Article
A Hybrid Lightweight System for Early Attack Detection in the
IoMT Fog
Shilan S. Hameed
1,2
, Ali Selamat
1,3,4,5,
* , Liza Abdul Latiff
6
, Shukor A. Razak
3
, Ondrej Krejcar
5
,
Hamido Fujita
7,8,
* , Mohammad Nazir Ahmad Sharif
9
and Sigeru Omatu
10
Citation: Hameed, S.S.; Selamat, A.;
Abdul Latiff, L.; Razak, S.A.; Krejcar,
O.; Fujita, H.; Ahmad Sharif, M.N.;
Omatu, S. A Hybrid Lightweight
System for Early Attack Detection in
the IoMT Fog. Sensors 2021, 21, 8289.
https://doi.org/10.3390/s21248289
Academic Editors: YangQuan Chen,
Subhas Mukhopadhyay,
Nunzio Cennamo, M. Jamal Deen,
Junseop Lee and Simone Morais
Received: 11 October 2021
Accepted: 2 December 2021
Published: 11 December 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
1
Malaysia-Japan International Institute of Technology (MJIIT), University Teknologi Malaysia,
Kuala Lumpur 54100, Malaysia; hameed.s@graduate.utm.my
2
Directorate of Information Technology, Koya University, Koya 44023, Iraq
3
School of Computing, Faculty of Engineering, Universiti Teknologi Malaysia, Skudai 81310, Malaysia;
shukorar@utm.my
4
Media and Games Center of Excellence (MagicX), Universiti Teknologi Malaysia,
Skudai 81310, Malaysia
5
Center for Basic and Applied Research, Faculty of Informatics and Management, University of Hradec
Kralove, Rokitanskeho 62, 50003 Hradec Kralove, Czech Republic; ondrej.krejcar@uhk.cz
6
Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia,
Kuala Lumpur 54100, Malaysia; liza.kl@utm.my
7
i-SOMET Incorporated Association, Morioka 020-0104, Japan
8
Regional Research Center, Iwate Prefectural University, Takizawa 020-0693, Japan
9
Institute of IR4.0, Universiti Kebangsaan Malaysia, Bangi 43600, Malaysia; mnazir@ukm.edu.my
10
Graduate School, Hiroshima University, Kagamiyama, Higashihiroshima 739-8511, Japan;
omtsgr@gmail.com
* Correspondence: aselamat@utm.my (A.S.); HFujita-799@acm.org (H.F.)
Abstract:
Cyber-attack detection via on-gadget embedded models and cloud systems are widely used
for the Internet of Medical Things (IoMT). The former has a limited computation ability, whereas the
latter has a long detection time. Fog-based attack detection is alternatively used to overcome these
problems. However, the current fog-based systems cannot handle the ever-increasing IoMT’s big data.
Moreover, they are not lightweight and are designed for network attack detection only. In this work,
a hybrid (for host and network) lightweight system is proposed for early attack detection in the IoMT
fog. In an adaptive online setting, six different incremental classifiers were implemented, namely
a novel Weighted Hoeffding Tree Ensemble (WHTE), Incremental K-Nearest Neighbors (IKNN),
Incremental Naïve Bayes (INB), Hoeffding Tree Majority Class (HTMC), Hoeffding Tree Naïve Bayes
(HTNB), and Hoeffding Tree Naïve Bayes Adaptive (HTNBA). The system was benchmarked with
seven heterogeneous sensors and a NetFlow data infected with nine types of recent attack. The
results showed that the proposed system worked well on the lightweight fog devices with ~100%
accuracy, a low detection time, and a low memory usage of less than 6 MiB. The single-criteria
comparative analysis showed that the WHTE ensemble was more accurate and was less sensitive to
the concept drift.
Keywords:
IoMT; IoT; hybrid attack detection; incremental learning; machine learning; sensor’s data;
NetFlow data; NIDS; HIDS; fog computing
1. Introduction
Smart health systems such as the Internet of Medical Things (IoMT) and Medical
Cyber–Physical Systems (MCPSs) are a subset of the Internet of Things (IoTs) [
1
]. They
are gaining popularity via simple fitness gadgets connecting athletes to their smartphone
devices and cloud services [
2
]. IoMT is a broad technology, incorporating various prod-
ucts and platforms, including implanted devices, eldercare wearables for monitoring [
3
],
internet-connected clinical equipment, and remote-surgery hospital rooms [
4
]. Medical
Sensors 2021, 21, 8289. https://doi.org/10.3390/s21248289 https://www.mdpi.com/journal/sensors
