FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications
Abstract
:1. Introduction
- Proposing an IDS model for preventing attacks on a healthcare system using lightweight detection model to cope with insufficient memory space and resource-constraint considerations of edge nodes. The ANN was selected because of its advantages, as it does not have any restrictions on datasets and its distribution and has better performance with the heterogeneity of data in IoT devices, such as ICU in healthcare systems.
- Introducing an edge-cloud IDS architecture in a federated way to prevent the centralized manner problems, such as single point of failure, and preserve the privacy of the local trained data, which is necessary for various applications in the healthcare sector. Besides that, applying the detection model at the edge layer near the source of the attacks makes the detection response quicker, as well as reduces the cloud’s workload.
- Integrating blockchain technology with FL manner to store the local weights for updating the global model, which protects the system from poisoning attacks and provides full transparency and immutability over the distributed training process.
2. Materials and Methods
2.1. Proposed System
- Healthcare data perception layer: this contains ICU IoT devices with sensors. ICU case devices could be classified into two categories: room environmental monitoring devices and patient health monitoring devices.
- Edge-based blockchain layer: this consists of IoT gateways. Each gateway contains some healthcare sensing devices. There is no global internal protocol for physical healthcare sensors; therefore, a lot of network access protocols were supported by the gateways. An IoT gateway is responsible for performing a multi-attack detection. At the edge server (ES), a lightweight IDS was developed to normalize their data and detect several ANN-based attacks. The proposed module will be developed in the FL mode and trained in the edge layer so as to protect the cloud or other resources if a particular attack happens, as it blocks the data from its gateway. The detection time of intrusion will be smaller as the attack resources are near. In addition, there will be lesser computing and processing capacity because the FL model deals with smaller sets of data. After the module learning process is completed, the weights of each local model will be sent to a blockchain-distributed ledger and stored in chained blocks that connect gateway nodes with a server node in the next cloud layer. These chained blocks will be further used for aggregation and averaging purposes. Finally, that chain is protected using a cryptographic hash function that connects the blocks together in the chain and, consequently, it cannot be manipulated or changed, as it operates by consensus algorithms (smart contracts). The flow execution of the overall system is described in Figure 2. The proposed FIDChain model provides a solution to poisoning attacks, which is one of the most important challenges facing FL. In which, every ES acquires the values of the updated weights and encrypts the collected data and generates the corresponding signature using its own secret key. Then ES aggregates the ciphertext and submits it with the signature to the activated blockchain layer controlled by a smart contract, keeping control of data privacy and data integrity. When receiving the data of all ESs, smart contract verifies the validity of these messages using the ES’ public keys and stored data as blockchain hashed blocks under smart contract rules. In turn, the central public cloud center (CPCC) can fetch the stored blocks from the activated blockchain, the CPCC can retrieve the aggregated plaintext using its own secret key. In general applications of IoT edge computing, the communications between CPCC and ESs, and ES and the corresponding local model are both two-way. As in terminal edge computing-based data storage, local model can both upload and download the data to or from CPCC via blochchain network and ES. Algorithm 1 gives the pseudocode for the FIDChain.
- Network layer: this is responsible for securing transaction of data from the lower layer to the higher layer. It is considered as the connectivity layer that aims to provide routing management.
- Cloud-based blockchain layer: the cloud is in charge of aggregated weights in the blockchain ledger from the ESs, taking average weights and updating the global weights of the ANN algorithm. Periodically, the cloud sends the aforementioned updated weights to all gateways for updating local models’ weights to protect the network efficiently. Figure 3 describes the diagram of the FIDChain aggregation of local and global weights into the blockchain network.
- Application layer: this is responsible for monitoring healthcare vital signs.
- Business layer: this helps managers of the whole healthcare application service to create business models, flow charts, and executive reports based on analyzed and received data from lower layers.
Algorithm 1: FIDChain | |
1: | Input: N is the node number atIDSFChain; g is global round; C is local epochs; M is the local batch size; K no. of edge gateways; nk is size of data partition of edge gateway k; and η is the learning rate. |
2: | Output: updated weights W |
3: | Procedure Server_ Node1 _Update: |
4: | Initialize w0 |
5: | //IDSFChain is name of blockchain network |
6: | Node1: creates IDSFChain |
7: | Node1: connects to IDSFChainwith ip address |
8: | For each local edge from 1 to C do |
9: | //IDSFChainnode no. = edge node no. + 1 |
10: | N = C + 1 |
11: | Node1: grant mining of other nodes (sending and writing) |
12: | NodeN: connects to IDSFChain with ip address |
13: | End for |
14: | Node1: publish initial weights w0 |
15: | For each global epoch g = 1, 2, … do |
16: | For each NodeN ∈ IDSFChain N from 2 to (k + 1) in parallel do |
17: | ← Edge_Nodes_Update (NodeN, wg) |
18: | End for |
19: | ← |
20: | Where: |
21: | W ← |
22: | Node1: publish updated global W to IDSFChain |
23: | End for |
24: | End procedure |
25: | Procedure Edge_Nodes_Update (N, W): |
26: | M ← (split data nk into batches of size M) |
27: | // train local models at the edge in feed-forward propagation |
28: | For each local epoch C = 1, 2, … do |
29: | // update local weights in back propagation using stochastic gradient descending (SDG) |
30: | W ← W − η ∇ (W) |
31: | Where: ∇ (W) is the average gradient on edge local data |
32: | End for |
33: | NodeN: publish updated local w to IDSFChain |
34: | End procedure |
2.2. Detection Model Description
- The same structure and hyper-parameters for all local models, but they are trained with different partitions of the origin dataset.
- The same initial weights for all the clients.
- The weight updates are published to the clients synchronously and regardless of their participation in the last global epoch.
- Common learning rate to all the clients.
3. Results
3.1. Working Environment
3.1.1. Hardware Characteristics
3.1.2. Software Characteristics
3.2. Data Preprocessing
- Removing nominal features and excessive network traffic information by dropping their columns.
- Replacing Null/NaN values with mean or median values.
- Using LabelEncoder function in scikit learn library to encode nonnumeric or symbolic labels into numeric values between 0 and n_classes-1 to be appropriate for learning and testing the proposed model.
- For binary classification, normal and attack traffic attributes were labeled to 0 and 1, respectively.
- Normalizing high-dimensional features using MinMaxScalar function in scikit learn library to a range of (0, 1) to retain feature’s original distribution.
- Dividing dataset into five smaller client datasets to simulate data of five edge devices (acting as gateways for the monitored systems). The dataset was partitioned in such a way that each client with local model can recognize anomalous traffic or intrusions.
- Random splitting of processed dataset into training set (80%) and testing set (20%), knowing that there is no duplication between the testing and the training traffic.
3.3. BoT_IoT Dataset
3.3.1. Dataset Description
3.3.2. Feature Selection
3.4. Evaluation Methodology of Detection Model
3.5. Testing FIDChain Algorithm with BoT-IoT Dataset
3.6. Evaluating Blockchain with the Federated System
3.7. Comparison of FIDChain with the State of the Art
3.8. Testing FIDChain with ANN Using Different Data Sets
4. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Shaikh, S.; Chitre, V. Healthcare monitoring system using IoT. In Proceedings of the 2017 International Conference on Trends in Electronics and Informatics (ICEI), Tirunelveli, India, 11–12 May 2017. [Google Scholar]
- Rohokale, V.M.; Prasad, N.R.; Prasad, R. A cooperative Internet of Things (IoT) for rural healthcare monitoring and control. In Proceedings of the 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), Chennai, India, 28 February–3 March 2011. [Google Scholar]
- Sharma, P.; Borah, M.D.; Namasudra, S. Improving security of medical big data by using Blockchain technology. Comput. Electr. Eng. 2021, 96, 107529. [Google Scholar] [CrossRef]
- Li, H.; Yang, X.; Wang, H.; Wei, W.; Xue, W. A Controllable Secure Blockchain-Based Electronic Healthcare Records Sharing Scheme. J. Healthc. Eng. 2022, 2022, 2058497. [Google Scholar] [CrossRef] [PubMed]
- Azbeg, K.; Ouchetto, O.; Andaloussi, S.J.; Fetjah, L. A taxonomic review of the use of IoT and blockchain in healthcare applications. IRBM, 2021; in press. [Google Scholar] [CrossRef]
- Aujla, G.S.; Jindal, A. A decoupled blockchain approach for edge-envisioned IoT-based healthcare monitoring. IEEE J. Sel. Areas Commun. 2020, 39, 491–499. [Google Scholar] [CrossRef]
- Yaqoob, I.; Salah, K.; Jayaraman, R.; Al-Hammadi, Y. Blockchain for healthcare data management: Opportunities, challenges, and future recommendations. Neural Comput. Appl. 2021, 8, 1–16. [Google Scholar] [CrossRef]
- Shen, B.; Guo, J.; Yang, Y. MedChain: Efficient healthcare data sharing via blockchain. Appl. Sci. 2019, 9, 1207. [Google Scholar] [CrossRef] [Green Version]
- Jamil, F.; Ahmad, S.; Iqbal, N.; Kim, D.H. Towards a remote monitoring of patient vital signs based on IoT-based blockchain integrity management platforms in smart hospitals. Sensors 2020, 20, 2195. [Google Scholar] [CrossRef] [Green Version]
- Sahoo, M.; Singhar, S.S.; Nayak, B.; Mohanta, B.K. A blockchain based framework secured by ecdsa to curb drug counterfeiting. In Proceedings of the 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kanpur, India, 6–8 July 2019. [Google Scholar]
- Xu, H.; Zhang, L.; Onireti, O.; Fang, Y.; Buchanan, W.J.; Imran, M.A. BeepTrace: Blockchain-enabled privacy-preserving contact tracing for COVID-19 pandemic and beyond. IEEE Internet Things J. 2020, 8, 3915–3929. [Google Scholar] [CrossRef]
- Yin, L.; Luo, X.; Zhu, C.; Wang, L.; Xu, Z.; Lu, H. ConnSpoiler: Disrupting C&C communication of IoT-based botnet through fast detection of anomalous domain queries. IEEE Trans. Ind. Inform. 2019, 16, 1373–1384. [Google Scholar]
- Walker-Roberts, S.; Hammoudeh, M.; Aldabbas, O.; Aydin, M.; Dehghantanha, A. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. J. Supercomput. 2020, 76, 2643–2664. [Google Scholar] [CrossRef] [Green Version]
- Antonakakis, M.; April, T.; Bailey, M.; Bernhard, M.; Bursztein, E.; Cochran, J.; Durumeric, Z.; Halderman, J.A.; Invernizzi, L.; Kallitsis, M.; et al. Understanding the mirai botnet. In In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada, 16–18 August 2017. [Google Scholar]
- Koroniotis, N.; Moustafa, N.; Sitnikova, E. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Gener. Comput. Syst. 2020, 110, 91–106. [Google Scholar] [CrossRef]
- Xiao, Y.; Wu, J.; Lin, Z.; Zhao, X. A deep learning-based multi-model ensemble method for cancer prediction. Comput. Methods Programs Biomed. 2018, 153, 1–9. [Google Scholar] [CrossRef] [PubMed]
- Chaabouni, N.; Mosbah, M.; Zemmari, A.; Sauvignac, C.; Faruki, P. Network intrusion detection for IoT security based on learning techniques. IEEE Commun. Surv. Tutor. 2019, 21, 2671–2701. [Google Scholar] [CrossRef]
- Mohapatra, S.; Parija, S. A Brief Understanding of IOT Health Care Service Model Over Remotely Cloud Connected Environment. In Advances in Intelligent Computing and Communication; Springer: Berlin/Heidelberg, Germany, 2020; pp. 46–51. [Google Scholar]
- Doriguzzi-Corin, R.; Millar, S.; Scott-Hayward, S.; Martinez-del-Rincon, J.; Siracusa, D. LUCID: A practical, lightweight deep learning solution for DDoS attack detection. IEEE Trans. Netw. Serv. Manag. 2020, 17, 876–889. [Google Scholar] [CrossRef] [Green Version]
- Latif, S.; Zou, Z.; Idrees, Z.; Ahmad, J. A novel attack detection scheme for the industrial internet of things using a lightweight random neural network. IEEE Access 2020, 8, 89337–89350. [Google Scholar] [CrossRef]
- Chen, Z.; Lv, N.; Liu, P.; Fang, Y.; Chen, K.; Pan, W. Intrusion detection for wireless edge networks based on federated learning. IEEE Access 2020, 8, 217463–217472. [Google Scholar] [CrossRef]
- Lin, F.; Zhou, Y.; An, X.; You, I.; Choo, K.K. Fair resource allocation in an intrusion-detection system for edge computing: Ensuring the security of Internet of Things devices. IEEE Consum. Electron. Mag. 2018, 7, 45–50. [Google Scholar] [CrossRef]
- Cassales, G.W.; Senger, H.; de Faria, E.R.; Bifet, A. IDSA-IoT: An intrusion detection system architecture for IoT networks. In Proceedings of the 2019 IEEE Symposium on Computers and Communications (ISCC), Barcelona, Spain, 29 June–3 July 2019. [Google Scholar]
- Alwarafy, A.; Al-Thelaya, K.A.; Abdallah, M.; Schneider, J.; Hamdi, M. A survey on security and privacy issues in edge-computing-assisted internet of things. IEEE Internet Things J. 2020, 8, 4004–4022. [Google Scholar] [CrossRef]
- Lim, W.Y.; Luong, N.C.; Hoang, D.T.; Jiao, Y.; Liang, Y.C.; Yang, Q.; Niyato, D.; Miao, C. Federated learning in mobile edge networks: A comprehensive survey. IEEE Commun. Surv. Tutor. 2020, 22, 2031–2063. [Google Scholar] [CrossRef] [Green Version]
- Wang, S.; Tuor, T.; Salonidis, T.; Leung, K.K.; Makaya, C.; He, T.; Chan, K. Adaptive federated learning in resource constrained edge computing systems. IEEE J. Sel. Areas Commun. 2019, 37, 1205–1221. [Google Scholar] [CrossRef] [Green Version]
- Agrawal, S.; Sarkar, S.; Aouedi, O.; Yenduri, G.; Piamrat, K.; Bhattacharya, S.; Maddikunta, P.K.; Gadekallu, T.R. Federated learning for intrusion detection system: Concepts, challenges and future directions. arXiv 2021, arXiv:2106.09527. [Google Scholar]
- McMahan, H.B.; Moore, E.; Ramage, D.; y Arcas, B.A. Federated learning of deep networks using model averaging. arXiv 2016, arXiv:1602,05629. [Google Scholar]
- Zhao, Y.; Chen, J.; Wu, D.; Teng, J.; Yu, S. Multi-task network anomaly detection using federated learning. In Proceedings of the Tenth International Symposium on Information and Communication Technology, Hanoi, Vietnam, 4–6 December 2019. [Google Scholar]
- Rajendran, S.; Obeid, J.S.; Binol, H.; Foley, K.; Zhang, W.; Austin, P.; Brakefield, J.; Gurcan, M.N.; Topaloglu, U. Cloud-based federated learning implementation across medical centers. JCO Clin. Cancer Inform. 2021, 5, 1–11. [Google Scholar] [CrossRef] [PubMed]
- Rieke, N.; Hancox, J.; Li, W.; Milletari, F.; Roth, H.R.; Albarqouni, S.; Bakas, S.; Galtier, M.N.; Landman, B.A.; Maier-Hein, K.; et al. The future of digital health with federated learning. NPJ Digit. Med. 2020, 3, 1–7. [Google Scholar]
- Kairouz, P.; McMahan, H.B.; Avent, B.; Bellet, A.; Bennis, M.; Bhagoji, A.N.; Bonawitz, K.; Charles, Z.; Cormode, G.; Cummings, R.; et al. Advances and open problems in federated learning. Found. Trends® Mach. Learn. 2021, 14, 1–210. [Google Scholar] [CrossRef]
- Nguyen, T.D.; Rieger, P.; Miettinen, M.; Sadeghi, A.R. Poisoning attacks on federated learning-based iot intrusion detection system. In Proceedings of the Workshop on Decentralized IoT Systems and Security (DISS) 2020, San Diego, CA, USA, 23–26 February 2020. [Google Scholar]
- Bagdasaryan, E.; Veit, A.; Hua, Y.; Estrin, D.; Shmatikov, V. How to backdoor federated learning. In Proceedings of the International Conference on Artificial Intelligence and Statistics, Online, 26–28 August 2020. [Google Scholar]
- Zhang, J.; Chen, J.; Wu, D.; Chen, B.; Yu, S. Poisoning attack in federated learning using generative adversarial nets. In Proceedings of the 18th IEEE International Conference on Trust, Security And Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 5–8 August 2019. [Google Scholar]
- Alkadi, O.; Moustafa, N.; Turnbull, B.; Choo, K.K. A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks. IEEE Internet Things J. 2020, 8, 9463–9472. [Google Scholar] [CrossRef]
- Aldhaheri, S.; Alghazzawi, D.; Cheng, L.; Alzahrani, B.; Al-Barakati, A. Deepdca: Novel network-based detection of iot attacks using artificial immune system. Appl. Sci. 2020, 10, 1909. [Google Scholar] [CrossRef] [Green Version]
- Huong, T.T.; Bac, T.P.; Long, D.M.; Thang, B.D.; Binh, N.T.; Luong, T.D.; Phuc, T.K. Lockedge: Low-complexity cyberattack detection in iot edge computing. IEEE Access 2021, 9, 29696–29710. [Google Scholar] [CrossRef]
- Shenfield, A.; Day, D.; Ayesh, A. Intelligent intrusion detection systems using artificial neural networks. ICT Express 2018, 4, 95–99. [Google Scholar] [CrossRef]
- Dias, L.P.; Cerqueira, J.D.; Assis, K.D.; Almeida, R.C. Using artificial neural network in intrusion detection systems to computer networks. In Proceedings of the 9th Computer Science and Electronic Engineering (CEEC), Colchester, UK, 27–29 September 2017. [Google Scholar]
- Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Gener. Comput. Syst. 2019, 100, 779–796. [Google Scholar] [CrossRef] [Green Version]
- Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B. The Bot-IoT Dataset. Available online: https://research.unsw.edu.au/projects/bot-iot-dataset (accessed on 4 May 2021).
- Lesne, A. Shannon entropy: A rigorous notion at the crossroads between probability, information theory, dynamical systems and statistical physics. Math. Struct. Comput. Sci. 2014, 24, e240311. [Google Scholar] [CrossRef] [Green Version]
- Balaha, H.M.; Saif, M.; Tamer, A.; Abdelhay, E.H. Hybrid deep learning and genetic algorithms approach (HMB-DLGAHA) for the early ultrasound diagnoses of breast cancer. Neural Comput. Appl. 2022, 34, 8671–8695. [Google Scholar] [CrossRef]
- Mohamed Amer, G.; Abd El Hay, E.H.; Abdel-Baset, I.Y.; Abd El Azim Mohamed, M. Development Machine Learning Techniques to Enhance Cyber Security Algorithms. (Dept. E). MEJ Mansoura Eng. J. 2021, 46, 36–46. [Google Scholar] [CrossRef]
- Suzuki, K. Artificial Neural Networks: Methodological Advances and Biomedical Applications; BoD–Books on Demand: Norderstedt, Germany, 2011. [Google Scholar]
- Kumar, P.; Kumar, R.; Gupta, G.P.; Tripathi, R. A Distributed framework for detecting DDoS attacks in smart contract-based Blockchain-IoT Systems by leveraging Fog computing. Trans. Emerg. Telecommun. Technol. 2021, 32, e4112. [Google Scholar] [CrossRef]
- Preuveneers, D.; Rimmer, V.; Tsingenopoulos, I.; Spooren, J.; Joosen, W.; Ilie-Zudor, E. Chained anomaly detection models for federated learning: An intrusion detection case study. Appl. Sci. 2018, 8, 2663. [Google Scholar] [CrossRef] [Green Version]
- Fatani, A.; Abd Elaziz, M.; Dahou, A.; Al-Qaness, M.A.; Lu, S. IoT Intrusion Detection System Using Deep Learning and Enhanced Transient Search Optimization. IEEE Access 2021, 9, 123448–123464. [Google Scholar] [CrossRef]
- Ferrag, M.A.; Maglaras, L.; Moschoyiannis, S.; Janicke, H. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. J. Inf. Secur. Appl. 2020, 50, 102419. [Google Scholar] [CrossRef]
- Ferrag, M.A.; Maglaras, L. DeepCoin: A novel deep learning and blockchain-based energy exchange framework for smart grids. IEEE Trans. Eng. Manag. 2019, 67, 1285–1297. [Google Scholar] [CrossRef] [Green Version]
- Pokhrel, S.; Abbas, R.; Aryal, B. IoT Security: Botnet detection in IoT using Machine learning. arXiv 2021, arXiv:2104.02231. [Google Scholar]
- Hussain, F.; Abbas, S.G.; Shah, G.A.; Pires, I.M.; Fayyaz, U.U.; Shahzad, F.; Garcia, N.M.; Zdravevski, E. A framework for malicious traffic detection in IoT healthcare environment. Sensors 2021, 21, 3025. [Google Scholar] [CrossRef]
- Shafiq, M.; Tian, Z.; Bashir, A.K.; Du, X.; Guizani, M. CorrAUC: A malicious bot-IoT traffic detection method in IoT network using machine-learning techniques. IEEE Internet Things J. 2020, 8, 3242–3254. [Google Scholar] [CrossRef]
- CSE-CIC-IDS2018 Dataset. Available online: https://www.unb.ca/cic/datasets/ids-2018,html (accessed on 8 December 2021).
- Botnet Dataset. Available online: https://www.unb.ca/cic/datasets/botnet.html (accessed on 23 October 2021).
- Kdd Cup 1999. Available online: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed on 30 May 2021).
Hyper-Parameters | Value |
---|---|
Learning rate | 0.001:0.1 (+0.01) |
Number of epochs | 2:10 (+1) |
Batch size | 100:1000 (+100) |
Classification type | Binary |
Activation function | Sigmoid |
Optimization algorithm | Stochastic gradient descent (SGD) |
State_Number | Numerical Representation of Feature State |
---|---|
Seq | Argus sequence number |
N_IN_Conn_P_SrcIP | Number of inbound connections per source IP |
N_IN_Conn_P_DstIP | Number of inbound connections per destination IP |
Srate | Source-to-destination packets per second |
Drate | Destination-to-source packets per second |
Min | Minimum duration of aggregated records |
Max | Maximum duration of aggregated records |
Mean | Average duration of aggregated records |
Stddev | Standard deviation of aggregated records |
Metric | Equation | Definition |
---|---|---|
Accuracy | Ratio of correctly predicted instances to total number of predicted instances. | |
Precision (Detection rate) | Ratio of the correctly predicted positive instances to total positive predictions. | |
Recall (Sensitivity) | Ratio of the correctly predicted positive instances to the overall available positive data category. | |
Specificity | Ratio of the correctly predicted negative instances to the overall available negative data category. | |
F1-score | Hybrid metric indicates the overall performance of the model respecting to both precision and recall, useful for unbalanced classes | |
False alarm rate | Ratio of false positive alarms per the total number of false prediction warnings or alarms. |
ML Algorithm | ANN | XGBOOST | ||
---|---|---|---|---|
Dataset Version | Full Features | Best 10 Features | Full Features | Best 10 Features |
Accuracy | 99.99% | 99.99% | 98.40% | 98.96% |
Precision (Detection Rate) | 100% | 100% | 99.36% | 99.38% |
Recall (Sensitivity) | 99.99% | 99.99% | 99.59% | 99.57% |
F-score | 99.99% | 99.99% | 99.47% | 99.47% |
Specificity | 88.89% | 100% | 56.98% | 57.12% |
False Alarm Rate | 11.11% | 0% | 43.02% | 42.88% |
Ref. | Model | Classification Type | Accuracy | Precision (Detection Rate) | Recall | F1-Score | Mode | Integration with Blockchain |
---|---|---|---|---|---|---|---|---|
[49] | CNN-TSODE | Binary | 99.99% | 99.99% | 99.99% | 99.99% | Centralized | No |
Multi | 99.04% | 99.04% | 99.04% | 99.04% | ||||
[50] | DNN | Multi | 98.37% | - | - | - | Centralized | No |
RNN | ||||||||
CNN | ||||||||
[51] | RNN | Multi | 98.20% | - | - | - | Centralized | No |
[37] | DeepDCA (DCA-SNN) | Binary | 98.73% | 99.17% | 98.36% | 98.77% | Centralized | No |
[52] | Naive Bayes | Binary | 51.5% | - | - | - | Centralized | No |
KNN | 92.1% | - | - | - | ||||
ANN | 82.8% | - | - | - | ||||
[47] | RF | Multi | 99.99% | 99.99% | 99.99% | 99.99% | Centralized | Yes |
XGBoost | 99.99% | 87.77% | 94.36% | 87.90% | ||||
[53] | NB | Binary | 52.18% | 79.67% | 99.70% | 69.50% | Centralized | No |
KNN | 99.48% | 99.65% | 99.68% | 99.58% | ||||
RF | 99.51% | 99.70% | 99.79% | 99.65% | ||||
Log R | 99.50% | 95.28% | 90.39% | 94.70% | ||||
DT | 99.47% | 99.69% | 99.79% | 99.63% | ||||
[54] | decision tree | Multi | 99.99% | 97.10% | 94.27% | 98.95% | Centralized | No |
Naive Bayes | 97.49% | 56.28% | 57.95% | 98.44% | ||||
Random Forest | 99.98% | 95.05% | 91.37% | 99.99% | ||||
SVM | 97.80% | 57.89% | 43.24% | 98.48% | ||||
[38] | ANN | Multi | 99.9% | - | - | - | Centralized | No |
92.5% | - | - | - | Federated | ||||
Our work | ANN | Binary | 99.99% | 100% | 99.99% | 99.99% | Federated | Yes |
Dataset | Description |
---|---|
CSE-CIC-IDS2018 [55] | Network traffic-based dataset proposed by the Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC) including 7 botnet types with 80 network flow features. |
Bot Net IoT [56] | Internet-connected devices-based dataset proposed by Beigi et al. which is divided into training (with 7 botnet types) and test datasets (with 16 botnet types) with four groups of features (byte-based, packet-based, time, and behavior-based). |
KDD Cup 99 [57] | Network traffic-based dataset consists of approximately 4,900,000 vectors. The botnet types are divided into four categories (user-to-root attack (U2R), remote-to-local attack (R2L), probing attack, and denial-of-service attack (DoS)) containing 41 features, which are categorized into three classes (basic features, traffic features, and content features). |
Dataset | Precision (Detection Rate) | Recall (Sensitivity) | F-Score | Specificity | Accuracy | False Alarm Rate |
---|---|---|---|---|---|---|
CSE-CIC-IDS2018 | 0.4461 | 0.8581 | 0.5870 | 0.8589 | 0.8588 | 0.1411 |
Bot Net IoT | 1.0000 | 0.9742 | 0.9869 | 0.9996 | 0.9756 | 0.0004 |
Bot-IoT (10 Features) | 1.0000 | 0.9999 | 0.9999 | 1.0000 | 0.9999 | 0.0000 |
Bot-IoT (All Features) | 1.0000 | 0.9999 | 0.9999 | 0.8889 | 0.9999 | 0.1111 |
KDD Cup 99 | 0.9709 | 0.9491 | 0.9599 | 0.9928 | 0.9840 | 0.0072 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ashraf, E.; Areed, N.F.F.; Salem, H.; Abdelhay, E.H.; Farouk, A. FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications. Healthcare 2022, 10, 1110. https://doi.org/10.3390/healthcare10061110
Ashraf E, Areed NFF, Salem H, Abdelhay EH, Farouk A. FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications. Healthcare. 2022; 10(6):1110. https://doi.org/10.3390/healthcare10061110
Chicago/Turabian StyleAshraf, Eman, Nihal F. F. Areed, Hanaa Salem, Ehab H. Abdelhay, and Ahmed Farouk. 2022. "FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications" Healthcare 10, no. 6: 1110. https://doi.org/10.3390/healthcare10061110
APA StyleAshraf, E., Areed, N. F. F., Salem, H., Abdelhay, E. H., & Farouk, A. (2022). FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications. Healthcare, 10(6), 1110. https://doi.org/10.3390/healthcare10061110