A Threshold-based Technique to Cluster Ransomware Infected Medical Records on the Internet of Medical Things | ||||
International Journal of Intelligent Computing and Information Sciences | ||||
Article 2, Volume 22, Issue 1, February 2022, Page 16-31 PDF (1.36 MB) | ||||
Document Type: Original Article | ||||
DOI: 10.21608/ijicis.2021.79289.1100 | ||||
View on SCiNiTO | ||||
Authors | ||||
Randa ELGawish 1; Mohamed Hashem2; Rania Abd ElRahman ElGohary3; Mohamed Abu-Rizka4 | ||||
1Department of Bioinformatics, Faculty of Computer and Information Sciences , Ain Shams University ,Cairo , Egypt. | ||||
2Department of Information Systems, Faculty of Computers and Information Sciences, Ain Shams University,Cairo , Egypt | ||||
3Department of Information System , Faculty of Computer and Information Sciences, Ain Shams University, Cairo, Egypt | ||||
4Department of Computer Science, Faculty of Computing and Information Technology, Arab Academy for Science and Technology , Cairo , Egypt | ||||
Abstract | ||||
Ransomware attacks have led many healthcare hospitals to migrate back to their traditional methods of monitoring patients using pen and paper instead of using implantable medical devices remotely. Studying the behaviour of payload ransomware on an approved actual healthcare dataset obtained from ICU and correctly clustering them into normal and malicious records after manifestation is the primary focus of this study. The features decided were upon the possibility of being captured remotely and their frequency of occurrences. Data transformation was included, to handle the encrypted values and perform data normalization, prior to the clustering process. Unsupervised machine learning gained a lot of attention in the cybersecurity domain for its efficiency and capability of clustering tuples into malicious and benign categories. However, on the internet of medical things (IoMT), due to the constraints of the interconnected nodes, clustering of malicious activities became highly challenging and demanded to secure the infrastructure. This work used unsupervised machine learning techniques of k-means, DBscan, and mean shift compared to a threshold-based method which outperformed them with a precision of 100%. The performance metrics used in this work are; precision, recall, and f1score. | ||||
Keywords | ||||
Machine learning; Internet of Medical Things; data science; cybercrime; Internet of Things | ||||
Statistics Article View: 202 PDF Download: 307 |
||||