Secure Infrastructure for Internet of Medical Things Using Machine Learning
Internet of Things (IoT) has grown rapidly in the last decade and continues to expand offering a wide range of devices to support a diverse set of applications. With ubiquitous Internet, connected sensors and actuators, networking and communication technologies along with Artificial Intelligence (AI), smart Cyber-Physical Systems (CPSs) provide services to enhance the quality of human lives. Internet of Medical Things (IoMT), also known as healthcare IoT, represents a connected infrastructure of smart medical devices, applications, health ecosystem and services. Remote Patient Monitoring (RPM) is a prominent IoMT ecosystem, which utilizes IoMT devices and existing technologies, such as cloud computing and Machine Learning (ML). The growth in the RPM ecosystem using wearable and non-wearable smart medical devices enables improved quality of diagnosis and facilitates timely treatment for a gamut of medical conditions. At the same time, the proliferation of IoMT devices increases the potential for malicious activities that can lead to theft of personal information, data breach, compromised medical devices, and catastrophic results including putting human lives at risk. Security of IoMT devices is a growing concern with widespread adoption. IoMT devices are being hacked to perform different types of attacks, such as adversarial and DDoS attacks, as well as to violate user data privacy. Security solutions for IoMT are limited and unsatisfactory. There is currently a lack of robust anomaly detection models based on user characteristics, such as behavior, diseases and health conditions, etc. Furthermore, there is a need to develop innovative and flexible access control approaches for securing IoMT infrastructure. In today's world, IoMT utilizes smart medical devices and cloud computing services to sense patients' vital body parameters and monitor health conditions. It generates a tremendous amount of data that reflect user behavior patterns including both personal and day-to-day social activities. Due to weak security mechanisms used and increasing number of malicious attackers, the multivariate IoMT data is highly privacy sensitive and is continuously at risk. This dissertation aims to provide novel anomaly detection and access control models to secure IoMT infrastructure using emerging technologies, such as ML, Federated Learning (FL), and game theory. First, in this dissertation, we identify IoT devices training problems in FL by analyzing the behavior of mobile edge devices using a game-theoretic model. FL has been widely used in data-driven applications to maintain the privacy of users. We introduce a system model for FL and design a game theoretical model to address the learner's dilemma. A novel cluster-based fair strategy is proposed to approximately solve this FL game to enforce mobile edge devices for cooperation. Our experimental results and evaluation analysis in a real-world smart home context show that 80% mobile edge devices are ready to cooperate in FL, while 20% of them do not train their local models collaboratively. Second, we investigate an RPM ecosystem and propose the Hidden Markov Model (HMM) based anomaly detection model. This model analyzes normal user behavior in the context of RPM, which comprises both smart home and smart health devices for identifying anomalous user behavior. We design a testbed with multiple IoMT devices and home sensors to collect network and user behavioral data, which is used to train the model. The proposed anomaly detection model achieves over 98% accuracy in identifying the anomalies. Third, we propose FL based approach to enhance anomaly detection models for the RPM ecosystem by utilizing edge cloudlets to run the model locally at the edge without sharing patients' data. A hierarchical FL approach is introduced that allows gradients' aggregation at different levels, rather than aggregation at a single server, for enabling multi-party collaboration. We also propose a novel disease-based grouping mechanism where different anomaly detection models are grouped based on specific types of diseases. Furthermore, we design a Federated Time Distributed (FedTimeDis) Long Short-Term Memory (LSTM) approach to train the anomaly detection model locally. An RPM use case is implemented to demonstrate the proposed model utilizing Digital Twin (DT) and edge cloudlets. Fourth, we investigate a real-world multi-layered Cloud Enabled-IoT architecture, the GCP-IoT, introduced by Google Cloud Platform (GCP). We develop formal access control models for GCP and GCP-IoT, known as GCPAC and GCP-IoTAC respectively. In contrast to GCP's role-based approach, we identify the need for an attribute-based approach for fine-grained authorizations for cloud and its IoT service. We propose ABAC enhancements for the GCPAC and GCP-IoTAC models. RPM and smart home use cases are implemented in GCP-IoT to demonstrate our model.