Cyber-Securing Medical Devices Using Machine Learning: A Case Study of Pacemaker

Main Article Content

Suliat Toyosi Jimoh
Shaymaa S Al-Juboori

Abstract

This study aims to enhance the cybersecurity framework of pacemaker devices by identifying vulnerabilities and recommending effective strategies. The objectives are to pinpoint cybersecurity weaknesses, utilize machine learning to predict security breaches, and propose countermeasures based on analytical trends. The literature review highlights the transformation of pacemaker technology from basic, fixed-rate devices to sophisticated systems with wireless capabilities, which, while improving patient care, also introduce significant cybersecurity risks. These risks include unauthorized entry, data breaches, and life-threatening device malfunctions. The methodology in this study utilizes a quantitative research approach using the WUSTL-EHMS-2020 dataset, which includes network traffic features, patients' biometric features, and attack label. The step-by-step method of machine learning prediction includes data collection, data preprocessing, feature engineering, and models’ training using Support Vector Machines (SVM) and Gradient Boosting Machines (GBM). The implementation results used evaluation metrics like accuracy, precision, recall, and F1 score to show that GBM model outperformed the SVM model. The GBM model achieved higher accuracy of 95.1% compared to 92.5% for SVM, greater precision of 99.6% compared to 96.7% for SVM, better recall of 94.9% compared to 42.7% for SVM, and a higher F1 score of 76.3% compared to 59.0% for SVM, making GBM model more effective in predicting cybersecurity threats. This study concludes that GBM is an effective machine learning model for enhancing pacemaker cybersecurity by analyzing network traffic and biometric data patterns. Future recommendations for improving the pacemaker cybersecurity include implementing GBM model for threat predictions, integration with existing security measures, and regular model updates and retraining.

Article Details

How to Cite
Jimoh, S. T., & S Al-Juboori, S. (2024). Cyber-Securing Medical Devices Using Machine Learning: A Case Study of Pacemaker. Journal of Informatics and Web Engineering, 3(3), 271–289. https://doi.org/10.33093/jiwe.2024.3.3.17
Section
Thematic (Pervasive Computing)

References

A. Chacko and T. Hayajneh, “Security and Privacy Issues with IoT in Healthcare,” EAI Endorsed Transactions on Pervasive Health and Technology, vol. 18, no. 14, p. 155079, 2018, doi: 10.4108/eai.13-7-2018.155079.

D. Lee and S. N. Yoon, “Application of Artificial Intelligence-Based Technologies in the Healthcare Industry: Opportunities and Challenges,” International Journal of Environmental Research and Public Health, vol. 18, no. 1, p. 271, 2021, doi: 10.3390/ijerph18010271.

P. Li, G.-H. Lee, S. Y. Kim, S. Y. Kwon, H.-R. Kim, and S. Park, “From Diagnosis to Treatment: Recent Advances in Patient-Friendly Biosensors and Implantable Devices,” ACS Nano, vol. 15, no. 2, pp. 1960–2004, 2021, doi: 10.1021/acsnano.0c06688.

X. Chen et al., “Stretchable Supercapacitors as Emergent Energy Storage Units for Health Monitoring Bioelectronics,” Advanced Energy Materials, vol. 10, no. 4, 2019, doi: 10.1002/aenm.201902769.

M. Kintzlinger et al., “CardiWall: A Trusted Firewall for the Detection of Malicious Clinical Programming of Cardiac Implantable Electronic Devices,” IEEE Access, vol. 8, pp. 48123–48140, 2020, doi: 10.1109/access.2020.2978631.

J.-P. O. Li et al., “Digital technology, tele-medicine and artificial intelligence in ophthalmology: A global perspective,” Progress in Retinal and Eye Research, vol. 82, p. 100900, 2020, doi: 10.1016/j.preteyeres.2020.100900.

M. Kintzlinger et al., “CardiWall: A Trusted Firewall for the Detection of Malicious Clinical Programming of Cardiac Implantable Electronic Devices,” IEEE Access, vol. 8, pp. 48123–48140, 2020, doi: 10.1109/access.2020.2978631.

A. Binbusayyis, H. Alaskar, T. Vaiyapuri, and M. Dinesh, “An investigation and comparison of machine learning approaches for intrusion detection in IoMT network,” Journal of Supercomputing, vol. 78, pp. 17403–17422, 2022. doi: 10.1007/s11227-022-04568-3.

M. Ibrahim, A. Alsheikh, and A. Matar, “Attack Graph Modeling for Implantable Pacemaker,” Biosensors, vol. 10, no. 2, p. 14, 2020, doi: 10.3390/bios10020014.

A. Panda, S. Pinisetty, and P. Roop, “Securing Pacemakers using Runtime Monitors over Physiological Signals,” ACM Transactions on Embedded Computing Systems, 2024, doi: 10.1145/3638286.

M. Wazid, A. K. Das, J. J. P. C. Rodrigues, S. Shetty and Y. Park, "IoMT Malware Detection Approaches: Analysis and Research Challenges," IEEE Access, vol. 7, pp. 182459-182476, 2019, doi: 10.1109/ACCESS.2019.2960412.

A. Kapoor, A. Vora, and R. Yadav, “Cardiac devices and cyber attacks: How far are they real? How to overcome?,” Indian Heart Journal, vol. 71, no. 6, pp. 427–430, Nov. 2019, doi: 10.1016/j.ihj.2020.02.001.

M. Ngamboe, P. Berthier, N. Ammari, K. Dyrda, and J. M. Fernandez, “Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED),” International Journal of Information Security, vol. 20, no. 4, pp. 621–645, 2020, doi: 10.1007/s10207-020-00522-7.

N. M. Thomasian and E. Y. Adashi, “Cybersecurity in the Internet of Medical Things,” Health Policy and Technology, vol. 10, no. 3, p. 100549, Jul. 2021, doi: 10.1016/j.hlpt.2021.100549.

T. C., V. Bhanu S., and S. S., “Ensuring Communication Network Security for Medical Implantable Devices to Enhance Cyber Security,” International Journal of Intelligent Systems and Applications in Engineering, vol. 12, no. 2, pp. 486–494, 2023. [Online]. Available: https://www.ijisae.org/index.php/IJISAE/article/view/4293.

L. Pycroft and T. Z. Aziz, “Security of implantable medical devices with wireless connections: The dangers of cyber-attacks,” Expert Review of Medical Devices, vol. 15, no. 6, pp. 403–406, 2018, doi: 10.1080/17434440.2018.1483235.

A. Si-Ahmed, M. A. Al-Garadi, and N. Boustia, “Survey of Machine Learning based intrusion detection methods for Internet of Medical Things,” Applied Soft Computing, vol. 140, p. 110227, 2023, doi: 10.1016/j.asoc.2023.110227.

Y. He, A. Aliyu, M. Evans, and C. Luo, “Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review,” Journal of Medical Internet Research, vol. 23, no. 4, p. e21747, 2021, doi: 10.2196/21747.

R. U. Rasool, H. F. Ahmad, W. Rafique, A. Qayyum, and J. Qadir, “Security and privacy of internet of medical things: A contemporary review in the age of surveillance, botnets, and adversarial ML,” Journal of Network and Computer Applications, vol. 201, p. 103332, 2022, doi: 10.1016/j.jnca.2022.103332.

I. Ahmed, H. Karvonen, T. Kumpuniemi, and M. Katz, “Wireless Communications for the Hospital of the Future: Requirements, Challenges and Solutions,” International Journal of Wireless Information Networks, vol. 27, no. 1, pp. 4–17, Oct. 2019, doi: 10.1007/s10776-019-00468-1.

R. Hireche, H. Mansouri, and A.-S. K. Pathan, “Security and Privacy Management in Internet of Medical Things (IoMT): A Synthesis,” Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 640–661, 2022, doi: 10.3390/jcp2030033.

S. Rizvi, R. Orr, A. Cox, P. Ashokkumar, and M. R. Rizvi, “Identifying the attack surface for IoT network,” Internet of Things, vol. 9, p. 100162, 2020, doi: 10.1016/j.iot.2020.100162.

G. Zheng et al., "Finger-to-Heart (F2H): Authentication for Wireless Implantable Medical Devices," in IEEE Journal of Biomedical and Health Informatics, vol. 23, no. 4, pp. 1546-1557, 2019, doi: 10.1109/JBHI.2018.2864796.

Woodholme Cardiovascular Asscociates, "Pacemaker," 2024. [Online]. Available: https://woodholmecardio.com/services/pacemaker/.

M. Kintzlinger and N. Nissim, “Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems,” Journal of Biomedical Informatics, vol. 95, p. 103233, 2019, doi: 10.1016/j.jbi.2019.103233.

B. Vandenberk and S. R. Raj, “Remote Patient Monitoring: What Have We Learned and Where Are We Going?,” Current Cardiovascular Risk Reports, vol. 17, no. 6, pp. 103–115, 2023, doi: 10.1007/s12170-023-00720-7.

P. Pritika, B. Shanmugam, and S. Azam, “Risk Assessment of Heterogeneous IoMT Devices: A Review,” Technologies, vol. 11, no. 1, p. 31, 2023, doi: 10.3390/technologies11010031.

M. Elhoseny et al., “Security and Privacy Issues in Medical Internet of Things: Overview, Countermeasures, Challenges and Future Directions,” Sustainability, vol. 13, no. 21, p. 11645, 2021, doi: 10.3390/su132111645.

A. I. Newaz, A. K. Sikder, M. A. Rahman, and A. S. Uluagac, “A Survey on Security and Privacy Issues in Modern Healthcare Systems,” ACM Transactions on Computing for Healthcare, vol. 2, no. 3, pp. 1–44, 2021, doi: 10.1145/3453176.

Y. Yamout, T. S. Yeasar, S. Iqbal, and M. Zulkernine, “Beyond Smart Homes: An In-Depth Analysis of Smart Aging Care System Security,” ACM Computing Surveys, vol. 56, no. 2, pp. 1–35, 2023, doi: 10.1145/3610225.

S. Rizvi, R. Pipetti, N. McIntyre, J. Todd, and I. Williams, “Threat model for securing internet of things (IoT) network at device-level,” Internet of Things, vol. 11, p. 100240, 2020, doi: 10.1016/j.iot.2020.100240.

J. Shahid, R. Ahmad, A. K. Kiani, T. Ahmad, S. Saeed, and A. M. Almuhaideb, “Data Protection and Privacy of the Internet of Healthcare Things (IoHTs),” Applied Sciences, vol. 12, no. 4, p. 1927, 2022, doi: 10.3390/app12041927.

R. Altawy and A. M. Youssef, "Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Devices," in IEEE Access, vol. 4, pp. 959-979, 2016, doi: 10.1109/ACCESS.2016.2521727.

I. Stine, M. Rice, S. Dunlap, and J. Pecarina, “A cyber risk scoring system for medical devices,” International Journal of Critical Infrastructure Protection, vol. 19, pp. 32–46, 2017, doi: 10.1016/j.ijcip.2017.04.001.

L. Wu, X. Du, M. Guizani and A. Mohamed, "Access Control Schemes for Implantable Medical Devices: A Survey," in IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1272-1283, 2017, doi: 10.1109/JIOT.2017.2708042.

J. Fiaidhi and S. Mohammed, "Security and Vulnerability of Extreme Automation Systems: The IoMT and IoA Case Studies," in IT Professional, vol. 21, no. 4, pp. 48-55, 2019, doi: 10.1109/MITP.2019.2906442.

T. Yaqoob, H. Abbas and M. Atiquzzaman, "Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review," in IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723-3768, 2019, doi: 10.1109/COMST.2019.2914094.

G. Zheng, R. Shankaran, M. A. Orgun, L. Qiao and K. Saleem, "Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review," in IEEE Sensors Journal, vol. 17, no. 3, pp. 562-576, 2017, doi: 10.1109/JSEN.2016.2633973.

E. Kwarteng and M. Cebe, “A survey on security issues in modern Implantable Devices: Solutions and future issues,” Smart Health, vol. 25, p. 100295, 2022, doi: 10.1016/j.smhl.2022.100295.

L. Wasserman and Y. Wasserman, “Hospital cybersecurity risks and gaps: Review (for the non-cyber professional),” Frontiers in Digital Health, vol. 4, 2022, doi: 10.3389/fdgth.2022.862221.

I. H. Sarker, A. S. M. Kayes, S. Badsha, H. Alqahtani, P. Watters, and A. Ng, “Cybersecurity data science: an overview from machine learning perspective,” Journal of Big Data, vol. 7, no. 1, 2020, doi: 10.1186/s40537-020-00318-5.

M. Ahsan, K. E. Nygard, R. Gomes, M. M. Chowdhury, N. Rifat, and J. F. Connolly, “Cybersecurity Threats and Their Mitigation Approaches Using Machine Learning—A Review,” Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 527–555, 2022, doi: 10.3390/jcp2030027.

M. Zubair et al., “Secure Bluetooth Communication in Smart Healthcare Systems: A Novel Community Dataset and Intrusion Detection System,” Sensors, vol. 22, no. 21, p. 8280, 2022, doi: 10.3390/s22218280.

R. Chaganti, A. Mourade, V. Ravi, N. Vemprala, A. Dua, and B. Bhushan, “A Particle Swarm Optimization and Deep Learning Approach for Intrusion Detection System in Internet of Medical Things,” Sustainability, vol. 14, no. 19, p. 12828, 2022, doi: 10.3390/su141912828.

L. Fang, Y. Li, Z. Liu, C. Yin, M. Li and Z. J. Cao, "A Practical Model Based on Anomaly Detection for Protecting Medical IoT Control Services Against External Attacks," in IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4260-4269, 2021, doi: 10.1109/TII.2020.3011444.

G. Zachos, I. Essop, G. Mantas, K. Porfyrakis, J. C. Ribeiro, and J. Rodriguez, “An Anomaly-Based Intrusion Detection System for Internet of Medical Things Networks,” Electronics, vol. 10, no. 21, p. 2562, 2021, doi: 10.3390/electronics10212562.

G. Thamilarasu, A. Odesile and A. Hoang, "An Intrusion Detection System for Internet of Medical Things," in IEEE Access, vol. 8, pp. 181560-181576, 2020, doi: 10.1109/ACCESS.2020.3026260.

A. A. Hady, A. Ghubaish, T. Salman, D. Unal and R. Jain, "Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study," in IEEE Access, vol. 8, pp. 106576-106584, 2020, doi: 10.1109/ACCESS.2020.3000421.

H. Taherdoost, “What are Different Research Approaches? Comprehensive Review of Qualitative, Quantitative, and Mixed Method Research, Their Applications, Types, and Limitations,” Journal of Management Science & Engineering Research, vol. 5, no. 1, pp. 53–63, 2022, doi: 10.30564/jmser.v5i1.4538.

M. Hassan, "Quantitative Research – Methods, Types and Analysis," 2024. [Online]. Available: https://researchmethod.net/quantitative-research/.

WUSTL, "Washinton University in St. Louis," 2020. [Online]. Available: https://www.cse.wustl.edu/~jain/ehms/index.html. [Accessed 2024].

V. Ravi, T. D. Pham, and M. Alazab, “Deep Learning-Based Network Intrusion Detection System for Internet of Medical Things,” IEEE Internet of Things Magazine, vol. 6, no. 2, pp. 50–54, Jun. 2023, doi: 10.1109/iotm.001.2300021.

Creative Commons, "CC BY 4.0 DEED - Attribution 4.0 International," 2020. [Online]. Available: https://creativecommons.org/licenses/by/4.0/deed.en.

Anaconda, "The Operating System for AI," 2024. [Online]. Available: https://www.anaconda.com/.

M. Alalhareth and S.-C. Hong, “An Improved Mutual Information Feature Selection Technique for Intrusion Detection Systems in the Internet of Medical Things,” Sensors, vol. 23, no. 10, p. 4971, 2023, doi: 10.3390/s23104971.

Y. K. Saheed and M. O. Arowolo, "Efficient Cyber Attack Detection on the Internet of Medical Things-Smart Environment Based on Deep Recurrent Neural Network and Machine Learning Algorithms," IEEE Access, vol. 9, pp. 161546-161554, 2021, doi: 10.1109/ACCESS.2021.3128837.

A. Abdo, R. Mostafa, and L. Abdel-Hamid, “An Optimized Hybrid Approach for Feature Selection Based on Chi-Square and Particle Swarm Optimization Algorithms,” Data, vol. 9, no. 2, p. 20, 2024, doi: 10.3390/data9020020.

F. Khan, X. Yu, Z. Yuan, and A. U. Rehman, “ECG classification using 1-D convolutional deep residual neural network,” PLoS ONE, vol. 18, no. 4, p. e0284791, 2023, doi: 10.1371/journal.pone.0284791.

A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, 2019, doi: 10.1186/s42400-019-0038-7.

P. Verma et al., “A Novel Intrusion Detection Approach Using Machine Learning Ensemble for IoT Environments,” Applied Sciences, vol. 11, no. 21, p. 10268, 2021, doi: 10.3390/app112110268.

A. Rehman, T. Alam, M. Mujahid, F. S. Alamri, B. A. Ghofaily, and T. Saba, “RDET stacking classifier: a novel machine learning based approach for stroke prediction using imbalance data,” PeerJ Computer Science, vol. 9, p. e1684, 2023, doi: 10.7717/peerj-cs.1684.

C. Iwendi, J. H. Anajemba, C. Biamba, and D. Ngabo, “Security of Things Intrusion Detection System for Smart Healthcare,” Electronics, vol. 10, no. 12, p. 1375, 2021, doi: 10.3390/electronics10121375.

K. N. Qureshi, S. Din, G. Jeon, and F. Piccialli, “An accurate and dynamic predictive model for a smart M-Health system using machine learning,” Information Sciences, vol. 538, pp. 486–502, 2020, doi: 10.1016/j.ins.2020.06.025.

S. S. Hameed, W. H. Hassan, L. A. Latiff, and F. Ghabban, “A systematic review of security and privacy issues in the internet of medical things; the role of machine learning approaches,” PeerJ Computer Science, vol. 7, p. e414, 2021, doi: 10.7717/peerj-cs.414.

S. T. Argaw et al., “Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks,” BMC Medical Informatics and Decision Making, vol. 20, no. 1, 2020, doi: 10.1186/s12911-020-01161-7.