A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things
ELGawish, R., Hashem, M., ElGohary, R., Abu-Rizka, M. (2022). A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things. EKB Journal Management System, 22(1), 16-31. doi: 10.21608/ijicis.2021.79289.1100
Randa ELGawish; Mohamed Hashem; Rania Abd ElRahman ElGohary; Mohamed Abu-Rizka. "A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things". EKB Journal Management System, 22, 1, 2022, 16-31. doi: 10.21608/ijicis.2021.79289.1100
ELGawish, R., Hashem, M., ElGohary, R., Abu-Rizka, M. (2022). 'A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things', EKB Journal Management System, 22(1), pp. 16-31. doi: 10.21608/ijicis.2021.79289.1100
ELGawish, R., Hashem, M., ElGohary, R., Abu-Rizka, M. A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things. EKB Journal Management System, 2022; 22(1): 16-31. doi: 10.21608/ijicis.2021.79289.1100

A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things

International Journal of Intelligent Computing and Information Sciences
Article 2, Volume 22, Issue 1, February 2022, Page 16-31  XML PDF (1.36 MB)
Document Type: Original Article
DOI: 10.21608/ijicis.2021.79289.1100
View on SCiNiTO View on SCiNiTO
Authors
Randa ELGawish email orcid 1; Mohamed Hashem2; Rania Abd ElRahman ElGohary3; Mohamed Abu-Rizka4
1Department of Bioinformatics, Faculty of Computer and Information Sciences , Ain Shams University ,Cairo , Egypt.
2Department of Information Systems, Faculty of Computers and Information Sciences, Ain Shams University,Cairo , Egypt
3Department of Information System , Faculty of Computer and Information Sciences, Ain Shams University, Cairo, Egypt
4Department of Computer Science, Faculty of Computing and Information Technology, Arab Academy for Science and Technology , Cairo , Egypt
Abstract
Ransomware attacks have led many healthcare hospitals to migrate back to their traditional methods of monitoring patients using pen and paper instead of using implantable medical devices remotely. Studying the behaviour of payload ransomware on an approved actual healthcare dataset obtained from ICU and correctly clustering them into normal and malicious records after manifestation is the primary focus of this study. The features decided were upon the possibility of being captured remotely and their frequency of occurrences. Data transformation was included, to handle the encrypted values and perform data normalization, prior to the clustering process.

Unsupervised machine learning gained a lot of attention in the cybersecurity domain for its efficiency and capability of clustering tuples into malicious and benign categories. However, on the internet of medical things (IoMT), due to the constraints of the interconnected nodes, clustering of malicious activities became highly challenging and demanded to secure the infrastructure. This work used unsupervised machine learning techniques of k-means, DBscan, and mean shift compared to a threshold-based method which outperformed them with a precision of 100%. The performance metrics used in this work are; precision, recall, and f1score.
Keywords
Machine learning; Internet of Medical Things; data science; cybercrime; Internet of Things
Statistics
Article View: 202
PDF Download: 307