Real-Time Intrusion Detection with Sequence-Aware Neural Networks for Internet of Medical Things

The Internet of Medical Things (IoMT) is a critical environment in terms of mitigation of cyberattacks since every minute counts, and long delays in detecting these attacks can have severe consequences for people's lives. This paper addresses the reduction of detection delays in IoMT by experimenting with learning models based on Recurrent Neural Networks (RNN), Gated Recurrent Units (GRU), and Transformers in a real-time Intrusion Detection System (IDS). Regarding detection accuracy of the IDS, joint learning of payload and header fields is applied. Our proposed IDS shows promising results: for instance, the Transformer model achieves 97.42% accuracy using only header information, a 52% improvement over the best baseline, and classifies 68.76 packets per second, 114 times more than the fastest baseline. The RNN model achieves a throughput rate of 226.80 flows per second and the GRU model classifies 330.12 flows per second. Our models generally outperform traditional methods in different network traffic stages, mainly when data is sparse. Joint learning from the payload and header fields increases detection accuracy to 99.51% and reduces the false positive rate, highlighting the importance of using both data types in IDS. An additional contribution of this paper is the sharing of all the developed code as open-source software.