command, Reset command, and DoS. This dataset presents
67
Computer Communications 213 (2024) 61–77
3 775 534 rows and 203 features (1810 MB), which were extracted
using CICFlowMeter [88] and an adapted parser. Finally, several ML
techniques were used in the evaluation process.
Table 3 summarizes and compares the datasets reviewed in this
section, highlighting testbeds, goals, attacks, tools, ML methods used,
and dataset specifications.
Moreover, the WUSTL EHMS [12] and ECU-IoHT [73] datasets
can be considered realistic datasets, and network flow and biometrics
information are used to create realistic intrusion analysis. This dataset
contains real devices such as PM4100 Six Pe Multi-Sensor Board, and
Libelium MySignals. PM4100 Six Pe Multi-Sensor Board is a Medical
Expo product that senses a patient’s biometric data using a series of
sensors attached to their body. The board has four sensors; Electrocar-
diogram (ECG or EKG) sensor, Blood Oxygen Saturation (SpO2) sensor,
a temperature sensor and the blood pressure sensor; however, this
dataset utilizes one device [12]. Libelium MySignals is a healthcare
kit that provides a development platform for eHealth applications
and medical devices. The MySignals kit includes several components
and multiple sensors, such as a Temperature sensor, Blood pressure
sensor, and Heart rate sensor, which can be used to monitor various
biometrics [73].
The BlueTack dataset [14] is an intrusion detection dataset for Blue-
tooth classic and Bluetooth low energy (BLE), it is a Bluetooth-based
attacks against IoMT networks. they developed a Bluetooth (BR/EDR
and BLE) dataset using realistic traffic generated using the smart health-
care testbed. In this dataset, three real IoMT devices utilizing, which
were easily available in the market (SpO2, heart rate, and ECG), which
operated wirelessly.
In ICU dataset [13], devices are categorized into two groups, envi-
ronmental monitoring devices and patient monitoring devices. Environ-
mental monitoring devices utilized for maintaining a good environment
in the ICU are; Air Humidity Sensor, Air Temperature Sensor, CO Sen-
sor, Fire Sensor, Smoke Sensor, Barometer and Solar Radiation Sensor.
Patient monitoring devices are Remote Electrocardiogram (ECG) mon-
itoring, Infusion Pump, Pulsoximeter (SPO2), Nasal/Mouth AirFlow
Sensor, Blood pressure monitor Sensor, Glucometer, Body Temperature
Sensor, Electromyography (EMG) Sensor and Galvanic skin response
(GSR) Sensor. It can be considered as realistic as many real devices
analyzed.
IEC dataset [87] was constructed utilizing three main components
which are: (1) seven VMs with IEC-Test Server representing the field
devices, (2) a VM with Qtester104 playing the role of a human–
machine interface, and (3) three VMs equipped with Metasploit, Open-
MUCj60870, and Ettercap representing the cyber attackers.
5.2. Supplementary resources
A combination of several features used is listed in Tables 4 and
5. These attributes can be categorized into multiple categories, as
illustrated in Fig. 2. Device Identification features provide information
about the IoT entities involved in the particular data flow, assuming
the roles of source and destination devices. All datasets use them since
future work can easily filter the data in order to perform analysis on
single or specific devices. These features are presented in different
formats, depending on factors such as the protocol used. Examples of
such features are Source and Destination IP and MAC addresses.
Connection features refer to the description of how communication
is established among devices and how it can be used. As these features
refer to higher-level protocols, they are vital aspects of these datasets
since they can help identify different services and applications running
through the IoT network. Examples are source port and destination
port. Additional Info describes special information that can be useful
for certain applications. In some cases, it may require Natural Lan-
guage Processing (NLP) techniques to extract insights automatically.
For example, the ECU-IoHT dataset [73] provides a feature named 𝑖𝑛𝑓 𝑜,
which is available through Wireshark exports [89]. Quality of Service
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

Table 3
Summary of datasets for IoT security in healthcare.
Dataset Testbed Goal Total size Total size Attacks Tools ML models Number of
(MB) (rows) features
1 WUSTL PM4100 Six Pe To demonstrate that 4.4 16 318 Spoofing and Argus, RF, 42
EHMS [12], Multi-Sensor Board, utilizing both network Data alteration Scapy KNN,
2020 Electrocardiogram and biometric metrics SVM,
(ECG or EKG), as features yields ANN
Blood Oxygen superior results
Saturation (SpO2), compared to relying on
Windows Laptop (Gateway) just one type of feature
2 ECU-IoHT Libelium MySignals, Assist in improving 5.1 111 207 Network scan, Argus, KNN, LOF, 9
[73], 2021 Temperature sensor, healthcare security by ARP spoofing, nmap, COF, aLOCI,
Blood pressure sensor, analyzing attack DoS, Ettercap, LoOP, INFLO,
Heart rate sensor, patterns and developing Smurf, Zenmap, CBLOF, CMGOS,
Windows 10 laptop, effective strategies to Script Injection Wireshark, LDCOF, RPCA,
Kali Linux laptop, prevent them MITMf, HBOS, LIBSVM
wireless network adapter, Bettercap
Bluetooth Adapter
3 BlueTack SpO2, Protect IoMT devices 2.8 30 628 DDoS, Python LR, DT, 21
[14], 2022 heart rate, from network attacks Bluesmack, Libraries SVM, RF,
and ECG through a MITM, NB, IF,
comprehensive defense and DoS KM, LOF,
system DNN
4 ICU [13], Air Humidity Sensor, To allow researchers to 107.8 188 694 MQTT DDoS, Wireshark, NB, KNN, 52
2021 Air Temperature Sensor, develop IoT security MQTT publish tshark, RF, AB,
CO Sensor, solutions in Healthcare. flood, Python LR, DT
Fire Sensor, brute force, Libraries
Smoke Sensor, and SlowITE
Barometer,
Solar Radiation Sensor,
Remote Electrocardiogram
(ECG) monitoring,
Infusion Pump,
Pulsoximeter (SPO2),
Nasal/Mouth
AirFlow Sensor,
Blood pressure
monitor Sensor,
Glucometer,
Body Temperature Sensor,
Electromyography (EMG)
Sensor,
Galvanic skin
response (GSR) Sensor
5 IEC [87], Industrial Healthcare To provide data and 1810 3 775 534 MITM, CICFlowMeter, LR, LDA, 203
2021 equipment, security solutions Traffic Sniffing, TCPDump, QDA, DT,
SDN Switch for the DoS, Scikit-learn, NB, SVM,
IEC 60 870-5-104 Unauthorized Ryu DNN, RF,
protocol Access AB, Suricata

Table 4
Features used in the datasets (Part I).
Feature Description Feature Description Feature Description Feature Description
SrcAddr Source Address No. Packets Count tcp.connection. Connection reset DstMac Destination MAC
rst (RST) address
DstAddr Destination Time Time since the tcp.connection. Connection establish Packet_num Packet Counter
Address beginning of the capture sack acknowledge
(SYN+ACK)
Sport Source Port Source Source Address tcp.connection. Connection establish Temp Temperature
syn request (SYN)
Dport Destination Port Destination Destination Address tcp.flags.ack Acknowledgment SpO2 Peripheral Oxygen
Saturation
SrcBytes Source Bytes Protocol Protocol Used tcp.flags.fin Fin Pulse_Rate Pulse Rate
DstBytes Destination Bytes Length Packet Size tcp.flags.push Push SYS Systolic Blood Pressure
SrcLoad Source Load Info Additional Information tcp.flags.reset Reset DIA Diastolic Blood Pressure
DstLoad Destination Load Type Indicates if packet is tcp.flags.syn Syn Heart_rate Heart Rate
Benign or Malicious
SrcGap Source Missing Type of attack Identifies the Attack tcp.flags.urg Urgent Resp_Rate Respiration Rate
Bytes executed

(continued on next page)

68
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

Table 4 (continued).
Feature Description Feature Description Feature Description Feature Description
DstGap Destination Frame_length_stored_ Frame Length of the tcp.hdr_len Header Length ST ECG ST Segment
Missing Bytes into_the_capture_ captured file
file_per_100 ms
SIntPkt Source Inter Length_per_ 100 ms Length of the Bluetooth tcp.payload TCP payload frame.time_ Time elapsed between
Packet logical link control and relative the first packet and the
adaptation protocol current packet
(btl2cap)
DIntPkt Destination Inter L2CAP_count_ Logical link control tcp.pdu.size PDU Size frame.len Length
Packet per_100 ms adaption protocol
(L2CAP)
SIntPktAct Source Active HCI_ACL_count_ HCI asynchronous tcp.window_size_ Window Size ip.src Source IP
Inter Packet per_100 ms connectionless link value
(ACL), it is a
transmission link for
data communication.
DIntPktAct Destination Active HCI_CMD_count_ HCI command (CMD), it tcp.checksum Checksum ip.dst Destination IO
Inter Packet per_100 ms helps the host with the
controlling ability of the
link layer connection
with other
Bluetooth-enabled
devices.
SrcJitter Source Jitter HCI_EVT_count_ Host control interface mqtt.clientid Client ID tcp.srcport Source Port
per_100 ms (HCI) Event (EVT)
protocol. In HCI_EVT,
various activities are
defined as page scans or
inquiries
DstJitter Destination Jitter Received_count_ Indicates the direction mqtt.clientid_len Client ID Length tcp.dstport Destination Port
per_100 ms (dir) of the received
packets in the
communication, from
point-to-point (P2P)
(source to destination or
vice-versa)
sMaxPktSz Source Maximum Sent_count_per_ 100 This feature indicates mqtt.conack.flags Acknowledge Flags tcp.flags Flags
Transmitted ms the direction of the sent
Packet Size packets in the
communication, from
P2P (source to
destination or
vice-versa).

Table 5
Features used in the datasets (Part II).
Feature Description Feature Description Feature Description Feature Description
dMaxPktSz Destination Minimum ACL_Data_count_ ACL transmission link mqtt.conack.val Return Code tcp.time_delta Time since previous
Transmitted Packet per_100 ms for the data frame in this TCP
Size communication. stream
sMinPktSz Source Maximum HCI_Evnt_count_ Host controller mqtt.conflag. Password Flag tcp.len TCP Segment Len
Transmitted Packet per_100 ms interface (HCI). Various passwd
Size HCI events are defined
on this layer, such as
inquiry, and complete
the event to the page
scan.
dMinPktSz Destination Minimum Unknown_count_ It describes the role of mqtt.conflag.qos QoS Level tcp.ack Acknowledgment
Transmitted Packet per_100 ms the unknown devices Number
Size
Dur Duration Master_count_ per_100 This feature candidate mqtt.conflag. (Reserved) mqtt.retain Retain
ms describes the role of reserved
the master devices
Trans Aggregated Packets Slave_count_ per_100 This feature candidate mqtt.conflag. Will Retain mqtt.topic Topic
Count ms describes the role of retain
the slave devices.
TotPkts Total Packets Count Destination_BDADDR_ BD_ADDR of the mqtt.conflag. Will Flag mqtt.topic_len Topic Length
count_per_100 ms destination devices. willflag

(continued on next page)

69
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

Table 5 (continued).
Feature Description Feature Description Feature Description Feature Description
TotBytes Total Packets Bytes Source_BDADDR_ BD_ADDR of the source mqtt.conflags Connect Flags mqtt.ver Version
count_per_100 ms devices.
Load Load Read_RSSI_count_ Subcommand of the mqtt.dupflag DUP Flag mqtt.willmsg_ Will Message Length
per_100 ms channels. Counted the len
RSSI.
Loss Retransmitted or Read_Tx_Power_Level_ Power transmission mqtt.hdrflags Header Flags ip.proto Protocol
Dropped Packets count_per_100 ms level of the signal
label Indicates if it is Read_Link_Quality_ Link quality of the mqtt.kalive Keep Alive ip.ttl Time to Live
Benign or Malicious count_per_100 ms transmission link.
Traffic
pSrcLoss Percentage of Source Command_Complete_ Command complete mqtt.len Msg Len class Indicates if it is an
Retransmitted or count_per_100 ms while transmitting the Attack,
Dropped Packets data. patientMonitoring,
or environmentMon-
itoring
pDstLoss Percentage of Disconnect_complete_ Disconnect complete in mqtt.msg Message label Indicates if it is
Destination count_per_100 ms the transmission Benign or Malicious
Retransmitted or process. Traffic
Dropped Packets
Rate Number of Packets Label Indicates if the traffic mqtt.msgtype Message Type tcp.connection. Connection finish
per Second is Benign or Malicious fin (FIN)
SrcMac Source MAC address pLoss Percentage of frame.time_ Time since the mqtt.qos QoS Level
Retransmitted or delta previous packet
Dropped Packets was captured

Fig. 2. Feature categories in IoT healthcare datasets.

(QoS) relies on the quality of the communication established. In fact,
abnormal communication patterns can present unusual QoS aspects,
highlighting the importance of these features for different datasets.
Examples of QoS features are loss (and percentage of loss) and jitter.
Moreover, Flags indicate the presence or absence of particular char-
acteristics to the traffic. Flags are paramount to identify the current
configuration of the communication established and can be adapted
to the protocol used. Examples of flags are TCP flags (i.e., ACK, FIN,
PUSH, RESET, SYN, and URG). Furthermore, temporal dependencies are
critical to detect and mitigate malicious activities in IoT and health-
care. For different protocols, temporal features include insights such as
the interval between packets, interval since the communication was
established, and duration. Examples of temporal-related features are
Duration, Time Delta, and Time Relative. To successfully execute cyber
attacks, malicious actors can manipulate the network traffic in different
ways. In fact, healthcare-based features can be useful for detecting

70
E.C.P. Neto et al.
Fig. 3. Major attacks against IoT in health from the CIA (Confidentiality, Integrity, Availability) perspective.
abnormal patterns in traffic and help to detect and mitigate attacks. In
this sense, healthcare-specific features (e.g., Pulse Rate, Resp Rate, and
SYS) are important to consider in an IoT Healthcare dataset. Finally,
Traffic Identification features refer to the traffic labeling that identifies
if a particular sample belongs to a benign or malicious stream. These
features are used by supervised ML methods since they distinguish
traffic classes and enable the identification of underlying patterns for
each category. Examples of these features are label, type of attack, and
class.
Moreover, several attacks threaten IoT operations in healthcare.
Fig. 3 illustrates major attacks from the CIA (Confidentiality, Integrity,
Availability) perspective.
In this context, there are general attacks, e.g., Spoofing [90],
Scan [91], DoS [92], DDoS [93], Man-In-The-Middle (MITM) [94], and
Brute Force [95].
Additionally, there are attacks that consider the application aspects.
Data Alteration is intentionally or unintentionally changing, modifying,
or manipulating information in a data set. It can have significant
consequences on the data’s accuracy, dependability, and usefulness.
Data alteration may happen at any point in the data lifecycle, including
data collection, processing, storage, or transmission. It could be caused
by various factors such as human error, system failure, or malicious
attacks. To ensure data integrity, appropriate measures must be taken
to detect, prevent, and correct data alteration [96]. Furthermore, a
Smurf attack is a type of cyber attack that inundates a targeted server
by using Internet Control Message Protocol (ICMP) requests that appear
to come from a fake Internet Protocol (IP) address. The ICMP is a
protocol normally used by network devices, such as routers, to report
on the status of requests they send or receive. Smurf attacks can have
serious consequences, as the large traffic volume can consume all
available bandwidth and prevent legitimate traffic from reaching its
destination [97].
Script injection relies on an injection attack that exploits vulnera-
bilities in software applications to execute unauthorized code or com-
mands. The attack aims to access sensitive information, such as login
credentials or financial data. Script injection attacks, or cross-site script-
ing (XSS) attacks, are security vulnerability that allows attackers to
inject malicious code into a website or web application that other
users view [98]. Additionally, Bluesmack is a Bluetooth-based attack
that targets mobile devices, such as smartphones and tablets, and is
designed to disrupt Bluetooth connections. The attack is performed by
sending a series of malformed packets to the target device, which causes
it to crash or reboot. The name ‘‘Bluesmack’’ derives from the fact
that the attack is similar to a denial-of-service (DoS) attack, specifically
targeting Bluetooth devices [99].
71
Computer Communications 213 (2024) 61–77
MQTT DDoS is a type of Distributed Denial of Service (DDoS)
attack that targets the MQTT (Message Queuing Telemetry Transport)
protocol. MQTT is a popular lightweight messaging protocol used for
IoT devices and is designed to be efficient in low-bandwidth, high-
latency environments. In an MQTT DDoS attack, multiple compromised
IoT devices are used to flood the MQTT broker with a large volume
of messages, overwhelming the server and causing it to become un-
available to legitimate users. This attack can significantly disrupt IoT
devices relying on the MQTT communication protocol [100]. There-
upon, MQTT flood refers to a type of cyber attack that targets the MQTT
(Message Queuing Telemetry Transport) protocol by flooding it with
a high volume of traffic. In an MQTT flood attack, an attacker floods
the MQTT broker with many messages, overwhelming the server and
causing it to become unresponsive or crash. This type of attack can
significantly disrupt IoT devices that rely on the MQTT protocol for
communication [101].
The SlowITE attack falls under the Slow Denial of Service (SDA)
attacks, aimed explicitly at the MQTT protocol. This attack uses a low-
rate strategy, typical of other types of slow DoS threats. In a SlowITE
attack, the attacker sends traffic that appears to be legitimate but is
designed to consume resources on the targeted devices gradually. This
attack can cause the devices to become unresponsive, allowing the
attacker to carry out further attacks or bypass security measures [102].
Finally, Sniffing is the process of sniffing is a crucial technique used
by attackers to gather information on potential vulnerabilities within a
network, its devices, protocols, and applications that can be exploited.
This technique involves passively analyzing the traffic that flows within
the network. Since this activity is passive, it is challenging to detect it.
Traffic sniffing can be accomplished using specialized software, often
called a packet sniffer or network analyzer, which allows an attacker
to capture and analyze data packets as they pass through a network.
This technique can be especially effective when network traffic is not
encrypted or weak encryption methods are used [103].
Finally, the process of generating, collecting, and analyzing IoT
traffic in healthcare applications is supported by several techniques and
frameworks. Table 6 lists several tools used in this process, whereas
Table 7 depicts various Machine Learning (ML) and Deep Learning
(DL) techniques used in different IoT security solutions in healthcare
applications.
Several solutions have been produced regarding using Machine
Learning (ML) and Deep Learning (DL) to mitigate attacks against IoT
Operations in Healthcare. The authors in [148] use deep recurrent neu-
ral network (DRNN) and supervised machine learning models (random
forest, decision tree, KNN, and ridge classifier) to detect cyber attacks
E.C.P. Neto et al. Computer Communications 213 (2024) 61–77

Table 6
Tools used to generate and collect IoT data in healthcare applications.
Tool Description
Argus Network audit tool designed to constantly monitor and analyze live network traffic [104]
Scapy Network packet manipulation tool that enables users to send, receive, and capture network packets at the packet level [105]
Nmap Network exploration, management, and security auditing with a focus on identifying hosts and services present in a computer network and creating a
visual map of the network topology [106]
Ettercap It can be used to enhance network security by detecting and preventing man-in-the-middle (MitM) attacks, password sniffing, and network traffic
analysis [107]
Zenmap Network exploration, management, and security auditing tool that provides an easy-to-use interface to Nmap [108].
Wireshark Network protocol analyzer that allows users to capture and analyze network traffic in real-time [109]
MITMf Tool used for performing Man-in-the-Middle (MitM) attacks that allows an attacker to intercept and manipulate network traffic between two parties
[110]
Bettercap Tool for network monitoring, manipulation, and injection [111]
CICFlowMeter Network traffic analysis tool used to monitor and analyze traffic passing through a network link or interface [112]
TCPDump Command-line tool used for network packet capture and analysis [113]
Ryu Software framework that provides a platform for developing Software-Defined Netwroks (SDN) applications [114]
Tshark Command-line network protocol analysis tool that captures and analyzes network traffic [115]

Table 7
Machine Learning (ML) and Deep Learning (DL) methods used in different IoT security solutions in healthcare applications.
Method Description
Random Forest (RF) This technique involves using a set of un-pruned classification or regression trees that are generated using random samples from the training
data. In addition, random combinations of features are utilized during the process, and the ultimate predictions are determined by using the
combined results of the group [116,117].
k-Nearest Neighbors Straightforward instance-based technique operates by assessing the distance between training examples in the feature space that produces
(kNN) classifications using measures of similarity between two instances (or categories) [118–120]
Support Vector Prediction tool that maximizes predictive accuracy while avoiding overfitting. SVMs rely on the use of high-dimensional feature spaces and
Machine (SVM) assign training examples to points to optimize the gap between different categories [121–123]
Local Outlier Factor By analyzing the variation in the density of data points within a specific dataset, anomaly detection by considering outliers the samples
(LOF) presenting low-density [124,125]
Histogram-based Technique that assumes independence of the features [126] to calculate outlier scores through the creation of normalized univariate feature
Outlier Score (HBOS) histograms. The calculated values show anomalies as high score outputs while normal instances have a low score output [127]
Logistic Regression (LR) One approach involves analyzing a group of variables to determine the likelihood of a data point fitting into a specific category. This method,
known as logistic regression (LR), has proven successful in various studies due to its straightforwardness [128,129]
Decision Trees (DT) Classification technique that logically combines a sequence of simple tests [130] and defines hierarchical features thresholds encoded as a tree.
Ultimately, these thresholds define the classes of instances in the classification process [131]
Naive Bayes (NB) Method based on Bayes’ rule assuming that the features, given a specific class, are conditionally independent [132]. Regardless of the
violations of this assumption, this method often yields competitive classification performance [133]
Isolation Forest (IF) This anomaly detection algorithm separates instances using random features and split values, and assigns higher scores to instances with fewer
splits to be isolated [134,135]
K-Means (KM) Clustering method involves the division of data points into k clusters [136], classification of instances is determined by their proximity to the
cluster mean. The primary objective of this approach is to minimize dissimilarities among clusters. ‘‘.’’ [137]
AdaBoost (AB) Algorithm based on the combination of various weak classifiers [138] and adopting a weighted sum to estimate final outputs [139]. The main
concept involves enhancing wrongly classified data points during the training phase to reinforce and improve the accuracy of future classifiers.
Deep Neural Networks This highly effective method relies on processing units divided into multiple layers [140] connected to synaptic weights to yield the result of
(DNN) an activation function [141]. The goal of DNN is to frame a given problem into a function approximation problem that maps the inputs
(features) to the outputs, targeting the estimator error reduction [142]
Recurrent Neural This architecture relies on feedback connection and memory to enable information flow and temporal processing. It has been successfully used
Networks (RNN) in different efforts focussed on detecting patterns in sequences [143,144].
Convolutional Neural Designed for organizing information in a grid-based format, this structure commonly comprises convolutional, pooling, and fully connected
Networks (CNN) layers [145,146]. Throughout the process, the convolutional layers ascertain crucial features, the pooling layers simplify the complexity related
to these features, and the fully-connected layers generate classificationslayers [147]

in IoT operations in the healthcare environment. The authors also
employ the Particle Swarm Optimization (PSO) technique for Feature
Selection (FS) and extensively discuss the results obtained. In [149], the
authors present a cyber attack detection system using Deep Learning.
Several attacks are considered (e.g., ARP Spoofing, DoS, Port Scan,
and Smurf) in the context of IoT in healthcare. The authors use the
ECU-IoHT dataset to identify these four classes alongside benign traffic
and indicate that the proposed system can used in a real-time IoHT
environment in future works.
The authors in [150] propose a framework to store the collected IoT
data in healthcare and to detect attacks using quantum deep learning.
This effort is focused on privacy and uses the WUSTL-EHMS-2020 and
ICU datasets, considering multiple attacks (e.g., MQTT publish flood,
MQTT authentication bypass attack, MQTT packet crafting attack, and
COAP replay attack). The authors highlight key parameters used in the
experiments to enable reproducibility.
Lahmadi et al. [151] investigate how machine learning can be used
to detect Man-in-the-Middle (MitM) attacks against BLE (Bluetooth Low
Energy) devices. The authors combine supervised and unsupervised
techniques and use a well-described set of parameters and the trans-
formation process of time series into training samples. The confusion
matrix presented depicts that the proposed approach is highly accurate
with promising results, enabling new research efforts to be considered
in the future (e.g., DoS detection). Furthermore, the authors in [152]
use Deep Learning to detect multiple cybersecurity attacks (e.g., DoS,
malevolent operation, data type probing, spying, scanning, brute force,

72
E.C.P. Neto et al.
and web attacks) with results that outperform many state-of-the-art
methods for IoT security. In fact, the main focus of this effort is on the
Industrial Internet of Things (IIoT), and many configurations are tested.
For example, multiple activation functions are considered (e.g., ReLU,
sigmoid, tanh, softplus, softsign, SELU, and SReLU). Finally, the au-
thors indicate that evaluating the proposed approach with other IoT
devices is considered in the scope of future directions. Similarly, the
authors in [14] use Deep Learning (DL) to protect edge nodes of
the smart healthcare IoMT system while considering several attacks
(e.g., Bluesmack, DoS, DDoS, and BLE-based attacks).
5.3. Attacks against IoT operations in healthcare
Authors in the WUSTL EHMS dataset [12] used Man-in-the-middle
cyber-attacks to create a dataset of over 16,000 records of normal and
attacked healthcare data. The proposed system applies various machine
learning techniques to train and test the dataset against cyber attacks.
The results indicate that the performance has enhanced by 7% to 25%
in certain cases. This demonstrates the effectiveness and robustness
of the system in detecting intrusions accurately. Four ML methods
have been selected for attack detection: Random Forest (RF), K-Nearest
Neighbor (KNN), Support Vector Machine (SVM), and Artificial Neural
Networks (ANN). A Kali-Linux-based computer is used to simulate
dangerous scenarios in healthcare monitoring systems by initiating
attacks on the system. During network transmission, biometric data
of a patient can be spoofed and altered, leading to potential security
breaches. To execute the attack, the system uses a man-in-the-middle
(MITM) technique, where the attacker acts to be a router, intercepts,
spoofs or alters packets, and shifts them to the server. Spoofing attacks
can cause a breach of confidentiality and privacy in healthcare systems
as attackers intercept packets. However, data alteration attacks can
compromise patient data when the attacker changes information that
has been redirected from the gateway computer. This can severely harm
the patients as they may get inaccurate treatment based on wrong
diagnostics due to the attacker’s modifications.
The medical IoT gateway is responsible for transmitting patient
information to medical professionals. However, this process can also
create a potential security risk. Attackers can manipulate information
by targeting the gateway before it reaches the healthcare provider.
Additionally, attackers can launch DoS/DDoS or MITM attacks that
may result in manipulated or unavailable information. Authors of [14]
released the BlueTack dataset to test Bluetooth-based attacks on IoMT
networks. They also developed an intrusion detection method using
deep learning techniques based on this dataset. The BlueTack dataset
contains various attacks against Bluetooth BR/EDR or classic Bluetooth
protocols, including DDoS, Bluesmack, DoS and other similar attacks
like DDoS and MITM attacks on the BLE protocol. These attacks are
harmful and potentially endanger the patient’s life. The dataset can be
used to train an IDS model to recognize DoS, DDoS, and Bluesmack
attacks on medical IoT devices that utilize Bluetooth. Different vulner-
abilities enable intruders to conduct a broad range of attacks, such as
denial of service (DoS), distributed denial of service (DDoS), man-in-
the-middle (MITM), data leakage, and spoofing. These attacks can cause
harm to patients who are in transit by ambulance or at a hospital, as
well as lead to system resource unavailability.
In their study published as the ICU dataset [13], the authors cre-
ated an IoT healthcare dataset that contained both normal and IoT
attack traffic. They then utilized various machine learning techniques
to analyze the generated dataset and identify cyber-attacks in order
to safeguard the healthcare system against them. The authors also
established an invader network comprising ten attacking devices that
carried out four types of attacks: MQTT distributed denial-of-service,
MQTT publish flood, brute force, and SlowITE attack. Ensuring the
security of IoT healthcare systems is of utmost importance, as any
security breach or cyber-attack can severely impact human life and
sometimes lead to death. In light of this, the authors have proposed
73
Computer Communications 213 (2024) 61–77
a comprehensive framework for developing IoT context-aware secu-
rity solutions. This framework aims to detect any malicious traffic in
IoT healthcare environments, thereby enhancing the security of these
systems.
The healthcare industry has been embracing digitization, and the
Internet of Medical Things (IoMT) has been playing a crucial role in this
regard. However, the legacy healthcare systems are quite vulnerable
to cyber attacks, which puts the security of healthcare data at risk.
To address this issue, the IEC dataset [87] can be used to moni-
tor and control the electrical operations of healthcare infrastructure,
including substations. The authors conducted an analysis of various
types of cyberattacks, including MITM, Traffic Sniffing, DoS, and unau-
thorized access attacks. A cyberattack using IEC 60 870-5-104 on a
substation that supports healthcare infrastructure can have disastrous
consequences, including fatal accidents. Therefore, the healthcare and
energy sectors are interdependent and are both vulnerable to IEC 60
870-5-104 cyberattacks. The healthcare sector widely adopts the IEC
60 870-5-104 protocol in their industrial systems.
6. Opportunities and open challenges
Developing new security strategies for IoT operations in healthcare
is pivotal for society nowadays. A fundamental resource for such ini-
tiatives relies on the design and production of novel datasets. Based on
the insights depicted in Sections 4 and 5, the main open challenges to
be tackled in the next few years are illustrated in Fig. 4 and described
in this Section.
6.1. Operational diversity
Real IoT operations comprise hundreds of devices. In fact, in a
healthcare environment, there are several devices for different treat-
ments and monitoring applications, remote connections, and data trans-
ferring. The development of a dataset based on a topology that repli-
cates a real-world topology will enable solutions to be more accurate
and more deployable. Conversely, this endeavor entails the acquisition
of several devices, which demand a financial investment. Thereupon,
building an IoT lab focussed on healthcare applications and collecting
data from internal and external transactions will contribute to the
scientific community towards building a more secure IoT landscape
in healthcare applications. Furthermore, most datasets are focused
on networking features. These critical attributes provide insights into
advanced models and enable the detection of malicious activities. In
addition, future datasets need to include healthcare-specific attributes
to describe the overall system behavior. Engineering new features
can be valuable since anomalies can be detected meaningfully and
domain knowledge can play an important role in operational security.
Conversely, there are challenges to address, e.g., the trade-off between
feature engineering and privacy preservation.
6.2. Threats against IoT operation in healthcare systems
In a realistic scenario, malicious actors can target the system opera-
tion and multiple attacks can be executed. General-purpose IoT datasets
provide data on different types of attacks (e.g., DDoS, spoofing, and
Mirai) and have been used in many security solutions. Thereupon,
future datasets should consider including multiple attacks against these
devices. This would enable researchers and developers to better their
approaches towards more secure operations. In fact, these attacks can
include traditional threats but also consider healthcare-specific threats,
compromising required constraints in this area (e.g., privacy).
Some efforts have focused on analyzing malware in networks [153,
154]. In healthcare, malware can be tailored to exploit specific vul-
nerabilities and affect the devices’ operation (e.g., control and device
status). Future datasets should also concern existing and new malware
threats affecting healthcare systems. Besides, data collection from nor-
mal operations and operations under the execution of such threats
would enable the development of new solutions to foster IoT security.
E.C.P. Neto et al.
Fig. 4. Major open challenges in the context of IoT security datasets in healthcare.
6.3. Iot operational behavior in healthcare systems
Some applications reviewed in this research target the trade-off
between security and resource usage (e.g., power consumption). In
addition to all the security aspects described in this section (e.g., attack,
vulnerabilities, malware, and profiling), data describing the status of
the overall device is also important in future endeavors. These metrics
may include power, memory usage, processing levels, and response
time.
Moreover, the authors in [54] emphasize the importance of protect-
ing healthcare systems from internal attacks. In this sense, it can be
challenging to identify abnormal behaviors from internal connections
throughout the network. Building IoT profiling datasets in healthcare
is necessary to provide security solutions with communication pat-
terns and behavior patterns of different device types and categories.
Indeed, this requirement also relies on producing an extensive and
realistic dataset. However, the experiments and procedures to collect
data should be tailored to profiling.
IoT profiling is a research problem focused on the standard com-
munication of IoT devices and involves the understanding of underly-
ing communication patterns [155–157]. The analysis of IoT features,
profiling, and behavioral aspects in IoT-based attacks, and how ML
techniques can detect anomalous behaviors are topics to be further
explored in future works.
6.4. Reproducibility
IoT devices are used in healthcare environments with several differ-
ent goals. Multiple sensors and actuators produce data and communi-
cate with other general-purpose IoT devices and processing infrastruc-
tures (e.g., edge serves). However, including all these aspects is an open
challenge for several reasons. Future datasets should include various
devices from different types (e.g., healthcare and general purpose)
connected to represent a real operation. One possible approach that
can be considered relies on replicating a real healthcare IoT application
with the same (or similar) devices and topology. This would foster the
development of new solutions and support the validation of current
solutions before deployment.
Finally, there has been an increasing concern regarding the secu-
rity of data transmission of IoT applications in healthcare. The data
transferred from devices to other systems (e.g., edge servers) has been
demonstrated to suffer from privacy issues that can compromise the
adoption of these new technologies. Future datasets focussed on such
communications can contribute to improving IoT security, make data
74
Computer Communications 213 (2024) 61–77
transfer secure and efficient, and foster the development of policies and
standards;
Thereupon, these challenges can lead to greater opportunities re-
garding IoT datasets in healthcare applications. Firstly, establishing
an extensive testbed is an important constraint of future efforts. This
also enables the collection and analysis of multiple descriptive features.
Secondly, the topologies considered should mimic a real scenario, in-
cluding connections and data transmission. Another paramount aspect
relies on designing strategies to execute various attacks and behavioral
experiments towards IoT profiling. Finally, the interaction of such
devices should be analyzed based on malicious aspects (e.g., malware)
and operational constraints (e.g., operational metrics).
7. Conclusion and future works
Nowadays, IoT is becoming more present across multiple industries
and enabling the development of new solutions. There have been
several efforts to use this technology in healthcare, and new solutions
are expected to further enhance the existing systems in the next few
years. This research presented a literature review of Machine Learning
(ML) solutions for IoT security in healthcare. The main focus was on
existing datasets, resources, applications, and open challenges. Finally,
the current landscape of datasets for IoT security in healthcare was
depicted and immediate and long-term requirements for future datasets
were highlighted. Future work should consider multiple devices, mul-
tiple descriptive features, and different attacks. In the long term, there
is a need to investigate attacks tailored to the operation of such devices
in the healthcare domain. Besides, an in-depth analysis of how realistic
testbeds can be replicated is a pillar for profiling, malware analysis,
further integrations, and collection of operational metrics.
Declaration of competing interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared to
influence the work reported in this paper.
Data availability
No data was used for the research described in the article.
Acknowledgments
The authors would like to thank the Canadian Institute for Cyberse-
curity (CIC) for financial and educational support. This project was also
supported partly by collaborative research funding from the National
Research Council Canada’s Artificial Intelligence for Logistics Program.
E.C.P. Neto et al.
References
[1] K. Rose, S. Eldridge, L. Chapin, The internet of things: An overview, Internet
Soc. (ISOC) 80 (2015) 1–50.
[2] L. Tan, N. Wang, Future internet: The internet of things, in: 2010 3rd Interna-
tional Conference on Advanced Computer Theory and Engineering (ICACTE),
Vol. 5, IEEE, 2010, pp. V5–376.
[3] F. Yang, S. Wang, J. Li, Z. Liu, Q. Sun, An overview of internet of vehicles,
China Commun. 11 (10) (2014) 1–15.
[4] B. Kaur, S. Dadkhah, F. Shoeleh, E.C.P. Neto, P. Xiong, S. Iqbal, P. Lamontagne,
S. Ray, A.A. Ghorbani, Internet of Things (IoT) security dataset evolution:
Challenges and future directions, Internet Things (2023) 100780.
[5] Y. Ding, M. Jin, S. Li, D. Feng, Smart logistics based on the internet of things
technology: an overview, Int. J. Logist. Res. Appl. 24 (4) (2021) 323–345.
[6] D.D. Ramlowat, B.K. Pattanayak, Exploring the internet of things (IoT) in ed-
ucation: a review, in: Information Systems Design and Intelligent Applications:
Proceedings of Fifth International Conference INDIA 2018 Volume 2, Springer,
2019, pp. 245–255.
[7] C. Verdouw, S. Wolfert, B. Tekinerdogan, Internet of Things in agriculture, CABI
Rev. (2016) (2016) 1–12.
[8] R. De Michele, M. Furini, Iot healthcare: Benefits, issues and challenges, in:
Proceedings of the 5th EAI International Conference on Smart Objects and
Technologies for Social Good, 2019, pp. 160–164.
[9] A. Sundas, S. Badotra, S. Bharany, A. Almogren, E.M. Tag-ElDin, A.U. Rehman,
HealthGuard: An intelligent healthcare system security framework based on
machine learning, Sustainability 14 (19) (2022) 11934.
[10] E.C.P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, A.A. Ghorbani,
CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT
environment, 2023.
[11] S. Dadkhah, H. Mahdikhani, P.K. Danso, A. Zohourian, K.A. Truong, A.A. Ghor-
bani, Towards the development of a realistic multidimensional IoT profiling
dataset, in: 2022 19th Annual International Conference on Privacy, Security &
Trust (PST), IEEE, 2022, pp. 1–11.
[12] A.A. Hady, A. Ghubaish, T. Salman, D. Unal, R. Jain, Intrusion detection system
for healthcare systems using medical and network data: A comparison study,
IEEE Access 8 (2020) 106576–106584.
[13] F. Hussain, S.G. Abbas, G.A. Shah, I.M. Pires, U.U. Fayyaz, F. Shahzad, N.M.
Garcia, E. Zdravevski, A framework for malicious traffic detection in IoT
healthcare environment, Sensors 21 (9) (2021) 3025.
[14] M. Zubair, A. Ghubaish, D. Unal, A. Al-Ali, T. Reimann, G. Alinier, M.
Hammoudeh, J. Qadir, Secure bluetooth communication in smart healthcare
systems: A novel community dataset and intrusion detection system, Sensors
22 (21) (2022) 8280.
[15] S. Yempally, S.K. Singh, S. Velliangiri, Analytical review on deep learning and
IoT for smart healthcare monitoring system, Int. J. Intell. Unmanned Syst.
(ahead-of-print) (2022).
[16] I.H. Sarker, A.I. Khan, Y.B. Abushark, F. Alsolami, Internet of things (iot)
security intelligence: a comprehensive overview, machine learning solutions and
research directions, Mob. Netw. Appl. (2022) 1–17.
[17] H.K. Bharadwaj, A. Agarwal, V. Chamola, N.R. Lakkaniga, V. Hassija, M.
Guizani, B. Sikdar, A review on the role of machine learning in enabling IoT
based healthcare applications, IEEE Access 9 (2021) 38859–38890.
[18] W. Li, Y. Chai, F. Khan, S.R.U. Jan, S. Verma, V.G. Menon, X. Li, A compre-
hensive survey on machine learning-based big data analytics for IoT-enabled
smart healthcare system, Mob. Netw. Appl. 26 (2021) 234–252.
[19] M.N. Bhuiyan, M.M. Rahman, M.M. Billah, D. Saha, Internet of things (IoT):
A review of its enabling technologies in healthcare applications, standards
protocols, security, and market opportunities, IEEE Internet Things J. 8 (13)
(2021) 10474–10498.
[20] R. Somasundaram, M. Thirugnanam, Review of security challenges in healthcare
internet of things, Wirel. Netw. 27 (2021) 5503–5509.
[21] S.S. Gopalan, A. Raza, W. Almobaideen, IoT security in healthcare using
AI: A survey, in: 2020 International Conference on Communications, Signal
Processing, and their Applications (ICCSPA), IEEE, 2021, pp. 1–6.
[22] T.M. Ghazal, M.K. Hasan, M.T. Alshurideh, H.M. Alzoubi, M. Ahmad, S.S. Akbar,
B. Al Kurdi, I.A. Akour, IoT for smart cities: Machine learning approaches in
smart healthcare—A review, Future Internet 13 (8) (2021) 218.
[23] A. Ullah, M. Azeem, H. Ashraf, A.A. Alaboudi, M. Humayun, N. Jhanjhi, Secure
healthcare data aggregation and transmission in IoT—A survey, IEEE Access 9
(2021) 16849–16865.
[24] R. Ahmad, I. Alsmadi, Machine learning approaches to IoT security: A
systematic literature review, Internet Things 14 (2021) 100365.
[25] J.J. Hathaliya, S. Tanwar, An exhaustive survey on security and privacy issues
in Healthcare 4.0, Comput. Commun. 153 (2020) 311–335.
[26] S.M. Tahsien, H. Karimipour, P. Spachos, Machine learning based solutions for
security of Internet of Things (IoT): A survey, J. Netw. Comput. Appl. 161
(2020) 102630.
[27] B.K. Mohanta, D. Jena, U. Satapathy, S. Patnaik, Survey on IoT security:
Challenges and solution using machine learning, artificial intelligence and
blockchain technology, Internet Things 11 (2020) 100227.
75
Computer Communications 213 (2024) 61–77
[28] M.A. Al-Garadi, A. Mohamed, A.K. Al-Ali, X. Du, I. Ali, M. Guizani, A survey of
machine and deep learning methods for internet of things (IoT) security, IEEE
Commun. Surv. Tutor. 22 (3) (2020) 1646–1685.
[29] F. Hussain, R. Hussain, S.A. Hassan, E. Hossain, Machine learning in IoT
security: Current solutions and future challenges, IEEE Commun. Surv. Tutor.
22 (3) (2020) 1686–1721.
[30] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on
IoT security: application areas, security threats, and solution architectures, IEEE
Access 7 (2019) 82721–82743.
[31] N.S. Abouzakhar, A. Jones, O. Angelopoulou, Internet of things security: A
review of risks and threats to healthcare sector, in: 2017 IEEE International
Conference on Internet of Things (iThings) and IEEE Green Computing and
Communications (GreenCom) and IEEE Cyber, Physical and Social Computing
(CPSCom) and IEEE Smart Data (SmartData), IEEE, 2017, pp. 373–378.
[32] A. Aldahiri, B. Alrashed, W. Hussain, Trends in using IoT with machine learning
in health prediction system, Forecasting 3 (1) (2021) 181–206.
[33] M. Javaid, I.H. Khan, Internet of Things (IoT) enabled healthcare helps to
take the challenges of COVID-19 Pandemic, J. Oral Biol. Craniofac. Res. 11
(2) (2021) 209–214.
[34] P. Keikhosrokiani, IoT for enhanced decision-making in medical information sys-
tems: A systematic review, in: Enhanced Telemedicine and e-Health: Advanced
IoT Enabled Soft Computing Framework, Springer, 2021, pp. 119–140.
[35] F. Jimenez, R. Torres, Building an IoT-aware healthcare monitoring system, in:
2015 34th International Conference of the Chilean Computer Science Society
(SCCC), IEEE, 2015, pp. 1–4.
[36] T.M. Kadarina, R. Priambodo, Preliminary design of Internet of Things (IoT)
application for supporting mother and child health program in Indonesia, in:
2017 International Conference on Broadband Communication, Wireless Sensors
and Powering (BCWSP), IEEE, 2017, pp. 1–6.
[37] S. Pinto, J. Cabral, T. Gomes, We-care: An IoT-based health care system for
elderly people, in: 2017 IEEE International Conference on Industrial Technology
(ICIT), IEEE, 2017, pp. 1378–1383.
[38] M. Shamila, K. Vinuthna, A.K. Tyagi, A review on several critical issues and
challenges in IoT based e-healthcare system, in: 2019 International Confer-
ence on Intelligent Computing and Control Systems (ICCS), IEEE, 2019, pp.
1036–1043.
[39] Y. Yang, H. Wang, R. Jiang, X. Guo, J. Cheng, Y. Chen, A review of IoT-enabled
mobile healthcare: technologies, challenges, and future trends, IEEE Internet
Things J. 9 (12) (2022) 9478–9502.
[40] T.N. Gia, N.K. Thanigaivelan, A.-M. Rahmani, T. Westerlund, P. Liljeberg, H.
Tenhunen, Customizing 6LoWPAN networks towards Internet-of-Things based
ubiquitous healthcare systems, in: 2014 NORCHIP, IEEE, 2014, pp. 1–6.
[41] A. Alamri, Ontology middleware for integration of IoT healthcare information
systems in EHR systems, Computers 7 (4) (2018) 51.
[42] A. Brunete, E. Gambao, M. Hernando, R. Cedazo, Smart assistive architecture
for the integration of IoT devices, robotic systems, and multimodal interfaces
in healthcare environments, Sensors 21 (6) (2021) 2212.
[43] M. Umair, M.A. Cheema, O. Cheema, H. Li, H. Lu, Impact of COVID-19
on IoT adoption in healthcare, smart homes, smart buildings, smart cities,
transportation and industrial IoT, Sensors 21 (11) (2021) 3838.
[44] S.S.R. Abidi, Healthcare knowledge management: The art of the possible, in:
Knowledge Management for Health Care Procedures: From Knowledge to Global
Care, AIME 2007 Workshop K4CARE 2007, Amsterdam, The Netherlands, July
7, 2007, Revised Selected Papers, Springer, 2008, pp. 1–20.
[45] A.S. Albahri, J.K. Alwan, Z.K. Taha, S.F. Ismail, R.A. Hamid, A. Zaidan, O.S.
Albahri, B. Zaidan, A.H. Alamoodi, M. Alsalem, IoT-based telemedicine for
disease prevention and health promotion: State-of-the-Art, J. Netw. Comput.
Appl. 173 (2021) 102873.
[46] Y. Zhong, Z. Xu, L. Cao, Intelligent IoT-based telemedicine systems implement
for smart medical treatment, Pers. Ubiquitous Comput. (2021) 1–11.
[47] S.-H. Kim, K. Chung, Emergency situation monitoring service using context
motion tracking of chronic disease patients, Cluster Comput. 18 (2015)
747–759.
[48] A. Kakkar, et al., An iot equipped hospital model: A new approach for e-
governance healthcare framework, Int. J. Med. Res. Health Sci. 8 (3) (2019)
36–42.
[49] P. Kumar, R. Kumar, G.P. Gupta, R. Tripathi, A. Jolfaei, A.N. Islam, A
blockchain-orchestrated deep learning approach for secure data transmission in
IoT-enabled healthcare system, J. Parallel Distrib. Comput. 172 (2023) 69–83.
[50] N. Tekin, A. Acar, A. Aris, A.S. Uluagac, V.C. Gungor, Energy consumption
of on-device machine learning models for IoT intrusion detection, Internet
Things 21 (2023) 100670, http://dx.doi.org/10.1016/j.iot.2022.100670, URL
https://www.sciencedirect.com/science/article/pii/S2542660522001512.
[51] M. Abd Elaziz, M.A. Al-qaness, A. Dahou, R.A. Ibrahim, A.A.A. El-Latif, Intrusion
detection approach for cloud and IoT environments using deep learning and
Capuchin Search Algorithm, Adv. Eng. Softw. 176 (2023) 103402, http://
dx.doi.org/10.1016/j.advengsoft.2022.103402, URL https://www.sciencedirect.
com/science/article/pii/S0965997822003039.
[52] L. Liu, Z. Li, Permissioned blockchain and deep reinforcement learning enabled
security and energy efficient healthcare internet of things, IEEE Access 10
(2022) 53640–53651.
E.C.P. Neto et al.
[53] E.S. Ho, Data security challenges in deep neural network for healthcare
IoT systems, in: Security and Privacy Preserving for IoT and 5G Networks:
Techniques, Challenges, and New Directions, Springer, 2022, pp. 19–37.
[54] A.K. Sahu, S. Sharma, R. Raja, Deep learning-based continuous authentication
for an IoT-enabled healthcare service, Comput. Electr. Eng. 99 (2022) 107817.
[55] S. Saif, P. Das, S. Biswas, M. Khari, V. Shanmuganathan, HIIDS: Hybrid
intelligent intrusion detection system empowered with machine learning and
metaheuristic algorithms for application in IoT based healthcare, Microprocess.
Microsyst. (2022) 104622.
[56] K. Thilagam, A. Beno, M.V. Lakshmi, C.B. Wilfred, S.M. George, M. Karthikeyan,
V. Peroumal, C. Ramesh, P. Karunakaran, Secure IoT healthcare architecture
with deep learning-based access control system, J. Nanomater. 2022 (2022).
[57] D. Unal, S. Bennbaia, F.O. Catak, Machine learning for the security of healthcare
systems based on Internet of Things and edge computing, in: Cybersecurity and
Cognitive Science, Elsevier, 2022, pp. 299–320.
[58] M. Kumar, S. Verma, A. Kumar, M.F. Ijaz, D.B. Rawat, et al., ANAF-IoMT: A
novel architectural framework for IoMT-enabled smart healthcare system by
enhancing security based on RECC-VC, IEEE Trans. Ind. Inform. 18 (12) (2022)
8936–8943.
[59] M. Aslam, D. Ye, A. Tariq, M. Asad, M. Hanif, D. Ndzi, S.A. Chelloug,
M.A. Elaziz, M.A.A. Al-Qaness, S.F. Jilani, Adaptive machine learning based
distributed denial-of-services attacks detection and mitigation system for SDN-
enabled IoT, Sensors 22 (7) (2022) http://dx.doi.org/10.3390/s22072697, URL
https://www.mdpi.com/1424-8220/22/7/2697.
[60] V. Ravi, R. Chaganti, M. Alazab, Deep learning feature fusion approach for an
intrusion detection system in SDN-based IoT networks, IEEE Internet Things
Mag. 5 (2) (2022) 24–29, http://dx.doi.org/10.1109/IOTM.003.2200001.
[61] S. Nandy, M. Adhikari, M.A. Khan, V.G. Menon, S. Verma, An intrusion
detection mechanism for secured IoMT framework based on swarm-neural
network, IEEE J. Biomed. Health Inf. 26 (5) (2021) 1969–1976.
[62] T. Veeramakali, R. Siva, B. Sivakumar, P. Senthil Mahesh, N. Krishnaraj,
An intelligent internet of things-based secure healthcare framework using
blockchain technology with an optimal deep learning model, J. Supercomput.
(2021) 1–21.
[63] U. Ahmad, H. Song, A. Bilal, S. Mahmood, M. Alazab, A. Jolfaei, A. Ullah, U.
Saeed, A novel deep learning model to secure internet of things in healthcare,
in: Machine Intelligence and Big Data Analytics for Cybersecurity Applications,
Springer, 2021, pp. 341–353.
[64] A. Anand, S. Rani, D. Anand, H.M. Aljahdali, D. Kerr, An efficient CNN-
based deep learning model to detect malware attacks (CNN-DMA) in 5G-IoT
healthcare applications, Sensors 21 (19) (2021) 6346.
[65] J. Aruna Santhi, T. Vijaya Saradhi, Attack detection in medical Internet of
things using optimized deep learning: Enhanced security in healthcare sector,
Data Technol. Appl. 55 (5) (2021) 682–714.
[66] N.D. Kathamuthu, A. Chinnamuthu, N. Iruthayanathan, M. Ramachandran,
A.H. Gandomi, Deep Q-learning-based neural network with privacy preser-
vation method for secure data transmission in internet of things (IoT)
healthcare application, Electronics 11 (1) (2022) http://dx.doi.org/10.3390/
electronics11010157, URL https://www.mdpi.com/2079-9292/11/1/157.
[67] A. Rahman, M.S. Hossain, N.A. Alrajeh, F. Alsolami, Adversarial examples—
Security threats to COVID-19 deep learning systems in medical IoT devices,
IEEE Internet Things J. 8 (12) (2020) 9603–9610.
[68] S. Pirbhulal, N. Pombo, V. Felizardo, N. Garcia, A.H. Sodhro, S.C. Mukhopad-
hyay, Towards machine learning enabled security framework for IoT-based
healthcare, in: 2019 13th International Conference on Sensing Technology
(ICST), IEEE, 2019, pp. 1–6.
[69] R. Lohiya, A. Thakkar, Application domains, evaluation data sets, and research
challenges of IoT: A Systematic Review, IEEE Internet Things J. 8 (11) (2020)
8774–8798.
[70] F. Alshehri, G. Muhammad, A comprehensive survey of the Internet of Things
(IoT) and AI-based smart healthcare, IEEE Access 9 (2020) 3660–3678.
[71] A. Khanna, S. Kaur, Internet of things (IoT), applications and challenges: a
comprehensive review, Wirel. Pers. Commun. 114 (2020) 1687–1762.
[72] J.R. van der Merwe, X. Zubizarreta, I. Lukčin, A. Rügamer, W. Felber, Clas-
sification of spoofing attack types, in: 2018 European Navigation Conference
(ENC), IEEE, 2018, pp. 91–99.
[73] M. Ahmed, S. Byreddy, A. Nutakki, L.F. Sikos, P. Haskell-Dowland, ECU-IoHT:
A dataset for analyzing cyberattacks in Internet of Health Things, Ad Hoc Netw.
122 (2021) 102621.
[74] M. Mansur, M. Sap, M. Noor, Outlier detection technique in data mining: a
research perspective, in: Postgraduate Annual Research Seminar, CMS Press,
2005, pp. 23–31.
[75] Y. Wang, K. Li, S. Gan, A kernel connectivity-based outlier factor algorithm
for rare data detection in a baking process, IFAC-PapersOnLine 51 (18) (2018)
297–302.
[76] S. Papadimitriou, H. Kitagawa, P.B. Gibbons, C. Faloutsos, Loci: Fast outlier
detection using the local correlation integral, in: Proceedings 19th International
Conference on Data Engineering (Cat. No. 03CH37405), IEEE, 2003, pp.
315–326.
76
Computer Communications 213 (2024) 61–77
[77] H.-P. Kriegel, P. Kröger, E. Schubert, A. Zimek, LoOP: local outlier probabilities,
in: Proceedings of the 18th ACM Conference on Information and Knowledge
Management, 2009, pp. 1649–1652.
[78] W. Jin, A.K. Tung, J. Han, W. Wang, Ranking outliers using symmetric
neighborhood relationship, in: Advances in Knowledge Discovery and Data
Mining: 10th Pacific-Asia Conference, PAKDD 2006, Singapore, April 9-12,
2006. Proceedings 10, Springer, 2006, pp. 577–593.
[79] G. Bhattacharya, K. Ghosh, A.S. Chowdhury, Outlier detection using
neighborhood rank difference, Pattern Recognit. Lett. 60 (2015) 24–31.
[80] Z. He, X. Xu, S. Deng, Discovering cluster-based local outliers, Pattern Recognit.
Lett. 24 (9–10) (2003) 1641–1650.
[81] M. Muhammad, U. Daniel Ani, A.A. Abdullahi, P. Radanliev, Device-type
profiling for network access control systems using clustering-based multivariate
Gaussian outlier score, in: The 5th International Conference on Future Networks
& Distributed Systems, 2021, pp. 270–279.
[82] M. Amer, M. Goldstein, Nearest-neighbor and clustering based anomaly detec-
tion algorithms for rapidminer, in: Proc. of the 3rd RapidMiner Community
Meeting and Conference (RCOMM 2012), 2012, pp. 1–12.
[83] F. De la Torre, M.J. Black, Robust principal component analysis for computer
vision, in: Proceedings Eighth IEEE International Conference on Computer
Vision. ICCV 2001, Vol. 1, IEEE, 2001, pp. 362–369.
[84] Q. Zhao, D. Meng, Z. Xu, W. Zuo, L. Zhang, Robust principal component analysis
with complex noise, in: International Conference on Machine Learning, PMLR,
2014, pp. 55–63.
[85] H.J. Shin, D.-H. Eom, S.-S. Kim, One-class support vector machines—an appli-
cation in machine fault detection and classification, Comput. Ind. Eng. 48 (2)
(2005) 395–408.
[86] A. Bounsiar, M.G. Madden, One-class support vector machines revisited, in:
2014 International Conference on Information Science & Applications (ICISA),
IEEE, 2014, pp. 1–4.
[87] P. Radoglou-Grammatikis, K. Rompolos, P. Sarigiannidis, V. Argyriou, T. Lagkas,
A. Sarigiannidis, S. Goudos, S. Wan, Modeling, detecting, and mitigating threats
against industrial healthcare systems: a combined software defined networking
and reinforcement learning approach, IEEE Trans. Ind. Inform. 18 (3) (2021)
2041–2052.
[88] G. Habibi, M. Mamun, A. Ghorbani, Cicflowmeter: Network traffic flow
generator and analyser, 2017.
[89] U. Lamping, E. Warnicke, Wireshark user’s guide, Interface 4 (6) (2004) 1.
[90] L. Meng, L. Yang, W. Yang, L. Zhang, A survey of GNSS spoofing and
anti-spoofing technology, Remote Sens. 14 (19) (2022) 4826.
[91] N.Y. Jhala, Network Scanning & Vulnerability Assessment with Report
Generation, Nirma University, 2014, Major Project.
[92] J.F. Balarezo, S. Wang, K.G. Chavez, A. Al-Hourani, S. Kandeepan, A survey
on DoS/DDoS attacks mathematical modelling for traditional, SDN and virtual
networks, Eng. Sci. Technol. Int. J. 31 (2022) 101065.
[93] M.M. Salim, S. Rathore, J.H. Park, Distributed denial of service attacks and its
defenses in IoT: a survey, J. Supercomput. 76 (2020) 5320–5363.
[94] A. Sebbar, K. Zkik, Y. Baddi, M. Boulmalf, M.D.E.-C.E. Kettani, MitM detection
and defense mechanism CBNA-RF based on machine learning for large-scale
SDN context, J. Ambient Intell. Humaniz. Comput. 11 (2020) 5875–5894.
[95] D. Stiawan, M. Idris, R.F. Malik, S. Nurmaini, N. Alsharif, R. Budiarto, et al.,
Investigating brute force attack patterns in IoT network, J. Electr. Comput. Eng.
2019 (2019).
[96] I. Subramanian, S. Verma, S. Kumar, A. Jere, K. Anamika, Multi-omics data
integration, interpretation, and its application, Bioinform. Biol. Insights 14
(2020) 1177932219899051.
[97] N. Abughazaleh, R. Bin, M. Btish, DoS attacks in IoT systems and proposed
solutions, Int. J. Comput. Appl. 176 (33) (2020) 16–19.
[98] G.E. Rodríguez, J.G. Torres, P. Flores, D.E. Benavides, Cross-site scripting (XSS)
attacks and mitigation: A survey, Comput. Netw. 166 (2020) 106960.
[99] T. Ali, R. Baloch, M. Azeem, M. Farhan, S. Naseem, B. Mohsin, A systematic
review of bluetooth security threats, attacks & analysis.
[100] A.J. Hintaw, S. Manickam, M.F. Aboalmaaly, S. Karuppayah, MQTT vulnerabil-
ities, attack vectors and solutions in the internet of things (IoT), IETE J. Res.
(2021) 1–30.
[101] M. Husnain, K. Hayat, E. Cambiaso, U.U. Fayyaz, M. Mongelli, H. Akram, S.
Ghazanfar Abbas, G.A. Shah, Preventing mqtt vulnerabilities using iot-enabled
intrusion detection system, Sensors 22 (2) (2022) 567.
[102] I. Vaccari, M. Aiello, E. Cambiaso, SlowITe, a novel denial of service attack
affecting MQTT, Sensors 20 (10) (2020) 2932.
[103] M. Gregorczyk, P. Żórawski, P. Nowakowski, K. Cabaj, W. Mazurczyk, Sniffing
detection based on network traffic probing and machine learning, IEEE Access
8 (2020) 149255–149269.
[104] J. Aiken, S. Scott-Hayward, Investigating adversarial attacks against network
intrusion detection systems in sdns, in: 2019 IEEE Conference on Network
Function Virtualization and Software Defined Networks (NFV-SDN), IEEE, 2019,
pp. 1–7.
[105] R. Santos, D. Souza, W. Santo, A. Ribeiro, E. Moreno, Machine learning
algorithms to detect DDoS attacks in SDN, Concurr. Comput.: Pract. Exper.
32 (16) (2020) e5402.
E.C.P. Neto et al.
[106] V. Punia, G. Aggarwal, Network forensic tool: NMAP a port scanning tool, Adv.
Innov. Res. 8 (1) (2021) 172.
[107] M. Bettayeb, O.A. Waraga, M.A. Talib, Q. Nasir, O. Einea, IoT testbed security:
Smart socket and smart thermostat, in: 2019 IEEE Conference on Application,
Information and Network Security (AINS), IEEE, 2019, pp. 18–23.
[108] R.S. Devi, M.M. Kumar, Testing for security weakness of web applications using
ethical hacking, in: 2020 4th International Conference on Trends in Electronics
and Informatics (ICOEI)(48184), IEEE, 2020, pp. 354–361.
[109] H. Iqbal, S. Naaz, Wireshark as a tool for detection of various LAN attacks, Int.
J. Comput. Sci. Eng. 7 (5) (2019) 833–837.
[110] H. Hwang, G. Jung, K. Sohn, S. Park, A study on MITM (Man in the Middle)
vulnerability in wireless network using 802.1 X and EAP, in: 2008 International
Conference on Information Science and Security (ICISS 2008), IEEE, 2008, pp.
164–170.
[111] P. Cisar, R. Pinter, Some ethical hacking possibilities in Kali Linux environment,
J. Appl. Tech. Educ. Sci. 9 (4) (2019) 129–149.
[112] A.H. Lashkari, Y. Zang, G. Owhuo, M. Mamun, G. Gil, CICFlowMeter,
GitHub, 2017, [vid. 2021-08-10]. Dostupné z: https://github.com/ahlashkari/
CICFlowMeter/blob/master/ReadMe.txt.
[113] P. Goyal, A. Goyal, Comparative study of two most popular packet sniffing
tools-Tcpdump and Wireshark, in: 2017 9th International Conference on Com-
putational Intelligence and Communication Networks (CICN), IEEE, 2017, pp.
77–81.
[114] M.T. Islam, N. Islam, M.A. Refat, Node to node performance evaluation through
RYU SDN controller, Wirel. Pers. Commun. 112 (2020) 555–570.
[115] M. Tsoukalos, Using tshark to watch and inspect network traffic, Linux J. 2015
(254) (2015) 1.
[116] A. Cutler, D.R. Cutler, J.R. Stevens, Random forests, in: Ensemble Machine
Learning: Methods and Applications, Springer, 2012, pp. 157–175.
[117] J. Ali, R. Khan, N. Ahmad, I. Maqsood, Random forests and decision trees, Int.
J. Comput. Sci. Issues (IJCSI) 9 (5) (2012) 272.
[118] S.B. Imandoust, M. Bolandraftar, et al., Application of k-nearest neighbor (knn)
approach for predicting economic events: Theoretical background, Int. J. Eng.
Res. Appl. 3 (5) (2013) 605–610.
[119] M. Steinbach, P.-N. Tan, kNN: k-nearest neighbors, in: The Top Ten Algorithms
in Data Mining, Chapman and Hall/CRC, 2009, pp. 165–176.
[120] L. Jiang, Z. Cai, D. Wang, S. Jiang, Survey of improving k-nearest-neighbor
for classification, in: Fourth International Conference on Fuzzy Systems and
Knowledge Discovery (FSKD 2007), Vol. 1, IEEE, 2007, pp. 679–683.
[121] V. Jakkula, Tutorial on Support Vector Machine (SVM), Vol. 37, School of EECS,
Washington State University, 2006, p. 3, (2.5).
[122] A. Mammone, M. Turchi, N. Cristianini, Support vector machines, Wiley
Interdiscip. Rev. Comput. Stat. 1 (3) (2009) 283–289.
[123] P.-H. Chen, C.-J. Lin, B. Schölkopf, A tutorial on 𝜈-support vector machines,
Appl. Stoch. Models Bus. Ind. 21 (2) (2005) 111–136.
[124] M.M. Breunig, H.-P. Kriegel, R.T. Ng, J. Sander, LOF: identifying density-
based local outliers, in: Proceedings of the 2000 ACM SIGMOD International
Conference on Management of Data, 2000, pp. 93–104.
[125] Z. Cheng, C. Zou, J. Dong, Outlier detection using isolation forest and local
outlier factor, in: Proceedings of the Conference on Research in Adaptive and
Convergent Systems, 2019, pp. 161–168.
[126] M. Goldstein, A. Dengel, Histogram-based outlier score (hbos): A fast unsuper-
vised anomaly detection algorithm, in: KI-2012: Poster and Demo Track, Vol.
1, Citeseer, 2012, pp. 59–63.
[127] N. Paulauskas, A. Baskys, Application of histogram-based outlier scores to detect
computer network anomalies, Electronics 8 (11) (2019) 1251.
[128] M.P. LaValley, Logistic regression, Circulation 117 (18) (2008) 2395–2399.
[129] T.G. Nick, K.M. Campbell, Logistic regression, in: Topics in Biostatistics,
Springer, 2007, pp. 273–301.
[130] S.B. Kotsiantis, Decision trees: a recent overview, Artif. Intell. Rev. 39 (2013)
261–283.
[131] C. Kingsford, S.L. Salzberg, What are decision trees? Nature Biotechnol. 26 (9)
(2008) 1011–1013.
[132] G.I. Webb, E. Keogh, R. Miikkulainen, Naïve Bayes, in: Encyclopedia of Machine
Learning, Vol. 15, 2010, pp. 713–714.
77
Computer Communications 213 (2024) 61–77
[133] I. Rish, et al., An empirical study of the naive Bayes classifier, in: IJCAI 2001
Workshop on Empirical Methods in Artificial Intelligence, Vol. 3, 2001, pp.
41–46.
[134] F.T. Liu, K.M. Ting, Z.-H. Zhou, Isolation forest, in: 2008 Eighth Ieee
International Conference on Data Mining, IEEE, 2008, pp. 413–422.
[135] S. Hariri, M.C. Kind, R.J. Brunner, Extended isolation forest, IEEE Trans. Knowl.
Data Eng. 33 (4) (2019) 1479–1489.
[136] G. Hamerly, C. Elkan, Learning the k in k-means, Adv. Neural Inf. Process. Syst.
16 (2003).
[137] M. Ahmed, R. Seraj, S.M.S. Islam, The k-means algorithm: A comprehensive
survey and performance evaluation, Electronics 9 (8) (2020) 1295.
[138] T. Hastie, S. Rosset, J. Zhu, H. Zou, Multi-class adaboost, Stat. Interface 2 (3)
(2009) 349–360.
[139] R.E. Schapire, Explaining adaboost, in: Empirical Inference: Festschrift in Honor
of Vladimir N. Vapnik, Springer, 2013, pp. 37–52.
[140] D. Svozil, V. Kvasnicka, J. Pospichal, Introduction to multi-layer feed-forward
neural networks, Chemometr. Intell. Lab. Syst. 39 (1) (1997) 43–62.
[141] M.H. Sazli, A brief review of feed-forward neural networks, Commun. Fac. Sci.
Univ. Ank. Ser. A2-A3 Phys. Sci. Eng. 50 (01) (2006).
[142] G. Cybenko, Approximation by superpositions of a sigmoidal function, Math.
Control Signals Systems 2 (4) (1989) 303–314.
[143] R.M. Schmidt, Recurrent neural networks (rnns): A gentle introduction and
overview, 2019, arXiv preprint arXiv:1912.05911.
[144] J.A. Bullinaria, Recurrent neural networks, Neural Comput.: Lect. 12 (2013) 1.
[145] K. O’Shea, R. Nash, An introduction to convolutional neural networks, 2015,
arXiv preprint arXiv:1511.08458.
[146] J. Wu, Introduction to Convolutional Neural Networks, Vol. 5, National Key
Lab for Novel Software Technology. Nanjing University, China, 2017, p. 495,
(23).
[147] S. Hijazi, R. Kumar, C. Rowen, et al., Using Convolutional Neural Networks for
Image Recognition, Vol. 9, Cadence Design Systems Inc., San Jose, CA, USA,
2015, p. 1.
[148] Y.K. Saheed, M.O. Arowolo, Efficient cyber attack detection on the internet of
medical things-smart environment based on deep recurrent neural network and
machine learning algorithms, IEEE Access 9 (2021) 161546–161554.
[149] K.P. Vijayakumar, K. Pradeep, A. Balasundaram, M.R. Prusty, Enhanced cyber
attack detection process for internet of health things (IoHT) devices using deep
neural network, Processes 11 (4) (2023) 1072.
[150] M. Al-Hawawreh, M.S. Hossain, A privacy-aware framework for detecting cyber
attacks on internet of medical things systems using data fusion and quantum
deep learning, Inf. Fusion (2023) 101889.
[151] A. Lahmadi, A. Duque, N. Heraief, J. Francq, MitM attack detection in BLE
networks using reconstruction and classification machine learning techniques,
in: Joint European Conference on Machine Learning and Knowledge Discovery
in Databases, Springer, 2020, pp. 149–164.
[152] R.V. Mendonca, J.C. Silva, R.L. Rosa, M. Saadi, D.Z. Rodriguez, A. Farouk,
A lightweight intelligent intrusion detection system for industrial internet of
things using deep learning algorithms, Expert Syst. 39 (5) (2022) e12917.
[153] H. Wang, J. Si, H. Li, Y. Guo, Rmvdroid: towards a reliable android malware
dataset with app metadata, in: 2019 IEEE/ACM 16th International Conference
on Mining Software Repositories (MSR), IEEE, 2019, pp. 404–408.
[154] A.H. Lashkari, A.F.A. Kadir, L. Taheri, A.A. Ghorbani, Toward developing a
systematic approach to generate benchmark android malware datasets and clas-
sification, in: 2018 International Carnahan Conference on Security Technology
(ICCST), IEEE, 2018, pp. 1–7.
[155] O. AbuAlghanam, H. Alazzam, E. Alhenawi, M. Qatawneh, O. Adwan, Fusion-
based anomaly detection system using modified isolation forest for internet of
things, J. Ambient Intell. Humaniz. Comput. 14 (1) (2023) 131–145.
[156] M.V. de Assis, L.F. Carvalho, J.J. Rodrigues, J. Lloret, M.L. Proença Jr., Near
real-time security system applied to SDN environments in IoT networks using
convolutional neural network, Comput. Electr. Eng. 86 (2020) 106738.
[157] K. Prathapchandran, T. Janani, A trust-based security model to detect misbehav-
ing nodes in Internet of Things (IoT) environment using logistic regression, in:
Journal of Physics: Conference Series, Vol. 1850, IOP Publishing, 2021, 012031.