Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments
Lorenzo Fernández Maimó 1
, Alberto Huertas Celdrán 2,*, Ángel L. Perales Gómez 1, Félix J. García Clemente 1, James Weimer 3 and Insup Lee 3
, Alberto Huertas Celdrán 2,*, Ángel L. Perales Gómez 1, Félix J. García Clemente 1, James Weimer 3 and Insup Lee 3
1
Department of Computer Engineering, University of Murcia, 30100 Murcia, Spain
2
Telecommunications Software & Systems Group, Waterford Institute of Technology, X91 K0EK Waterford, Ireland
3
Department of Computer & Information Science, University of Pennsylvania, Philadelphia, PA 19104-6309, USA
*
Author to whom correspondence should be addressed.
Sensors 2019, 19(5), 1114; https://doi.org/10.3390/s19051114
Received: 30 November 2018 / Revised: 16 February 2019 / Accepted: 27 February 2019 / Published: 5 March 2019
(This article belongs to the Special Issue Selected Papers from the 20th IEEE International Conference on E-health Networking, Application & Services (IEEE HealthCom 2018))
Abstract
Medical Cyber-Physical Systems (MCPS) hold the promise of reducing human errors and optimizing healthcare by delivering new ways to monitor, diagnose and treat patients through integrated clinical environments (ICE). Despite the benefits provided by MCPS, many of the ICE medical devices have not been designed to satisfy cybersecurity requirements and, consequently, are vulnerable to recent attacks. Nowadays, ransomware attacks account for 85% of all malware in healthcare, and more than 70% of attacks confirmed data disclosure. With the goal of improving this situation, the main contribution of this paper is an automatic, intelligent and real-time system to detect, classify, and mitigate ransomware in ICE. The proposed solution is fully integrated with the ICE++ architecture, our previous work, and makes use of Machine Learning (ML) techniques to detect and classify the spreading phase of ransomware attacks affecting ICE. Additionally, Network Function Virtualization (NFV) and Software Defined Networking (SDN)paradigms are considered to mitigate the ransomware spreading by isolating and replacing infected devices. Different experiments returned a precision/recall of 92.32%/99.97% in anomaly detection, an accuracy of 99.99% in ransomware classification, and promising detection and mitigation times. Finally, different labelled ransomware datasets in ICE have been created and made publicly available. View Full-TextKeywords:
integrated clinical environments; medical cyber-physical systems; cybersecurity; anomaly detection; ransomware classification; network function virtualization; software-defined networking
▼
Figures
Figure 1
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
Share & Cite This Article
MDPI and ACS Style
Fernández Maimó, L.; Huertas Celdrán, A.; Perales Gómez, Á.L.; García Clemente, F.J.; Weimer, J.; Lee, I. Intelligent and Dynamic Ransomware Spread Detection and Mitigation in Integrated Clinical Environments. Sensors 2019, 19, 1114.
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.