A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications
Abstract
1. Introduction
- A thorough survey of IDS approaches tailored for Healthcare 5.0 applications.
- An identification and analysis of the existing Healthcare 5.0-aligned datasets employed in intrusion detection, addressing their strengths and limitations.
- A practical case study shed light on XAI’s impact on enhancing IDS’s effectiveness through network and biomedical features. Thereby, we address a key gap in existing AI-driven security solutions for connected healthcare.
- The discussion of open issues and research challenges in the studied area.
2. Healthcare 5.0: Evolution, Enabling Technologies, and Cybersecurity
2.1. From Healthcare 1.0 to 5.0: A Historical and Conceptual Evolution
2.2. Enabling Technologies
2.3. Cybersecurity
2.4. XAI Foundations for IDSs
3. Related Surveys
3.1. Literature Review Protocol
3.2. Intrusion Detection in Healthcare 5.0
3.3. XAI Applied in Healthcare 5.0
3.4. Discussion
4. Intrusion Detection Methods and Directions in Healthcare 5.0
4.1. Detection Techniques and Emerging Trends
4.2. Explainability and Model Transparency in IDSs
Techniques and Libraries for XAI
5. Intrusion Detection Datasets for Healthcare 5.0
5.1. Healthcare 5.0, AI, and Datasets
5.2. Healthcare IDS Datasets
5.3. Discussion
6. Case Study: An Explainable Approach
6.1. Dataset Description
- Spoofing attacks, in which the attacker passively intercepts packets between the gateway and the server by impersonating a legitimate network device. This compromises data confidentiality by exposing sensitive patient information.
- Data injection attacks, in which the attacker actively modifies the intercepted packets in transit, potentially introducing false medical readings or control commands, thereby violating data integrity and putting patient safety at risk.
6.2. Methodology
6.3. Classification Results and Comparison
6.4. SHAP Heatmaps: Local Feature Explanations
6.5. Scenario-Based XAI Analysis
6.6. Discussion
7. Open Issues
7.1. Data-Related Challenges
- Dataset Quality: Building robust, high-quality datasets that accurately represent IoMT attack scenarios is essential for the development of effective IDSs [13,14,21]. However, these datasets are often highly dimensional, containing numerous features. This leads to the curse of dimensionality, which makes it challenging to identify relevant features and understand their contribution to model outputs [23,24].
- Data Scarcity and Heterogeneity: The development of effective IDSs in healthcare is hindered by the scarcity and heterogeneity of available datasets. Few publicly available IoMT-specific datasets exist, limiting the evaluation of IDS performance in realistic settings. Existing datasets often lack realism and diversity, and most are siloed—focusing on either clinical or network data independently [13,14,37]. Integrating both domains could enrich contextual information, but simultaneously raises concerns of expanded attack surfaces and patient privacy. In addition, the lack of comprehensive datasets in terms of, e.g., considered attacks and features, constitutes a challenge for the generalization of research findings. Recently, GANs have been proposed to synthesize realistic, privacy-preserving data for IDS training and to mitigate imbalance in healthcare datasets [91,92]. While promising, these approaches require careful design to ensure that synthetic data improves detection without compromising patient confidentiality. Future research must explicitly address this privacy–utility trade-off.
- Data Privacy and Confidentiality: It remains a fundamental challenge to ensure the secure handling of IoMT data, particularly within highly regulated environments [12]. Although generative models like GANs provide a promising method for producing realistic synthetic data, they raise important concerns regarding the trade-offs between fidelity (how well synthetic data replicates real data), utility (its effectiveness for downstream tasks), and privacy [93]. Beyond GANs, recent approaches have explored instruction-tuned LLMs (Large Language Models) to capture inter-row relationships and mitigate memorization risks, in which metrics like DLT (Distance-Based Leakage Test) and LLE (Local Leakage Estimation) show improved privacy protection without compromising classification performance [94]. However, such models still face limitations, including high computational cost, limited support for regression tasks, and a lack of formal Differential Privacy (DP) guarantees [95], in addition to risks of algorithmic bias [96]. More recently, score-based diffusion in a VAE-learned (Variational Autoencoder) latent space has been applied to handle mixed-type tabular data, improving generation quality and sampling speed [97]. Yet, this latent-diffusion approach introduces new questions regarding the interpretability and robustness of latent representations, scalability, and compatibility with privacy mechanisms. Recent frameworks show that combining FL with edge computing can preserve privacy while still enabling collaborative IoMT analytics [98].
7.2. Model-Related Challenges
- Enhanced Data Understanding: Improving feature correlation understanding to reduce data dimensionality and enhance model performance by filtering redundant or irrelevant features [12,21]. Beyond traditional feature selection algorithms, XAI has been presented as a prominent direction toward dimensionality reduction and model performance enhancing [99,100].
- Adversarial Robustness: Adversarial examples are deliberately perturbed inputs designed to mislead ML models, often through modifications that are imperceptible to humans. IDSs are particularly susceptible to such attacks, which can result in the misclassification of malicious traffic as benign and consequently compromise network security. Although recent advancements have improved the robustness against adversarial examples, existing approaches remain limited, particularly against diverse and black-box adversarial strategies. Enhancing robustness across heterogeneous ML/DL architectures may rely on adversarial training strategies that combine attack sample generation, robust preprocessing, and GAN-based defenses [101].
- XAI-Driven Adversarial Attacks: In XAI-driven attacks, adversaries take advantage of the insights provided by XAI techniques to identify which input features influence the model’s decisions the most, allowing them to craft more targeted and effective adversarial examples [102]. Recent works [103,104] have shown that such attacks can succeed even in black-box settings, where the attacker has no access to the internals of the model. These techniques pose a significant threat to model reliability and trust, particularly in sensitive fields such as cybersecurity and healthcare. Mitigating this risk requires the development of defense strategies capable of withstanding adversarial inputs informed by model explanations.
- Explainability and Transparency: Evaluating the quality and reliability of XAI-generated explanations is challenging and requires standardized benchmarks to objectively assess their fidelity, completeness, and usefulness. Additionally, explanations must be understandable and actionable for both experts and non-experts, necessitating intuitive, user-centered interfaces to ensure effective comprehension and adoption [5,16,23].
- Model Explainability Trade-Off: The balance between the complexity of advanced AI models and the need for interpretability remains a critical challenge in healthcare, as highly accurate models often sacrifice transparency, potentially lowering trust between healthcare professionals [22,23]. Additionally, incorporating XAI into IDSs, while improving transparency, also risks exposing proprietary model details, potentially leading to intellectual property loss or adversarial attacks [22].
- Automated Solutions: A significant gap remains in developing reliable, automated, and user-friendly XAI solutions capable of delivering clear and trustworthy explanations for clinical decision support [24].
7.3. Deployment and Operational Challenges
- Addressing AI Model and Infrastructure Challenges: Tackling issues arising from the distributed nature of IoMT devices, large data volumes, hardware constraints, and evolving data environments [21], alongside advancing the standardization of healthcare IT infrastructure to enhance security, interoperability, and the performance of AI-based systems [13]. Emerging paradigms such as FL and edge computing have shown promise in mitigating data scarcity and privacy concerns by enabling collaborative, privacy-preserving model training while offloading computation from resource-constrained IoMT devices [98].
- Real-Time Data Management: Efficiently handling large-scale, real-time data streams remains a critical challenge, particularly in balancing security with minimal performance overhead on constrained devices [13,14,21,35]. While XAI techniques can be computationally demanding, recent studies highlight the need for efficient and scalable explainability models [24], federated edge processing for real-time monitoring [105], and decentralized explainable intrusion detection frameworks [106]. Furthermore, comprehensive reviews emphasize the integration of explainable AI with federated learning as a key pathway for enabling trustworthy and scalable next-generation IoT systems [107]. Nevertheless, achieving dependable and secure performance under sudden surges in patient data or rapid device proliferation remains an open research problem.
- Zero-Day Exploits: The rise in sophisticated cyber threats in Healthcare 5.0, such as zero-day exploits and ransomware targeting IoMT devices [21], threatens patient safety and data integrity. This demands IDSs capable of adapting to evolving threats within the dynamic IoMT ecosystem.
- Integration of Emerging Technologies: Leveraging emerging technologies such as 5G, AI, ML, and blockchain for enhancing the security, reliability, and efficiency of IoMT systems. This includes developing secure network slicing and energy-efficient protocols to support the growing demands of healthcare applications. Additionally, integrating edge and fog computing enables the deployment of distributed and resource-efficient IDS architectures, which help reduce latency and optimize resource consumption while maintaining robust security. The literature indicates that both in edge and fog scenarios, cryptography consists of an important mechanism to reach patient data privacy-preserving [12,21].
- Secure Data Sharing and Interoperability: Establishing standards for secure, seamless data exchange across different healthcare platforms and devices [12].
7.4. Regulatory, Ethical, and Compliance Issues
8. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Lou, S.; Hu, Z.; Zhang, Y.; Feng, Y.; Zhou, M.; Lv, C. Human-Cyber-Physical System for Industry 5.0: A Review from a Human-Centric Perspective. IEEE Trans. Autom. Sci. Eng. 2025, 22, 494–511. [Google Scholar] [CrossRef]
- Ziatdinov, R.; Atteraya, M.S.; Nabiyev, R. The fifth industrial revolution as a transformative step towards society 5.0. Societies 2024, 14, 19. [Google Scholar] [CrossRef]
- Tandel, V.; Kumari, A.; Tanwar, S.; Singh, A.; Sharma, R.; Yamsani, N. Intelligent wearable-assisted digital healthcare industry 5.0. Artif. Intell. Med. 2024, 157, 103000. [Google Scholar] [CrossRef] [PubMed]
- Natarajan, R.; Lokesh, G.H.; Flammini, F.; Premkumar, A.; Venkatesan, V.K.; Gupta, S.K. A novel framework on security and energy enhancement based on internet of medical things for healthcare 5.0. Infrastructures 2023, 8, 22. [Google Scholar] [CrossRef]
- Saraswat, D.; Bhattacharya, P.; Verma, A.; Prasad, V.K.; Tanwar, S.; Sharma, G.; Bokoro, P.N.; Sharma, R. Explainable AI for Healthcare 5.0: Opportunities and Challenges. IEEE Access 2022, 10, 84486–84517. [Google Scholar] [CrossRef]
- Wazid, M.; Singh, J.; Das, A.K.; Rodrigues, J.J.P.C. An Ensemble-Based Machine Learning-Envisioned Intrusion Detection in Industry 5.0-Driven Healthcare Applications. IEEE Trans. Consum. Electron. 2024, 70, 1903–1912. [Google Scholar] [CrossRef]
- Li, Z. Extracting spatial effects from machine learning model using local interpretation method: An example of SHAP and XGBoost. Comput. Environ. Urban Syst. 2022, 96, 101845. [Google Scholar] [CrossRef]
- Mbunge, E.; Muchemwa, B.; Jiyane, S.; Batani, J. Sensors and healthcare 5.0: Transformative shift in virtual care through emerging digital health technologies. Glob. Health J. 2021, 5, 169–177. [Google Scholar] [CrossRef]
- Rehman, A.; Abbas, S.; Khan, M.; Ghazal, T.M.; Adnan, K.M.; Mosavi, A. A secure healthcare 5.0 system based on blockchain technology entangled with federated learning technique. Comput. Biol. Med. 2022, 150, 106019. [Google Scholar] [CrossRef]
- Baz, A.; Ahmed, R.; Khan, S.A.; Kumar, S. Security risk assessment framework for the healthcare industry 5.0. Sustainability 2023, 15, 16519. [Google Scholar] [CrossRef]
- Almalki, J.; Alshahrani, S.M.; Khan, N.A. A comprehensive secure system enabling healthcare 5.0 using federated learning, intrusion detection and blockchain. PeerJ Comput. Sci. 2024, 10, e1778. [Google Scholar] [CrossRef] [PubMed]
- Khatun, M.A.; Memon, S.F.; Eising, C.; Dhirani, L.L. Machine Learning for Healthcare-IoT Security: A Review and Risk Mitigation. IEEE Access 2023, 11, 145869–145896. [Google Scholar] [CrossRef]
- Weber, S.B.; Stein, S.; Pilgermann, M.; Schrader, T. Attack Detection for Medical Cyber-Physical Systems—A Systematic Literature Review. IEEE Access 2023, 11, 41796–41815. [Google Scholar] [CrossRef]
- Doménech Fons, J.; Martín Faus, I.V.; Mhiri, S.; Pegueroles Vallés, J.R. Ensuring patient safety in IoMT: A systematic literature review of behavior-based intrusion detection systems. Internet Things Amst. 2024, 28, 101420. [Google Scholar] [CrossRef]
- Ali, G.; Mijwil, M.M. Cybersecurity for sustainable smart healthcare: State of the art, taxonomy, mechanisms, and essential roles. Mesopot. J. Cybersecur. 2024, 4, 20–62. [Google Scholar] [CrossRef]
- Pakrooh, R.; Jabbari, A.; Fung, C. Deep Learning-Assisted Security and Privacy Provisioning in the Internet of Medical Things Systems: A Survey on Recent Advances. IEEE Access 2024, 12, 40610–40621. [Google Scholar] [CrossRef]
- Taimoor, N.; Rehman, S. Reliable and Resilient AI and IoT-Based Personalised Healthcare Services: A Survey. IEEE Access 2022, 10, 535–563. [Google Scholar] [CrossRef]
- Al-Shurbaji, T.; Anbar, M.; Manickam, S.; Hasbullah, I.H.; ALfriehate, N.; Alabsi, B.A.; Alzighaibi, A.R.; Hashim, H. Deep Learning-Based Intrusion Detection System for Detecting IoT Botnet Attacks: A Review. IEEE Access 2025, 13, 11792–11822. [Google Scholar] [CrossRef]
- Jamshidi, S.; Nikanjam, A.; Nafi, K.W.; Khomh, F.; Rasta, R. Application of deep reinforcement learning for intrusion detection in Internet of Things: A systematic review. Internet Things 2025, 31, 101531. [Google Scholar] [CrossRef]
- Mallidi, S.K.R.; Ramisetty, R.R. Advancements in training and deployment strategies for AI-based intrusion detection systems in IoT: A systematic literature review. Discov. Internet Things 2025, 5, 8. [Google Scholar] [CrossRef]
- Naghib, A.; Gharehchopogh, F.S.; Zamanifar, A. A comprehensive and systematic literature review on intrusion detection systems in the internet of medical things: Current status, challenges, and opportunities. Artif. Intell. Rev. 2025, 58, 114. [Google Scholar] [CrossRef]
- Kalasampath, K.; Spoorthi, K.N.; Sajeev, S.; Kuppa, S.S.; Ajay, K.; Maruthamuthu, A. A Literature Review on Applications of Explainable Artificial Intelligence (XAI). IEEE Access 2025, 13, 41111–41140. [Google Scholar] [CrossRef]
- Ansari, Z.A.; Tripathi, M.M.; Ahmed, R. Understanding the Landscape: A Review of Explainable AI in Healthcare Decision-Making. Res. Sq. 2024; preprint. [Google Scholar] [CrossRef]
- Mariappan, R. Extensive Review of Literature on Explainable AI (XAI) in Healthcare Applications. Recent Adv. Comput. Sci. Commun. 2025, 18, E200324228159. [Google Scholar] [CrossRef]
- Shafik, W.; Hidayatullah, A.F.; Kalinaki, K.; Gul, H.; Zakari, R.Y.; Tufail, A. A Systematic Literature Review on Transparencyand Interpretability of AI models in Healthcare: Taxonomies, Tools, Techniques, Datasets, OpenResearch Challenges, and Future Trends. Res. Sq. 2024; preprint. [Google Scholar] [CrossRef]
- Mathur, A.; Dabas, A.; Sharma, N. Evolution from Industry 1.0 to Industry 5.0. In Proceedings of the 4th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), Greater Noida, India, 16–17 December 2022; pp. 1390–1394. [Google Scholar] [CrossRef]
- Karri, C.; Garg, L.; Prakash, V.; Pawar, B.D. Chapter 9—Healthcare 5.0 opportunities and challenges: A literature review. In Intelligent Biomedical Technologies and Applications for Healthcare 5.0; Garg, L., Mirajkar, G., Misra, S., Chattu, V.K., Eds.; Academic Press: Cambridge, MA, USA, 2025; Volume 16, pp. 133–146. [Google Scholar] [CrossRef]
- Rashid, S.; Nemati, A. Human-centered IoT-based health monitoring in the Healthcare 5.0 era: Literature descriptive analysis and future research guidelines. Discov. Internet Things 2024, 4, 26. [Google Scholar] [CrossRef]
- Deguchi, A.; Hirai, C.; Matsuoka, H.; Nakano, T.; Oshima, K.; Tai, M.; Tani, S. What is society 5.0. Society 2020, 5, 1–24. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Mohd, N.; Park, Y. Healthcare 5.0 security framework: Applications, issues and future research directions. IEEE Access 2022, 10, 129429–129442. [Google Scholar] [CrossRef]
- Müller, J. Enabling technologies for Industry 5.0. Eur. Comm. 2020, 8–10. [Google Scholar] [CrossRef]
- Rehman, A.; Farrakh, A. A Systematic Review: Towards a Smarter Approach to Healthcare 5.0. Int. J. Adv. Smart Converg. 2022, 1, 28–37. [Google Scholar]
- Holland, O.; Steinbach, E.; Prasad, R.V.; Liu, Q.; Dawy, Z.; Aijaz, A.; Pappas, N.; Chandra, K.; Rao, V.S.; Oteafy, S.; et al. The IEEE 1918.1 “tactile internet” standards working group and its standards. Proc. IEEE 2019, 107, 256–279. [Google Scholar] [CrossRef]
- Shinde, R.; Patil, S.; Kotecha, K.; Potdar, V.; Selvachandran, G.; Abraham, A. Securing AI-based healthcare systems using blockchain technology: A state-of-the-art systematic literature review and future research directions. Trans. Emerg. Telecommun. Technol. 2024, 35, e4884. [Google Scholar] [CrossRef]
- Abbas, T.; Khan, A.H.; Kanwal, K.; Daud, A.; Irfan, M.; Bukhari, A.; Alharbey, R. IoMT-Based Healthcare Systems: A Review. Comput. Syst. Sci. Eng. 2024, 48, 871–895. [Google Scholar] [CrossRef]
- Areia, J.; Bispo, I.A.; Santos, L.; Costa, R.L.d.C. IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things. IEEE Access 2024, 12, 115370–115385. [Google Scholar] [CrossRef]
- Hady, A.A.; Ghubaish, A.; Salman, T.; Unal, D.; Jain, R. Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study. IEEE Access 2020, 8, 106576–106584. [Google Scholar] [CrossRef]
- Muneer, S.; Farooq, U.; Athar, A.; Ahsan Raza, M.; Ghazal, T.M.; Sakib, S. A critical review of artificial intelligence based approaches in intrusion detection: A comprehensive analysis. J. Eng. 2024, 2024, 3909173. [Google Scholar] [CrossRef]
- Sohail, F.; Bhatti, M.A.M.; Awais, M.; Iqtidar, A. Explainable Boosting Ensemble Methods for Intrusion Detection in Internet of Medical Things (IoMT) Applications. In Proceedings of the 4th International Conference on Digital Futures and Transformative Technologies (ICoDT2), Islamabad, Pakistan, 22–23 October 2024; pp. 1–8. [Google Scholar] [CrossRef]
- Si-Ahmed, A.; Al-Garadi, M.A.; Boustia, N. Explainable Machine Learning-Based Security and Privacy Protection Framework for Internet of Medical Things Systems. arXiv 2025, arXiv:2403.09752. [Google Scholar] [CrossRef]
- Quincozes, V.E.; Quincozes, S.E.; Kazienko, J.F.; Gama, S.; Cheikhrouhou, O.; Koubaa, A. A survey on IoT application layer protocols, security challenges, and the role of explainable AI in IoT (XAIoT). Int. J. Inf. Secur. 2024, 23, 1975–2002. [Google Scholar] [CrossRef]
- Rahman, M.M.; Al Shakil, S.; Mustakim, M.R. A survey on intrusion detection system in IoT networks. Cyber Secur. Appl. 2025, 3, 100082. [Google Scholar] [CrossRef]
- Nwakanma, C.I.; Ahakonye, L.A.C.; Njoku, J.N.; Odirichukwu, J.C.; Okolie, S.A.; Uzondu, C.; Ndubuisi Nweke, C.C.; Kim, D.S. Explainable artificial intelligence (XAI) for intrusion detection and mitigation in intelligent connected vehicles: A review. Appl. Sci. 2023, 13, 1252. [Google Scholar] [CrossRef]
- Karthiga, R.; Narasimhan, K.; V, T.; Amirtharajan, R. Review of AI & XAI-based breast cancer diagnosis methods using various imaging modalities. Multimed. Tools Appl. 2025, 84, 2209–2260. [Google Scholar] [CrossRef]
- Anand, A.; Kadian, T.; Shetty, M.K.; Gupta, A. Explainable AI decision model for ECG data of cardiac disorders. Biomed. Signal Proces. 2022, 75, 103584. [Google Scholar] [CrossRef]
- Payrovnaziri, S.N.; Chen, Z.; Rengifo-Moreno, P.; Miller, T.; Bian, J.; Chen, J.H.; Liu, X.; He, Z. Explainable artificial intelligence models using real-world electronic health record data: A systematic scoping review. J. Am. Med. Inform. Assoc. 2020, 27, 1173–1185. [Google Scholar] [CrossRef]
- Prince, E.W.; Mirsky, D.M.; Hankinson, T.C.; Görg, C. Current state and promise of user-centered design to harness explainable AI in clinical decision-support systems for patients with CNS tumors. Front. Radiol. 2025, 4, 1433457. [Google Scholar] [CrossRef] [PubMed]
- Phillips, P.J.; Hahn, C.; Fontana, P.; Yates, A.; Greene, K.K.; Broniatowski, D.; Przybocki, M.A. Four Principles of Explainable Artificial Intelligence; NISTIR 8312; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2021; 43p. [CrossRef]
- Chaddad, A.; Peng, J.; Xu, J.; Bouridane, A. Survey of explainable AI techniques in healthcare. Sensors 2023, 23, 634. [Google Scholar] [CrossRef]
- Ahmed, U.; Nazir, M.; Sarwar, A.; Ali, T.; Aggoune, E.H.M.; Shahzad, T.; Khan, M.A. Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering. Sci. Rep. 2025, 15, 1726. [Google Scholar] [CrossRef]
- Faruqui, N.; Yousuf, M.A.; Whaiduzzaman, M.; Azad, A.; Alyami, S.A.; Liò, P.; Kabir, M.A.; Moni, M.A. SafetyMed: A novel IoMT intrusion detection system using CNN-LSTM hybridization. Electronics 2023, 12, 3541. [Google Scholar] [CrossRef]
- Newaz, A.I.; Haque, N.I.; Sikder, A.K.; Rahman, M.A.; Uluagac, A.S. Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems. In Proceedings of the IEEE Global Communications Conference (GLOBECOM), Taipei, Taiwan, 7–11 December 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Haque, N.I.; Rahman, M.A. PHASE: Security Analyzer for Next-Generation Smart Personalized Smart Healthcare System. In Proceedings of the IEEE International Conference on Digital Health (ICDH), Barcelona, Spain, 10–16 July 2022; pp. 208–214. [Google Scholar] [CrossRef]
- Zhu, K.T.; Wu, Y.; Yang, R.; Yuan, Q. Anomaly detection in metaverse healthcare and fitness: Bigdata analytics using 6G-enabled internets of things. Wirel. Pers. Commun. 2024; online first. [Google Scholar] [CrossRef]
- Alzakari, S.A.; Sarkar, A.; Khan, M.Z.; Alhussan, A.A. Converging Technologies for Health Prediction and Intrusion Detection in Internet of Healthcare Things with Matrix- Valued Neural Coordinated Federated Intelligence. IEEE Access 2024, 12, 99469–99498. [Google Scholar] [CrossRef]
- Begum, K.; Mozumder, M.A.I.; Joo, M.I.; Kim, H.C. BFLIDS: Blockchain-driven federated learning for intrusion detection in IoMT networks. Sensors 2024, 24, 4591. [Google Scholar] [CrossRef]
- Tyagi, P.; Manju bargavi, S.K. Using federated artificial intelligence system of intrusion detection for IoT healthcare system based on blockchain. Int. J. Data Inform. Intell. Comput. 2023, 2, 1–10. [Google Scholar] [CrossRef]
- Alalhareth, M.; Hong, S.C. Enhancing the internet of medical things (IoMT) security with meta-learning: A performance-driven approach for ensemble intrusion detection systems. Sensors 2024, 24, 3519. [Google Scholar] [CrossRef] [PubMed]
- Javed, S.; Mukhtar, N.; Iqbal, S.; Naqvi, S.A.A.; Ishtiaq, A.; Siddiqui, S.Y.; Ammar, M. Secure and Interpretable Intrusion Detection through Federated and Ensemble Machine Learning with XAI. J. Comput. Biomed. Inform. 2025, 9. [Google Scholar]
- Le, T.T.H.; Kim, H.; Kang, H.; Kim, H. Classification and explanation for intrusion detection system based on ensemble trees and SHAP method. Sensors 2022, 22, 1154. [Google Scholar] [CrossRef] [PubMed]
- Ahmed, U.; Jiangbin, Z.; Almogren, A.; Sadiq, M.; Rehman, A.U.; Sadiq, M.; Choi, J. Hybrid bagging and boosting with SHAP based feature selection for enhanced predictive modeling in intrusion detection systems. Sci. Rep. 2024, 14, 30532. [Google Scholar] [CrossRef]
- Moustafa, N.; Koroniotis, N.; Keshk, M.; Zomaya, A.Y.; Tari, Z. Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions. IEEE Commun. Surv. Tutor. 2023, 25, 1775–1807. [Google Scholar] [CrossRef]
- Manivannan, D. Recent endeavors in machine learning-powered intrusion detection systems for the internet of things. J. Netw. Comput. Appl. 2024, 229, 103925. [Google Scholar] [CrossRef]
- Neupane, S.; Ables, J.; Anderson, W.; Mittal, S.; Rahimi, S.; Banicescu, I.; Seale, M. Explainable Intrusion Detection Systems (X-IDS): A Survey of Current Methods, Challenges, and Opportunities. IEEE Access 2022, 10, 112392–112415. [Google Scholar] [CrossRef]
- Gadekallu, T.R.; Kumar Reddy Maddikunta, P.; Boopathy, P.; Deepa, N.; Chengoden, R.; Victor, N.; Wang, W.; Wang, W.; Zhu, Y.; Dev, K. XAI for Industry 5.0—Concepts, Opportunities, Challenges, and Future Directions. IEEE Open J. Commun. Soc. 2025, 6, 2706–2729. [Google Scholar] [CrossRef]
- Šarčević, A.; Pintar, D.; Vranić, M.; Krajna, A. Cybersecurity knowledge extraction using xai. Appl. Sci. 2022, 12, 8669. [Google Scholar] [CrossRef]
- Younisse, R.; Ahmad, A.; Abu Al-Haija, Q. Explaining intrusion detection-based convolutional neural networks using shapley additive explanations (shap). Big Data Cogn. Comput. 2022, 6, 126. [Google Scholar] [CrossRef]
- Mosca, E.; Szigeti, F.; Tragianni, S.; Gallagher, D.; Groh, G. SHAP-Based Explanation Methods: A Review for NLP Interpretability. In Proceedings of the 29th International Conference on Computational Linguistics, Gyeongju, Republic of Korea, 12–17 October 2022; pp. 4593–4603. [Google Scholar]
- Salih, A.M.; Raisi-Estabragh, Z.; Galazzo, I.B.; Radeva, P.; Petersen, S.E.; Lekadir, K.; Menegaz, G. A perspective on explainable artificial intelligence methods: SHAP and LIME. Adv. Intell. Syst. 2025, 7, 2400304. [Google Scholar] [CrossRef]
- Roshan, K.; Zafar, A. Utilizing XAI Technique to Improve Autoencoder based Model for Computer Network Anomaly Detection with Shapley Additive Explanation(SHAP). Int. J. Comput. Netw. Commun. 2021, 13, 109–128. [Google Scholar] [CrossRef]
- Dwivedi, R.; Dave, D.; Naik, H.; Singhal, S.; Omer, R.; Patel, P.; Qian, B.; Wen, Z.; Shah, T.; Morgan, G.; et al. Explainable AI (XAI): Core ideas, techniques, and solutions. ACM Comput. Surv. 2023, 55, 1–33. [Google Scholar] [CrossRef]
- Kawakura, S.; Osafune, Y.; Tsenkova, R. Suggestion for Aquaphotomics-Oriented Skin Data Analysis using Explainable Artificial Intelligence: Applications of SHAP, LIME, Lightgbm, ELI5, PDPbox, and Skater for Dataset Categorization and Process Interpretation. Eur. J. Artif. Intell. Mach. Learn. 2025, 4, 1–7. [Google Scholar] [CrossRef]
- Gaspar, D.; Silva, P.; Silva, C. Explainable AI for Intrusion Detection Systems: LIME and SHAP Applicability on Multi-Layer Perceptron. IEEE Access 2024, 12, 30164–30175. [Google Scholar] [CrossRef]
- Nguyen, H.T.T.; Cao, H.Q.; Nguyen, K.V.T.; Pham, N.D.K. Evaluation of explainable artificial intelligence: Shap, lime, and cam. In Proceedings of the FPT AI Conference, Auckland, New Zealand, 6–10 December 2021; pp. 1–6. [Google Scholar]
- Zhou, B.; Khosla, A.; Lapedriza, A.; Oliva, A.; Torralba, A. Learning Deep Features for Discriminative Localization. arXiv 2015, arXiv:1512.04150. [Google Scholar] [CrossRef]
- Van der Maaten, L.; Hinton, G. Visualizing data using t-SNE. J. Mach. Learn. Res. 2008, 9, 2579–2605. [Google Scholar]
- Altmann, A.; Toloşi, L.; Sander, O.; Lengauer, T. Permutation importance: A corrected feature importance measure. Bioinformatics 2010, 26, 1340–1347. [Google Scholar] [CrossRef]
- Främling, K. Contextual importance and utility: A theoretical foundation. In Proceedings of the Australas. Joint Conference Artificial Intelligence, Perth, WA, Australia, 5–8 December 2022; Springer: Berlin/Heidelberg, Germany, 2022; pp. 117–128. [Google Scholar] [CrossRef]
- Moody, G.; Mark, R. The impact of the MIT-BIH Arrhythmia Database. IEEE Eng. Med. Biol. Mag. 2001, 20, 45–50. [Google Scholar] [CrossRef]
- Dadkhah, S.; Neto, E.C.P.; Ferreira, R.; Molokwu, R.C.; Sadeghi, S.; Ghorbani, A.A. CICIoMT2024: A benchmark dataset for multi-protocol security assessment in IoMT. Internet Things 2024, 28, 101351. [Google Scholar] [CrossRef]
- Ghubaish, A.; Yang, Z.; Jain, R. HDRL-IDS: A Hybrid Deep Reinforcement Learning Intrusion Detection System for Enhancing the Security of Medical Applications in 5G Networks. In Proceedings of the International Conference on Smart Applications, Communications and Networking (SmartNets), Harrisonburg, VA, USA, 28–30 May 2024; pp. 1–6. [Google Scholar] [CrossRef]
- Ghazanfar, S.; Hussain, F.; Rehman, A.U.; Fayyaz, U.U.; Shahzad, F.; Shah, G.A. IoT-Flock: An Open-source Framework for IoT Traffic Generation. In Proceedings of the International Conference on Emerging Trends in Smart Technologies (ICETST), Karachi, Pakistan, 26–27 March 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Hussain, F.; Abbas, S.G.; Shah, G.A.; Pires, I.M.; Fayyaz, U.U.; Shahzad, F.; Garcia, N.M.; Zdravevski, E. A Framework for Malicious Traffic Detection in IoT Healthcare Environment. Sensors 2021, 21, 3025. [Google Scholar] [CrossRef] [PubMed]
- Ahmed, M.; Byreddy, S.; Nutakki, A.; Sikos, L.F.; Haskell-Dowland, P. ECU-IoHT: A dataset for analyzing cyberattacks in Internet of Health Things. Ad Hoc Netw. 2021, 122, 102621. [Google Scholar] [CrossRef]
- Zubair, M.; Ghubaish, A.; Unal, D.; Al-Ali, A.; Reimann, T.; Alinier, G.; Hammoudeh, M.; Qadir, J. Secure Bluetooth Communication in Smart Healthcare Systems: A Novel Community Dataset and Intrusion Detection System. Sensors 2022, 22, 8280. [Google Scholar] [CrossRef] [PubMed]
- Zachos, G.; Mantas, G.; Porfyrakis, K.; Manuel Camões Sobral de Bastos, J.; Rodriguez, J. Anomaly Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation. IEEE Access 2025, 13, 41994–42028. [Google Scholar] [CrossRef]
- Lui, P.H.; Siqueira, L.P.; Kazienko, J.F.; Quincozes, V.E.; Quincozes, S.E.; Welfer, D. On the Performance of Cyber-Biomedical Features for Intrusion Detection in Healthcare 5.1. In Proceedings of the 25th Brazilian Symposium on Applied Computing in Health (SBCAS); Sociedade Brasileira de Computação—SBC: Porto Alegre, Brazil, 2025; pp. 389–400. [Google Scholar] [CrossRef]
- Hernandez-Jaimes, M.L.; Martinez-Cruz, A.; Ramírez-Gutiérrez, K.A.; Feregrino-Uribe, C. Artificial intelligence for IoMT security: A review of intrusion detection systems, attacks, datasets and Cloud–Fog–Edge architectures. Internet Things 2023, 23, 100887. [Google Scholar] [CrossRef]
- Scikitlearn. Scikit-Learn Machine Learning in Python. Available online: https://scikit-learn.org/stable (accessed on 6 September 2025).
- Quincozes, S.E.; Kazienko, J.F.; Quincozes, V.E. An extended evaluation on machine learning techniques for Denial-of-Service detection in Wireless Sensor Networks. Internet Things 2023, 22, 100684. [Google Scholar] [CrossRef]
- Alabsi, B.A.; Anbar, M.; Rihan, S.D.A. Conditional tabular generative adversarial based intrusion detection system for detecting ddos and dos attacks on the internet of things networks. Sensors 2023, 23, 5644. [Google Scholar] [CrossRef]
- Alqulaity, M.; Yang, P. Enhanced conditional GAN for high-quality synthetic tabular data generation in mobile-based cardiovascular healthcare. Sensors 2024, 24, 7673. [Google Scholar] [CrossRef]
- Hernandez, M.; Osorio-Marulanda, P.A.; Catalina, M.; Loinaz, L.; Epelde, G.; Aginako, N. Comprehensive evaluation framework for synthetic tabular data in health: Fidelity, utility and privacy analysis of generative models with and without privacy guarantees. Front. Digit. Health 2025, 7, 1576290. [Google Scholar] [CrossRef]
- Wang, Y.; Feng, D.; Dai, Y.; Chen, Z.; Huang, J.; Ananiadou, S.; Xie, Q.; Wang, H. HARMONIC: Harnessing LLMs for Tabular Data Synthesis and Privacy Protection. Adv. Neural Inf. Process. Syst. 2024, 37, 100196–100212. [Google Scholar] [CrossRef]
- Liu, Y.; Acharya, U.R.; Tan, J.H. Preserving privacy in healthcare: A systematic review of deep learning approaches for synthetic data generation. Comput. Meth. Prog. Bio. 2024, 260, 108571. [Google Scholar] [CrossRef] [PubMed]
- Jadon, A.; Kumar, S. Leveraging Generative AI Models for Synthetic Data Generation in Healthcare: Balancing Research and Privacy. In Proceedings of the International Conference on Smart Applications, Communications and Networking (SmartNets), Istanbul, Turkiye, 25–27 July 2023; pp. 1–4. [Google Scholar] [CrossRef]
- Zhang, H.; Zhang, J.; Srinivasan, B.; Shen, Z.; Qin, X.; Faloutsos, C.; Rangwala, H.; Karypis, G. Mixed-Type Tabular Data Synthesis with Score-based Diffusion in Latent Space. arXiv 2024, arXiv:2310.09656. [Google Scholar] [CrossRef]
- Patni, S.; Lee, J. EdgeGuard: Decentralized Medical Resource Orchestration via Blockchain-Secured Federated Learning in IoMT Networks. Future Internet 2024, 17, 2. [Google Scholar] [CrossRef]
- Chen, X.; Liu, M.; Wang, Z.; Wang, Y. Explainable deep learning-based feature selection and intrusion detection method on the internet of things. Sensors 2024, 24, 5223. [Google Scholar] [CrossRef]
- Vieira, J.C.; Guedes, L.A.; Santos, M.R.; Sanchez-Gendriz, I. Using explainable artificial intelligence to obtain efficient seizure-detection models based on electroencephalography signals. Sensors 2023, 23, 9871. [Google Scholar] [CrossRef]
- Alotaibi, A.; Rassam, M.A. Adversarial machine learning attacks against intrusion detection systems: A survey on strategies and defense. Future Internet 2023, 15, 62. [Google Scholar] [CrossRef]
- Siqueira, L.; Lui, P.; Kazienko, J.; Quincozes, S.; Quincozes, V.; Welfer, D. Minimal but Lethal: A XAI-Driven Approach for Feature-Level Adversarial Attacks on Healthcare 5.0. In Proceedings of the Anais XXV Simpósio Brasileiro de Cibersegurança, Foz do Iguaçu, PR, Brazil, 1–4 September 2025; pp. 625–641. [Google Scholar] [CrossRef]
- Okada, S.; Jmila, H.; Akashi, K.; Mitsunaga, T.; Sekiya, Y.; Takase, H.; Blanc, G.; Nakamura, H. Xai-driven black-box adversarial attacks on network intrusion detectors. Int. J. Inf. Secur. 2025, 24, 1–15. [Google Scholar] [CrossRef]
- Zhao, X.; Zhang, W.; Xiao, X.; Lim, B.Y. Exploiting Explanations for Model Inversion Attacks. arXiv 2022, arXiv:2104.12669. [Google Scholar] [CrossRef]
- Alharbey, R.A.; Jamil, F. Federated learning framework for real-time activity and context monitoring using edge devices. Sensors 2025, 25, 1266. [Google Scholar] [CrossRef]
- Fatema, K.; Dey, S.K.; Anannya, M.; Khan, R.T.; Rashid, M.M.; Su, C.; Mazumder, R. Federated XAI IDS: An explainable and safeguarding privacy approach to detect intrusion combining federated learning and SHAP. Future Internet 2025, 17, 234. [Google Scholar] [CrossRef]
- Dubey, P.; Kumar, M. Integrating Explainable AI with Federated Learning for Next-Generation IoT: A comprehensive review and prospective insights. Comput. Sci. Rev. 2025, 56, 100697. [Google Scholar] [CrossRef]
Section | Reference | Healthcare 5.0 | IDS | Biomedical Data | XAI | Practical Case Study |
---|---|---|---|---|---|---|
(Section 3.2) | [12] | ✓ | ✓ | ✗ | ✗ | ✗ |
[13] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[14] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[15] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[16] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[17] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[18] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[19] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[20] | ✓ | ✓ | ✗ | ✗ | ✗ | |
[21] | ✓ | ✓ | ✗ | ✗ | ✗ | |
(Section 3.3) | [22] | ✓ | ✗ | ✓ | ✓ | ✗ |
[23] | ✓ | ✗ | ✓ | ✓ | ✗ | |
[24] | ✓ | ✗ | ✓ | ✓ | ✗ | |
[25] | ✓ | ✗ | ✓ | ✓ | ✗ | |
[5] | ✓ | ✗ | ✓ | ✓ | ✓ | |
Our Survey | ✓ | ✓ | ✓ | ✓ | ✓ |
Dataset | Biomedical | IoT Devices | Network Data | Data Source | Availability | Healthcare 5.0 Alignment | |
---|---|---|---|---|---|---|---|
Sensor | Data | ||||||
CICIoMT2024 [80] | Yes | No | IIoMT | Yes | TestBed | Public | Partial |
WUSTL-HDRL-2024 [81] | No | No | IoMT 5G | Yes | Emulated | Public | Partial |
WUSTL-EHMS-2020 [37] | Yes | Yes | IoMT | Yes | TestBed | Public | Strong |
ECU-IoHT [84] | Yes | No | IoHT | Yes | TestBed | Public | Partial |
BlueTack [85] | Yes | No | IIoMT | Yes | TestBed | Public | Partial |
ICU (IoT-Flock) [83] | Yes | No | IoMT | Yes | Emulated | Public | Weak |
IoMT-TrafficData [36] | Yes | No | IoMT | Yes | TestBed | Public | Partial |
LDE/CDE [86] | Yes | No | IoMT | Yes | TestBed | Unavailable | Weak |
# | Feature | Type | Description | Status |
---|---|---|---|---|
Network Flow Features | ||||
1 | SrcAddr | Categorical | Source Address | Removed |
2 | DstAddr | Categorical | Destination Address | Removed |
3 | Sport | Integer | Source Port | Converted |
4 | Dport | Integer | Destination Port | Converted |
5 | SrcBytes | Integer | Source Bytes | Retained |
6 | DstBytes | Integer | Destination Bytes | Retained |
7 | SrcLoad | Float | Source Load | Retained |
8 | DstLoad | Float | Destination Load | Retained |
9 | SrcGap | Integer | Source Missing Bytes | Retained |
10 | DstGap | Integer | Destination Missing Bytes | Retained |
11 | SIntPkt | Float | Source Inter Packet Time | Retained |
12 | DIntPkt | Float | Destination Inter Packet Time | Retained |
13 | SIntPktAct | Float | Source Active Inter Packet Time | Retained |
14 | DIntPktAct | Integer | Destination Active Inter Packet Time | Retained |
15 | SrcJitter | Float | Source Jitter | Retained |
16 | DstJitter | Float | Destination Jitter | Retained |
17 | sMaxPktSz | Integer | Source Max Packet Size | Retained |
18 | dMaxPktSz | Integer | Destination Max Packet Size | Retained |
19 | sMinPktSz | Integer | Source Min Packet Size | Retained |
20 | dMinPktSz | Integer | Destination Min Packet Size | Retained |
21 | Dur | Float | Duration of Flow | Retained |
22 | Trans | Integer | Aggregated Packet Count | Retained |
23 | TotPkts | Integer | Total Packet Count | Retained |
24 | TotBytes | Integer | Total Byte Count | Retained |
25 | Load | Float | Average Load | Retained |
26 | Loss | Integer | Dropped or Retransmitted Packets | Retained |
27 | pLoss | Float | Packet Loss Rate | Retained |
28 | pSrcLoss | Float | Source Packet Loss Rate | Retained |
29 | pDstLoss | Float | Destination Packet Loss Rate | Retained |
30 | Rate | Float | Packets per Second | Retained |
31 | DstMac | Categorical | Destination MAC Address | Removed |
32 | Dir | Categorical | Unknown Direction | Removed |
33 | Flgs | Categorical | Unknown Flags | Removed |
34 | SrcMac | Categorical | Source MAC Address | Removed |
35 | Packet_num | Integer | Packet Number | Removed |
Biometric Features | ||||
36 | Temp | Float | Patient Temperature | Retained |
37 | SpO2 | Integer | Peripheral Oxygen Saturation | Retained |
38 | Pulse_Rate | Integer | Pulse Rate | Retained |
39 | SYS | Integer | Systolic Blood Pressure | Retained |
40 | DIA | Integer | Diastolic Blood Pressure | Retained |
41 | Heart_Rate | Integer | Heart Rate | Retained |
42 | Resp_Rate | Integer | Respiration Rate | Retained |
43 | ST | Float | ECG ST Segment | Retained |
Target Variable | ||||
44 | Category Label | Categorical | Multiclass label (e.g., Normal, Spoofing, Data Injection) | Converted |
45 | Label | Integer | Binary Attack Indicator (0: Benign, 1: Attack) | Removed |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Siqueira, L.P.; Batista, C.L.; Lui, P.H.; Kazienko, J.F.; Quincozes, S.E.; Quincozes, V.E.; Welfer, D.; Nomura, S. A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications. Sensors 2025, 25, 6261. https://doi.org/10.3390/s25206261
Siqueira LP, Batista CL, Lui PH, Kazienko JF, Quincozes SE, Quincozes VE, Welfer D, Nomura S. A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications. Sensors. 2025; 25(20):6261. https://doi.org/10.3390/s25206261
Chicago/Turabian StyleSiqueira, Lucas P., Cassio L. Batista, Pedro H. Lui, Juliano F. Kazienko, Silvio E. Quincozes, Vagner E. Quincozes, Daniel Welfer, and Shigueo Nomura. 2025. "A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications" Sensors 25, no. 20: 6261. https://doi.org/10.3390/s25206261
APA StyleSiqueira, L. P., Batista, C. L., Lui, P. H., Kazienko, J. F., Quincozes, S. E., Quincozes, V. E., Welfer, D., & Nomura, S. (2025). A Comprehensive Survey on Intrusion Detection Systems for Healthcare 5.0: Concepts, Challenges, and Practical Applications. Sensors, 25(20), 6261. https://doi.org/10.3390/s25206261