Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach
Abstract
:1. Introduction
1.1. Fuzzy Logic
1.2. FAHP
1.3. Contributions
- First is the adaptation of fuzzy logic and the Fuzzy Analytic Hierarchy Process (FAHP) in the context of everyday IoMT devices.
- Second, our research seeks to understand the causes of risk, raise risk awareness, and assist engineers and/or operators in determining which risk should be taken into account first. Our hybrid risk assessment process enables an accurate representation of the levels and risk scores with respect to risk events.
- Third, we have performed attacks on three different IoMT devices to prove the vulnerabilities during the pairing process.
1.4. Organization of Paper
2. Literature Review
3. Hybrid Risk Assessment Process
3.1. Applications of Fuzzy Logic
3.1.1. Risk Identification
3.1.2. Fuzzification
3.1.3. Fuzzy Inference Engine (FIS)
3.2. Development of Fuzzy Rule Base
3.3. FAHP Analysis
3.3.1. Pair-Wise Comparison Matrix
3.3.2. Weight Factor Calculation
3.3.3. Defuzzification
4. Case Study
4.1. Selected Devices for Testing
4.2. Attacks and Their Impacts
4.2.1. Sniffing Attack
4.2.2. Jamming Attack
4.2.3. Injection Attack
4.3. Attack Analysis and Findings
Test Bed
- The type of operation performed (read/write/notify);
- The characteristic on which it was carried out;
- The transmitted data.
4.4. HRA Analysis
- In this research, we considered only research papers for the literature review, excluding conference papers, review papers, book chapters, and non-English papers.
- Our study is focused on the applicability of fuzzy logic and the FAHP-based approach, while other approaches might be possible for risk assessment.
5. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Appendix A
Device | Sniffing | Jamming | Injection | |
---|---|---|---|---|
Oximeter | Sniffing | 1 | 5 | 1/4 |
Jamming | 1/5 | 1 | 1/3 | |
Injection | 4 | 3 | 1 | |
Smartwatch | Sniffing | 1 | 6 | 1/7 |
Jamming | 1/6 | 1 | 1/4 | |
Injection | 7 | 4 | 1 | |
Smart Peak Flow Meter | Sniffing | 1 | 4 | 3 |
Jamming | 1/4 | 1 | 6 | |
Injection | 1/3 | 1/6 | 1 |
Device | Sniffing | Jamming | Injection | |
---|---|---|---|---|
Oximeter | Sniffing | (1,1,1) | (4,5,6) | |
Jamming | (1,1,1) | |||
Injection | (3,4,5) | (2,3,4) | (1,1,1) | |
Smartwatch | Sniffing | (1,1,1) | (5,6,7) | |
Jamming | (1,1,1) | |||
Injection | (6,7,8) | (3,4,5) | (1,1,1) | |
Smart peak flow meter | Sniffing | (1,1,1) | (3,4,5) | (2,3,4) |
Jamming | (1,1,1) | (5,6,7) | ||
Injection | (1,1,1) |
Device | Sniffing | Jamming | Injection | Fuzzy Geometric Mean | |
---|---|---|---|---|---|
Oximeter | Sniffing | (1,1,1) | (4,5,6) | (0.928, 1.0772, 1.2557) | |
Jamming | (1,1,1) | (0.341, 0.4041, 0.5) | |||
Injection | (3,4,5) | (2,3,4) | (1,1,1) | ||
Smartwatch | Sniffing | (1,1,1) | (5,6,7) | (0.8549, 0.9498, 1.0527) | |
Jamming | (1,1,1) | (0.3054, 0.3462, 0.4053) | |||
Injection | (6,7,8) | (3,4,5) | (1,1,1) | (2.6207, 3.0365, 3.4199) | |
Smart peak flow meter | Sniffing | (1,1,1) | (3,4,5) | (2,3,4) | (1.8171, 2.2894, 2.7144) |
Jamming | (1,1,1) | (5,6,7) | (1, 1.1447, 1.326) | ||
Injection | (1,1,1) | (0.3271, 0.3814, 0.4641) |
Device | Fuzzy Geometric Mean Value | |
---|---|---|
Oximeter | (0.928, 1.0772, 1.2557) | = (0.207, 0.2857, 0.4069) |
(0.341, 0.4041, 0.5) | = (0.0762, 0.10717, 0.1620) | |
= (0.4065, 0.6071, 0.8794) | ||
Smartwatch | (0.8549, 0.9498, 1.0527) | = (0.1752, 0.2192, 0.2784) |
(0.3054, 0.3462, 0.4053) | = (0.0626, 0.08009, 0.1071) | |
(2.6207, 3.0365, 3.4199) | = (0.5372, 0.7008, 0.9044) | |
Smart peak flow meter | (1.8171, 2.2894, 2.7144) | = (0.4033, 0.60002, 0.8633) |
(1, 1.1447, 1.326) | = (0.2220, 0.30001, 0.4217) | |
(0.3271, 0.3814, 0.4641) | = (0.0726, 0.0999, 0.1476) |
References
- Thapa, S.; Bello, A.; Maurushat, A.; Farid, F. Security Risks and User Perception towards Adopting Wearable Internet of Medical Things. Int. J. Environ. Res. Public Health 2023, 20, 5519. [Google Scholar] [CrossRef] [PubMed]
- Rhayem, A.; Mhiri, M.B.A.; Salah, M.B.; Gargouri, F. Ontology-based system for patient monitoring with connected objects. Procedia Comput. Sci. 2017, 112, 683–692. [Google Scholar] [CrossRef]
- Dowdeswell, B.; Sinha, R.; Kuo, M.M.Y.; Seet, B.-C.; Hoseini, A.G.; Ghaffarianhoseini, A.; Sabit, H. Healthcare in Asymmetrically Smart Future Environments: Applications, Challenges and Open Problems. Electronics 2024, 13, 115. [Google Scholar] [CrossRef]
- Sánchez-Zas, C.; Villagrá, V.A.; Vega-Barbas, M.; Larriva-Novo, X.; Moreno, J.I.; Berrocal, J. Ontology-based approach to real-time risk management and cyber-situational awareness. Future Gener. Comput. Syst. 2023, 141, 462–472. [Google Scholar] [CrossRef]
- Elgabry, M. Towards cyber-biosecurity by design: An experimental approach to Internet-of-Medical-Things design and development. Crime Sci. 2023, 12, 1–5. [Google Scholar] [CrossRef]
- Thomasian, N.M.; Adashi, E.Y. Cybersecurity in the Internet of Medical Things. Health Policy Technol. 2021, 10, 100549. [Google Scholar] [CrossRef]
- Choi, M.; Shafiq, M.; Choi, J.-G.; Cheikhrouhou, O.; Hamam, H. Advances in IoMT for Healthcare Systems. Sensors 2024, 24, 10. [Google Scholar] [CrossRef] [PubMed]
- Jayaraj, I.A.; Shanmugam, B.; Azam, S.; Samy, G.N. A Systematic Review of Radio Frequency Threats in IoMT. J. Sens. Actuator Netw. 2022, 11, 62. [Google Scholar] [CrossRef]
- Pritika; Shanmugam, B.; Azam, S. Risk Assessment of Heterogeneous IoMT Devices: A Review. Technologies 2023, 11, 31. [Google Scholar] [CrossRef]
- Agrawal, A.; Zarour, M.; Alenezi, M.; Kumar, R.; Khan, R.A. Security durability assessment through fuzzy analytic hierarchy process. PeerJ Comput. Sci. 2019, 5, e215. [Google Scholar] [CrossRef]
- Al-Zahrani, F.A. Evaluating the Usable-Security of Healthcare Software through Unified Technique of Fuzzy Logic, ANP and TOPSIS. IEEE Access 2020, 8, 109905–109916. [Google Scholar] [CrossRef]
- Agrawal, A.; Pandey, A.K.; Baz, A.; AlHakami, H.; AlHakami, W.; Kumar, R.; Khan, R.A. Evaluating the Security Impact of Healthcare Web Applications through Fuzzy Based Hybrid Approach of Multi-Criteria Decision-Making Analysis. IEEE Access 2020, 8, 135770–135783. [Google Scholar] [CrossRef]
- Tariq, M.I.; Mian, N.A.; Sohail, A.; Alyas, T.; Ahmad, R. Evaluation of the challenges in the internet of medical things with multicriteria decision making (AHP and TOPSIS) to overcome its obstruction under fuzzy environment. Mobile Inf. Syst. 2020, 2020, 8815651. [Google Scholar] [CrossRef]
- Hussin, H.; Shuaib, K.; Majid, M.A.A. A case study on fuzzy logic-based risk assessment in oil and gas industry. ARPN J. Eng. Appl. Sci. 2016, 11, 3049–3054. [Google Scholar]
- Canbolat, S.; Elbez, G.; Hagenmeyer, V. Ein neues hybrides Risikobewertungsverfahren für die Gestaltung der Cybersicherheit von intelligenten Stromnetzen unter Verwendung Fuzzy-analytischer Hierarchieprozesse. At-Automatisierungstechnik 2023, 71, 779–788. [Google Scholar] [CrossRef]
- Liao, W.H.; Qiu, W.L. Applying analytic hierarchy process to assess healthcare-oriented cloud computing service systems. Springerplus 2016, 5, 1030. [Google Scholar] [CrossRef]
- Kubler, S.; Robert, J.; Derigent, W.; Voisin, A.; Le Traon, Y. A state-of the-art survey & testbed of fuzzy AHP (FAHP) applications. Expert Syst. Appl. 2016, 65, 398–422. [Google Scholar] [CrossRef]
- Kahraman, C.; Onar, S.C.; Oztaysi, B. Fuzzy Multicriteria Decision-Making: A Literature Review. Int. J. Comput. Intell. Syst. 2015, 8, 637–666. [Google Scholar] [CrossRef]
- Wang, L.; Ali, Y.; Nazir, S.; Niazi, M. ISA Evaluation Framework for Security of Internet of Health Things System Using AHP-TOPSIS Methods. IEEE Access 2020, 8, 152316–152332. [Google Scholar] [CrossRef]
- Alzahrani, F.A.; Ahmad, M.; Ansari, M.T.J. Towards Design and Development of Security Assessment Framework for Internet of Medical Things. Appl. Sci. 2022, 12, 8148. [Google Scholar] [CrossRef]
- Kumar, R.; Pandey, A.K.; Baz, A.; AlHakami, H.; AlHakami, W.; Agrawal, A.; Khan, R.A. Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security. Symmetry 2020, 12, 664. [Google Scholar] [CrossRef]
- Rajak, M.; Shaw, K. Evaluation and selection of mobile health (mHealth) applications using AHP and fuzzy TOPSIS. Technol. Soc. 2019, 59, 101186. [Google Scholar] [CrossRef]
- Chalak, M.H.; Kahani, A.; Bahramiazar, G.; Marashi, Z.; Popov, T.I.; Dadipoor, S.; Ahmadi, O. Development and application of a fuzzy occupational health risk assessment model in the healthcare industry. Med. Lav. 2022, 113, e2022035. [Google Scholar] [CrossRef] [PubMed]
- Sadollah, A. Introductory Chapter: Which Membership Function is Appropriate in Fuzzy System? In Fuzzy Logic Based in Optimization Methods and Control Systems and Its Applications; IntechOpen: Rijeka, Croatia, 2018; pp. 3–6. [Google Scholar] [CrossRef]
- Algarni, A.; Ahmad, M.; Attaallah, A.; Agrawal, A.; Kumar, R.; Khan, R.A. A Hybrid Fuzzy Rule-Based Multi-Criteria Framework for Security Assessment of Medical Device Software. Int. J. Intell. Eng. Syst. 2020, 13, 51–62. [Google Scholar] [CrossRef]
- Shukri, F.A.A.; Isa, Z. Ranking fuzzy numbers with fuzzy analytical hierarchy in risk assessment. Civ. Eng. Archit. 2020, 8, 669–705. [Google Scholar] [CrossRef]
- Karimpour, K.; Zarghami, R.; Moosavian, M.A.; Bahmanyar, H. Nouveau modèle à logique floue pour une évaluation de risque basée sur différents types de consequences. Oil Gas Sci. Technol. 2016, 71, 17. [Google Scholar] [CrossRef]
- Peng, G.; Han, L.; Liu, Z.; Guo, Y.; Yan, J.; Jia, X. An Application of Fuzzy Analytic Hierarchy Process in Risk Evaluation Model. Front. Psychol. 2021, 12, 715003. [Google Scholar] [CrossRef] [PubMed]
- Dubey, S.; Verma, D. Fuzzy Logic Based Intelligent Data Sensitive Security Model for Big Data in Healthcare. Int. J. Electron. Telecommun. 2023, 68, 245–250. [Google Scholar] [CrossRef]
- Sii, H.S.; Ruxton, T.; Wang, J. A fuzzy-logic-based approach to qualitative safety modelling for marine systems. Reliab. Eng. Syst. Saf. 2001, 73, 19–34. [Google Scholar] [CrossRef]
- Daǧdeviren, M.; Yüksel, I. Developing a fuzzy analytic hierarchy process (AHP) model for behavior-based safety management. Inf. Sci. 2008, 178, 1717–1733. [Google Scholar] [CrossRef]
- An, M.; Huang, S.; Baker, C.J. Railway risk assessment - The fuzzy reasoning approach and fuzzy analytic hierarchy process approaches: A case study of shunting at Waterloo depot. Proc. Inst. Mech. Eng. Part F J. Rail Rapid Transit 2007, 221, 365–383. [Google Scholar] [CrossRef]
- Ganesh, K.V.S.S.; Jeyanth, S.P.S.; Bevi, A.R. IOT based portable heart rate and SpO2 pulse oximeter. HardwareX 2022, 11, e00309. [Google Scholar] [CrossRef] [PubMed]
- Sakkatos, P.; Williams, A. Testing the accuracy of a novel digital peak flow meter aligned with a smartphone app compared to a lab spirometer: A pilot work. Digit. Health 2021, 7, 1–4. [Google Scholar] [CrossRef] [PubMed]
- Pulse Oximeter—Physiopedia. Available online: https://www.physio-pedia.com/Pulse_Oximeter#cite_note-:2-1 (accessed on 17 March 2024).
- Jubran, A. Pulse oximetry. Crit. Care 2015, 19, 1–7. [Google Scholar] [CrossRef] [PubMed]
- GitHub-Virtualabs/Btlejack: Bluetooth Low Energy Swiss-Army Knife. Available online: https://github.com/virtualabs/btlejack (accessed on 10 April 2024).
Qualitative Expression | Description | Triangular Parameters |
---|---|---|
Low | Unlikely to occur due to strong security measure | [0 1.25 2.5] |
Medium | Expected to occur due to occasional lapses in security | [1 2.25 3.5] |
High | Highly expected to occur due to no security in place | [2.5 3.75 5] |
Qualitative Expression | Description | Triangular Parameters |
---|---|---|
Negligible | Minor disruption, minimal impact on device | [0 0.75 1.5] |
Mild | Some disruption in functionality, does not compromise patient safety | [0.5 1.25 2] |
Medium | Moderate disruption, recovery may require moderate effort | [1.5 2.25 3] |
High | Severe disruption leading to compromised patient safety | [2.5 3.25 4] |
Very high | Critical disruption posing a serious risk to patient safety | [3.5 4.25 5] |
Qualitative Expression | Description | Gaussian Parameters |
---|---|---|
Very low | Acceptable risk | [0.8847 2.776 × 10−17] |
Low | Tolerable risk | [0.8847 2.5] |
Medium | Reduced risk with reasonable controls | [0.8847 5] |
High | Unacceptable risk but may be reduced with controls | [0.8847 7.5] |
Very high | Unacceptably high risk | [0.8847 10] |
Rule | Explanation |
---|---|
R1 | If occurrence is low and consequences are negligible, then risk level is very low |
R2 | If occurrence is medium and consequences are negligible, then risk level is low |
R3 | If occurrence is high and consequences are negligible, then risk level is medium |
R4 | If occurrence is low and consequences are mild, then risk level is low |
R5 | If occurrence is medium and consequences are mild, then risk level is low |
R6 | If occurrence is high and consequences are mild, then risk level is medium |
R7 | If occurrence is low and consequences are medium, then risk level is medium |
R8 | If occurrence is medium and consequences are medium, then risk level is medium |
R9 | If occurrence is high and consequences are medium, then risk level is high |
R10 | If occurrence is low and consequences are high, then risk level is medium |
R11 | If occurrence is medium and consequences are high, then risk level is high |
R12 | If occurrence is high and consequences are high, then risk level is high |
R13 | If occurrence is low and consequences are very high, then risk level is high |
R14 | If occurrence is medium and consequences are very high, then risk level is very high |
R15 | If occurrence is high and consequences are very high, then risk level is very high |
Linguistic Term | Crisp Numeric Value | Triangular Fuzzy Scale | Reciprocal Fuzzy Scale |
---|---|---|---|
Equally important | 1 | (1,1,1) | (1,1,1) |
Intermediate value | 2 | (1,2,3) | (1/3,1/2,1) |
Moderately important | 3 | (2,3,4) | (1/4,1/3,1/2) |
Intermediate value | 4 | (3,4,5) | (1/5,1/4,1/3) |
Strongly important | 5 | (4,5,6) | (1/6,1/5,1/4) |
Intermediate value | 6 | (5,6,7) | (1/7,1/6,1/5) |
Very strongly important | 7 | (6,7,8) | (1/8,1/7/1/6) |
Intermediate value | 8 | (7,8,9) | (1/9,1/8,1/7) |
Extremely important | 9 | (8,9,9) | (1/9,1/9,1/8) |
Device | Attack Type | Sniffing | Jamming | Injection |
---|---|---|---|---|
Oximeter | Sniffing | (1,1,1) | (4,5,6) | |
Jamming | (1,1,1) | |||
Injection | (3,4,5) | (2,3,4) | (1,1,1) | |
Smartwatch | Sniffing | (1,1,1) | (5,6,7) | |
Jamming | (1,1,1) | |||
Injection | (6,7,8) | (3,4,5) | (1,1,1) | |
Smart peak flow meter | Sniffing | (1,1,1) | (3,4,5) | (2,3,4) |
Jamming | (1,1,1) | (5,6,7) | ||
Injection | (1,1,1) |
Device | Attack Type | Risk Level | ||
---|---|---|---|---|
Oximeter | Sniffing | (0.207, 0.2857, 0.4069) | 0.2998 | 2.998 |
Jamming | (0.0762, 0.10717, 0.1620) | 0.11512 | 1.04 | |
Injection | (0.4065, 0.6071, 0.8794) | 0.631 | 5.048 | |
Smartwatch | Sniffing | (0.1752, 0.2192, 0.2784) | 0.2242 | 3.14 |
Jamming | (0.0626, 0.08009, 0.1071) | 0.0832 | 1 | |
Injection | (0.5372, 0.7008, 0.9044) | 0.7141 | 8.57 | |
Smart Peak Flow Meter | Sniffing | (0.4033, 0.60002, 0.8633) | 0.6222 | 4.97 |
Jamming | (0.2220, 0.30001, 0.4217) | 0.3145 | 3.46 | |
Injection | (0.0726, 0.0999, 0.1476) | 0.1067 | 1.07 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Pritika; Shanmugam, B.; Azam, S. Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach. Sensors 2024, 24, 3223. https://doi.org/10.3390/s24103223
Pritika, Shanmugam B, Azam S. Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach. Sensors. 2024; 24(10):3223. https://doi.org/10.3390/s24103223
Chicago/Turabian StylePritika, Bharanidharan Shanmugam, and Sami Azam. 2024. "Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach" Sensors 24, no. 10: 3223. https://doi.org/10.3390/s24103223
APA StylePritika, Shanmugam, B., & Azam, S. (2024). Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach. Sensors, 24(10), 3223. https://doi.org/10.3390/s24103223