Drift-Aware Online Ensemble Learning for Real-Time Cybersecurity in Internet of Medical Things Networks

Abstract

The rapid growth of Internet of Medical Things (IoMT) devices has revolutionized diagnostics and patient care within smart healthcare networks. However, this progress has also expanded the attack surface due to the heterogeneity and interconnectivity of medical devices. To overcome the limitations of traditional batch-trained security models, this study proposes an adaptive online intrusion detection framework designed for real-time operation in dynamic healthcare environments. The system combines Leveraging Bagging with Hoeffding Tree classifiers for incremental learning while integrating the Page–Hinkley test to detect and adapt to concept drift in evolving attack patterns. A modular and scalable network architecture supports centralized monitoring and ensures seamless interoperability across various IoMT protocols. Implemented within a low-latency, high-throughput stream-processing pipeline, the framework meets the stringent clinical requirements for responsiveness and reliability. To simulate streaming conditions, we evaluated the model using the CICIoMT2024 dataset, presenting one instance at a time in random order to reflect dynamic, real-time traffic in IoMT networks. Experimental results demonstrate exceptional performance, achieving accuracies of 0.9963 for binary classification, 0.9949 for six-class detection, and 0.9860 for nineteen-class categorization. These results underscore the framework’s practical efficacy in protecting modern healthcare infrastructures from evolving cyber threats.

1. Introduction

Over the past decade, hospitals have transformed into smart healthcare networks, where electronic health-record servers, wearable sensors, bedside monitors, and Internet of Medical Things (IoMT) gateways continuously exchange data to support diagnosis and treatment [1,2]. While this interconnectedness enhances clinical outcomes, it also introduces significant cybersecurity vulnerabilities [3,4]. According to the 2024 IBM Cost of a Data Breach Report [5], the healthcare sector faces the highest breach costs across all industries (Figure 1), with average incident losses reaching USD 10.93 million—more than twice the cross-industry average—and accounting for over 12% of global breach expenses. Given healthcare’s strict privacy mandates and tight uptime constraints, even short disruptions can jeopardize both patient safety and operational integrity.

Intrusion detection systems (IDSs) are thus critical to protecting healthcare networks [6]. However, a recent systematic review of IoMT security reveals that most IDS implementations rely on offline, batch-trained machine learning (ML) models that assume stationary data distributions [7]. In contrast, real-world smart-hospital traffic is highly dynamic: new devices are introduced, firmware is updated, and attack vectors evolve [8,9]. Without mechanisms to handle concept drift, these static models experience rapid accuracy degradation, creating exploitable blind spots [10,11].

To address this, streaming-data research has proposed two promising mechanisms. The first, Leveraging Bagging, is an online ensemble method that injects Poisson-distributed instance weights into each base learner [12], enhancing adaptability to evolving data. The second, the Page–Hinkley test [13], is a lightweight sequential algorithm for detecting sustained increases in model error, enabling real-time drift detection and response. While both methods have shown strong performance in generic data-stream mining tasks, they have yet to be integrated into a real-time IDS specifically for healthcare networks. To date, only one study has employed the Kappa architecture to support real-time processing of IoMT traffic [14]; however, it lacks true per-instance online learning and does not incorporate concept drift adaptation.

This study thus proposes Leveraging Bagging for online intrusion detection in healthcare Internet of Things (IoT) systems, enhanced with Page–Hinkley drift detection for fast, adaptive response to concept drift. This article presents the following contributions to the field of intelligent intrusion detection for healthcare networks:

• A novel and modular network architecture for smart healthcare environments, specifically designed to support real-time intrusion detection across diverse IoMT devices and protocols. The architecture facilitates scalable deployment, centralized monitoring, and interoperability across heterogeneous systems.
• An adaptive online intrusion detection framework combining Leveraging Bagging with Hoeffding Trees, optimized for continuous learning under non-stationary data conditions.
• Incorporation of concept drift detection using the Page–Hinkley test, enabling the system to dynamically adapt to evolving cyberattack patterns.
• Efficient pipeline implementation using stream-processing tools and standardized preprocessing, supporting low-latency, high-throughput operation critical to clinical safety.
• Comprehensive evaluation on a real-world IoMT intrusion dataset (CICIoMT2024), with performance measured across binary and multi-class classification tasks, as well as drift adaptation effectiveness.
• Release of the full implementation via a public repository, facilitating transparency, reproducibility, and community-driven improvement.

To the best of our knowledge, this represents the first comprehensive initiative to systematically integrate streaming ensemble learning with formal concept drift adaptation for real-time intrusion detection in healthcare IoMT systems.

The article is structured to systematically present the conducted research. Section 2 reviews related works on intrusion detection in healthcare networks, establishing the study’s context. Section 3 outlines the proposed online intrusion detection architecture, detailing its components, the real-time simulation dataset, and the experimental setup. Section 4 reports the empirical results across binary, medium-scale, and fine-grained classification tasks. Section 5 discusses system performance, adaptability to concept drift, scalability, and comparisons with existing methods. Section 6 concludes with a summary of key findings and contributions.

2. Related Works

Intrusion detection in IoMT networks has been an active area of research, with diverse approaches aiming to enhance security while addressing the unique challenges of resource-constrained healthcare environments (

Table 1. Comparative analysis of existing works.

Paper	Model Type	Learning Type	Drift Adaptation	Dataset Used	Real-Time Performance	Memory Efficiency	Computational Cost
[15]	Adaptive Boosting	Offline	No	ToN_IoT	No	Medium	Medium to High
[18]	CNN + LSTM	Offline	No	CSE-CIC-IDS2018	No	Medium	High
[19]	OptCNN-LSTM	Offline	No	WUSTL-EHMS-2020	No	Medium	High
[20]	Meta-Learning Ensemble	Offline	No	WUSTL-EHMS-2020	No	Medium	Medium to High
[21]	EEHO-CNN	Offline	No	Kaggle WSN (adapted)	No	Medium	Medium to High
[22]	Meta-Learning Ensemble	Offline	No	WUSTL-EHMS-2020, IoTID20, WUSTL-IIOT-2021	Yes	Medium	Medium to High
[23]	Dense Neural Network	Offline	No	WUSTL-EHMS-2020	No	Medium	Low to Medium
[24]	Ensemble ML + DL with XAI	Offline	No	WUSTL-EHMS-2020	Partial	High	Medium
[25]	Hybrid RFE + Ridge-ML/DL	Offline	No	WUSTL-EHMS-2020	No	Medium	Medium to High
[26]	Tree-Based ML	Offline	No	CIC-IDS2017	Partial	Medium	Medium
[27]	Stacking/ Bagging/ Boosting	Offline	No	WUSTL-EHMS-2020	No	Medium	Medium to High
[28]	Multigrained Deep Stacking Network	Offline	No	WUSTL-EHMS-2020, IoT-ICU, ECU-IoHT	No	Medium to Low	High
[14]	Stacking Ensemble (ML + DL)	Streaming	No	ECU-IoHT	Yes	Medium	Medium to High
[29]	CNN + LSTM	Offline	No	IoTID20, Edge-IIoTset	Partial	Medium	Medium to High
Our Work	Leveraging Bagging	Online	Yes	CICIoMT2024	Yes	High	Low

). Early works predominantly explored traditional ensemble learning techniques, such as adaptive boosting strategies trained offline, demonstrating moderate memory efficiency but lacking real-time detection and concept drift handling capabilities [15]. Offline deep learning (DL) architectures [16,17], particularly combinations of convolutional and recurrent neural networks, were subsequently proposed to enhance detection accuracy. Although these models showed improvements in predictive performance, their reliance on batch learning and high computational demands posed challenges for real-time deployment [18].

Efforts to optimize deep hybrid frameworks led to the development of CNN-LSTM models enhanced by hybrid feature selection algorithms, achieving better balance between detection accuracy and resource consumption [19]. However, these models remained restricted to static offline training. Similarly, meta-learning ensembles combining multiple DL classifiers with dynamic weighting mechanisms demonstrated improved generalization under varying conditions, but continued to depend on periodic retraining to handle evolving network threats [20].

Optimization algorithms such as enhanced elephant herding optimization have been incorporated alongside convolutional neural networks to improve intrusion detection performance, with promising results in balancing accuracy and complexity [21]. Nevertheless, the absence of online adaptability remained a persistent limitation. Meta-learning frameworks have also been adapted to address zero-day attacks through anomaly detection mechanisms, offering partial real-time capability through fast inference but still relying heavily on offline training pipelines [22].

Lightweight DL models leveraging dense architectures have been proposed to enhance model generalizability while mitigating data leakage in IoMT environments [23]. These approaches achieved significant improvements in detection robustness but were not inherently designed for live data-stream learning. Complementary to these efforts, explainable AI-enhanced IDSs, utilizing ensemble learning techniques combined with feature selection and SaaS-based deployment strategies, have emerged to address transparency and efficiency concerns in resource-constrained healthcare IoT networks [24].

In parallel, hybrid methodologies combining recursive feature elimination with Ridge-regularized ML and DL models have shown strong performance on biometric-based healthcare datasets, while still operating under offline learning regimes [25]. Tree-based ensemble approaches optimized through filter-based feature selection have similarly targeted improvements in memory efficiency and computational cost for IoMT-specific use cases, although real-time capabilities remain limited [26].

Ensemble learning models employing stacking, bagging, and boosting strategies have also been evaluated for healthcare intrusion detection, highlighting improvements in detection metrics but lacking adaptation to streaming data or concept drift scenarios [27]. Deep stacking network architectures employing multigrained scanning mechanisms have been explored to further enhance robustness against sophisticated attacks, though their high resource requirements make them less suitable for edge deployment in IoMT environments [28].

Moving closer to real-time deployment, stacking ensemble DL architectures have been integrated within streaming frameworks such as Apache Spark Streaming using the Kappa architecture. These systems demonstrated real-time inference capabilities on streaming data; however, they remained reliant on offline pretraining and did not incorporate instance-by-instance learning updates [14]. Furthermore, hybrid CNN-LSTM models deployed on fog computing architectures have been proposed to reduce latency and enable faster decision-making at the network edge. While offering significant latency reductions, these models primarily supported real-time inference rather than online adaptive learning [29].

Despite the advances in intrusion detection methodologies, significant gaps remain in achieving fully online learning, real-time drift adaptation, and high memory efficiency suitable for dynamic and resource-constrained IoMT environments. To address these limitations, this study proposes an online leveraging bagging ensemble based on Hoeffding Tree classifiers, integrated with a Page–Hinkley drift detector for early concept drift identification. Unlike prior approaches, the proposed system operates in a true online learning framework, updating instance-by-instance without requiring retraining, thereby achieving both high detection performance and low computational overhead.

3. Materials and Methods

This section outlines the architecture, algorithms, dataset, and experimental setup used to develop and evaluate the proposed online IDS for smart healthcare networks.

3.1. Online Intrusion Detection Architecture for Smart Healthcare Networks

The proposed architecture (Figure 2) for online intrusion detection in smart healthcare networks integrates advanced ML methods, robust network monitoring strategies, and real-time threat response mechanisms to secure IoMT.

At the foundational level, the architecture incorporates a diverse range of medical IoT devices [30], including general health monitoring devices such as glucose meters, blood pressure monitors, ECG devices, and thermometers, which frequently transmit patient health metrics. Additionally, wearable and personal monitoring devices, including smart watches, pulse oximeters, fall detection systems, and other continuously monitored patient physiological state devices, are integrated seamlessly. Clinical diagnostic equipment, such as ultrasound scanners, infusion pumps, and X-ray machines, which handle sensitive and substantial data volumes, also forms a critical component of this architecture. These devices utilize diverse communication protocols, including MQTT [31], Bluetooth [32], and Wi-Fi [33], requiring a versatile and robust security framework to ensure secure data transmission.

The network communication infrastructure is designed to facilitate secure and efficient data transfer among IoMT devices, patient monitoring systems, healthcare provider servers, and remote data repositories. Core components such as routers and switches effectively manage and direct data flow within the healthcare facility’s local network and external internet. A crucial component of this infrastructure is the Network TAP (Test Access Point), enabling passive interception and analysis of network traffic without affecting operational functionality. Additionally, the integration of Wireshark enhances network visibility through detailed packet-level inspection, aiding real-time monitoring and analysis.

The intrusion detection and cybersecurity response layer operates in real time, utilizing a machine-learning-based Leveraging Bagging model to rapidly detect and mitigate potential threats. The model continuously analyzes streaming data to identify anomalies indicative of various cyberattacks, such as unauthorized access attempts, malware infections, data breaches, denial of service attacks, and other malicious activities. Upon anomaly detection, the system generates immediate alerts to facilitate rapid intervention, protecting healthcare services and sensitive patient information. Advanced AI components further enhance the automated decision-making capabilities, significantly reducing response latency and mitigating potential damage effectively.

Incorporated threat modeling strategies allow the architecture to identify and anticipate intrusion patterns specific to healthcare networks, such as unauthorized data access, device hijacking, and network service disruptions. The architecture provides significant advantages, including instantaneous real-time detection and response to security incidents, scalability to accommodate expanding IoMT ecosystems, versatile protocol support ensuring comprehensive network security, and detailed network visibility provided by tools such as Network TAP and Wireshark. By implementing this architecture, healthcare networks can substantially enhance patient data security, ensure continuous service delivery, and effectively respond to evolving cybersecurity threats.

3.2. Proposed Online Intrusion Detection Framework

The core component of our proposed intrusion detection framework is the Leveraging Bagging classifier, an ensemble-based model specifically tailored for online learning in dynamic environments such as smart healthcare networks. Traditional batch learning algorithms struggle in such settings due to their inability to adapt to evolving data streams or concept drifts. In contrast, online ensemble methods such as Leveraging Bagging offer robustness, adaptability, and improved generalization by maintaining a diverse collection of continuously updated base learners.

3.2.1. Definition of the Leveraging Bagging Classifier

The Leveraging Bagging algorithm builds upon the standard Online Bagging approach by using Poisson-distributed sampling to update each base classifier multiple times per instance [12]. Let $\mathcal{H}=\{h_1,h_2,\dots ,h_M\}$ denote the ensemble of M base classifiers, each trained incrementally. For every incoming data instance $(x_t,y_t)$ at time t, each base learner $h_i\in \mathcal{H}$ receives the instance $k_i\sim \mathrm{Poisson}\left(\omega \right)$ times, where $\omega \in {\mathbb{R}}^{+}$ is a tunable hyperparameter controlling the sampling variance. The Poisson distribution is defined as follows:

$$P(k;\omega )={\displaystyle \frac{e^{-\omega }{\omega }^k}{k!}},k=0,1,2,\dots$$

(1)

This stochastic resampling mechanism enables greater variance in base learners’ exposure to training data, thereby enhancing ensemble diversity and resistance to overfitting. In our implementation, the parameter $\omega$ is set to 6.0, as recommended in prior studies for online learning tasks [12].

During the learning phase, for each classifier $h_i$, the training update is performed $k_i$ times as follows:

$$\mathrm{Repeat}{k}_i\mathrm{times}:h_i\leftarrow h_i.\mathrm{learn}\_\mathrm{one}(x_t,y_t)$$

(2)

Once trained, prediction is performed by aggregating the probability distributions output by each base learner. Let ${\widehat{p}}_i(y\mid x_t)$ be the predicted class probabilities from classifier $h_i$. The ensemble prediction is then computed as the average probability across all classifiers:

$$\widehat{P}(y\mid x_t)={\displaystyle \frac{1}{M}}\sum _{i=1}^M{\widehat{p}}_i(y\mid x_t)$$

(3)

The final predicted class ${\widehat{y}}_t$ is determined by selecting the label with the highest averaged probability:

$${\widehat{y}}_t=arg\underset{y}{max}\widehat{P}(y\mid x_t)$$

(4)

This architecture ensures that the model can effectively adapt to streaming healthcare data while maintaining high predictive performance and scalability. Furthermore, by integrating online learning principles with ensemble diversity, the Leveraging Bagging classifier is particularly well-suited for real-time intrusion detection where attack patterns may evolve rapidly.

3.2.2. Base Learner Factory Function

A crucial element of the Leveraging Bagging architecture is the choice of the base learner, which significantly influences the overall detection performance of the ensemble. For online classification tasks in non-stationary environments like smart healthcare networks, the base learner must support incremental learning, exhibit low latency, and handle potentially imbalanced or noisy data streams. In this study, we employ the Hoeffding Tree classifier (also known as the Very Fast Decision Tree) [34], which satisfies these requirements and is widely adopted in streaming ML applications.

The Hoeffding Tree is an incremental decision tree algorithm that leverages the Hoeffding bound to make statistically sound decisions about attribute splits. Unlike conventional decision trees that require the entire dataset, the Hoeffding Tree evaluates whether a split is warranted based on a finite sample of the input stream, ensuring both computational efficiency and adaptiveness.

Formally, let $G\left(X_i\right)$ denote the heuristic evaluation function (e.g., information gain or Gini index) for attribute $X_i$. After observing n instances, the Hoeffding bound guarantees with probability $1-\sigma$ that the attribute $X_a$ with the highest heuristic value is truly the best choice for a split if

$$G\left(X_a\right)-G\left(X_b\right)>ϵ$$

(5)

where $X_b$ is the second-best attribute and $ϵ$ is defined as follows:

$$ϵ=\sqrt{{\displaystyle \frac{R^{2}ln(1/\sigma )}{2n}}}$$

(6)

Here, R is the range of the heuristic function (e.g., ${log}_{2}C$ for information gain in a C-class problem), and $\sigma$ is the user-defined confidence parameter. This statistical framework allows the algorithm to make high-confidence decisions with only a small subset of data, making it ideal for real-time intrusion detection.

In our proposed system, we define a factory function to instantiate Hoeffding Tree classifiers with consistent parameters across all base learners. This design promotes modularity and reproducibility. The parameters used in our implementation include a grace period of 30 and a sigma of 0.01. The grace period defines the minimum number of instances required between split attempts at each node, balancing speed and accuracy, while the sigma value controls the strictness of the Hoeffding bound, affecting the frequency of splits. The model parameters used for training and evaluation are summarized in

Table 2. Model parameters for the proposed online intrusion detection framework.

Parameter	Value	Description
Ensemble configuration
Base learner	Hoeffding Tree classifier	Incremental decision tree for data streams
Ensemble size (n)	10	Number of base learners in Leveraging Bagging
Poisson resampling rate ($\omega$)	6.0	Mean of Poisson ($\omega$) for instance resampling
Random seed	42	Ensures reproducibility of ensemble training
Hoeffding Tree parameters
Grace period	30	Instances between split-attempt checks
Hoeffding bound confidence ($\sigma$)	0.01	Maximum probability of choosing a sub-optimal split
Page–Hinkley drift detection parameters
Threshold ($\lambda$)	50	Magnitude beyond which drift is signaled
Sensitivity offset ($\delta$)	0.005	Offsets minor fluctuations in cumulative deviation
Discount factor ($\alpha$)	1.0	Forgetting factor for the running mean
Pre-processing
Feature scaling	Online standardization	Maintains zero mean and unit variance per feature

.

By encapsulating the instantiation process in a factory function, the ensemble construction becomes highly flexible. The model can be easily extended to use other incremental learners or to fine-tune the hyperparameters of the base learner without modifying the ensemble logic. This design choice aligns with the principle of separation of concerns and contributes to the scalability and maintainability of the proposed intrusion detection architecture.

3.2.3. Model Initialization and Preprocessing Pipeline

In real-time intrusion detection tasks, especially within smart healthcare environments where data originates from diverse IoMT sources, maintaining consistency and reliability in model input is vital. Before feeding data into the ensemble model, a preprocessing step is employed to ensure that all features are appropriately scaled and standardized, preventing dominant features from biasing the learning process.

To construct an end-to-end learning system, we use a pipeline structure that integrates data preprocessing and the ensemble classifier. The pipeline is composed of two main components: a Standard Scaler for feature normalization, and the Leveraging Bagging classifier as the final estimator. This modular design facilitates both interpretability and reproducibility while enabling seamless updates to individual components.

Formally, given a feature vector

$$\mathrm{x}={[x_1,x_2,\dots ,x_d]}^{\top }\in {\mathbb{R}}^d,$$

(7)

where d is the number of input features, we apply standard scaling:

$${\tilde{x}}_j={\displaystyle \frac{x_j-{\mu }_j}{{\sigma }_j}},\mathrm{for}j=1,2,\dots ,d$$

(8)

where ${\mu }_j$ and ${\sigma }_j$ are the mean and standard deviation of feature $x_j$, estimated incrementally in the streaming context. This transformation ensures that each feature has zero mean and unit variance, a necessary step for maintaining numerical stability in models sensitive to input scale, such as decision trees or gradient-based learners.

Following normalization, the transformed feature vector $\tilde{\mathrm{x}}$ is passed to the Leveraging Bagging classifier for prediction and learning. The pipeline structure can be denoted as follows:

$$\tilde{f}\left(x\right)=\mathcal{H}\left(\mathrm{StandardScaler}\left(x\right)\right),$$

(9)

where $\mathcal{H}$ represents the ensemble model defined previously. This composition ensures that data flows sequentially through preprocessing and classification stages without requiring manual intervention for each operation. Furthermore, the encapsulation provided by the pipeline abstraction supports efficient deployment, testing, and evaluation under real-time streaming conditions.

By maintaining this structured and modular pipeline, the system guarantees compatibility with dynamic feature distributions, reduces variance across features, and supports scalable learning in evolving healthcare networks. This design choice also aligns with practical requirements for integrating ML systems into medical monitoring platforms, where automation and reliability are critical.

3.2.4. Metrics and Drift Detection Setup

To comprehensively assess the performance of the proposed online IDS, we incorporate a suite of evaluation metrics that are updated incrementally with each incoming instance. These metrics provide real-time insights into classification quality and support longitudinal monitoring of model behavior over time. Additionally, to maintain robustness against evolving threats, a concept drift detection mechanism is integrated to identify shifts in the data distribution that may compromise model reliability.

The selected metrics include accuracy, weighted precision, weighted recall, and weighted F1-score, each computed using a streaming-friendly formulation. Let $y_t\in \mathcal{Y}$ denote the true label and ${\widehat{y}}_t\in \mathcal{Y}$ the predicted label at time t. For a multi-class setting with class labels $\mathcal{Y}=\{1,2,\dots ,C\}$, the incremental versions of the metrics are defined as follows:

Accuracy:

$${\mathrm{Accuracy}}_t={\displaystyle \frac{1}{t}}\sum _{i=1}^t\mathbb{I}({\widehat{y}}_i=y_i)$$

(10)

Weighted precision, recall, and F1-score are computed per class and then aggregated by class frequency, ensuring fair performance evaluation across imbalanced class distributions:

$$\mathrm{Weighted}{\mathrm{Metric}}_t=\sum _{c\in \mathcal{Y}}{w}_c·{\mathrm{Metric}}_t^{\left(c\right)}$$

(11)

where $w_c$ is the relative frequency of class c and ${\mathrm{Metric}}_t^{\left(c\right)}$ is the per-class metric value up to time t.

To detect changes in the underlying data distribution—often referred to as concept drift—we incorporate the Page–Hinkley test [13], a well-established drift detection algorithm. This method monitors the average error rate of the classifier and triggers an alert when significant deviation from the expected mean is observed. Let ${\ell }_t$ be the binary loss at time t, defined as follows:

$${\ell }_t=\mathbb{I}({\widehat{y}}_t\ne y_t)$$

(12)

Let ${\overline{\ell }}_t$ be the cumulative average loss and $m_t$ the minimum of the cumulative differences:

$${\overline{\ell }}_t={\displaystyle \frac{1}{t}}\sum _{i=1}^t{\ell }_i,P{H}_t=\sum _{i=1}^t({\ell }_i-{\overline{\ell }}_t-\delta )$$

(13)

Drift is detected if

$$P{H}_t-m_t>\lambda$$

(14)

Here, $\delta$ is a slack parameter to prevent false positives, and $\lambda$ is a predefined threshold controlling sensitivity. When this condition is satisfied, a drift event is registered, and the system applies a selective adaptation strategy to maintain predictive stability. Rather than resetting the entire ensemble, only base learners exhibiting elevated error rates are reinitialized. Specifically, if the recent error estimate of a learner $h_i$ exceeds a predefined threshold following drift detection, that learner is replaced with a newly instantiated model generated by the base learner factory. This targeted replacement allows the framework to adapt quickly to evolving traffic patterns while preserving reliable knowledge retained by well-performing learners, ensuring continuous and robust operation.

In practice, this mechanism enhances the resilience of the IDS against emerging or morphing attack vectors, which are prevalent in real-world healthcare networks. Furthermore, by logging all performance metrics and drift events over time, our system supports detailed post hoc analysis and continuous model auditing—an essential capability in regulated domains such as healthcare cybersecurity.

3.2.5. Online Training and Evaluation Loop

The core operational logic of the proposed online IDS is embedded in a continuous training and evaluation loop, which processes each incoming instance in real time. This streaming-based learning paradigm is critical for dynamic environments such as smart healthcare networks, where new data arrives sequentially from a variety of IoMT devices. The loop is designed to perform four fundamental operations for every instance—prediction, learning, evaluation, and drift detection—executed sequentially and efficiently to minimize latency.

At each time step t, the system receives a feature vector ${\mathrm{x}}_t\in {\mathbb{R}}^d$ and its corresponding true label $y_t\in \mathcal{Y}$. The model first generates a prediction ${\widehat{y}}_t$ using Equation (4). Immediately after prediction, the model is updated with the true instance–label pair using

$$\mathrm{model}\leftarrow \mathrm{model}.\mathrm{learn}\_\mathrm{one}({\mathrm{x}}_t,y_t)$$

(15)

This one-pass learning approach is memory-efficient and facilitates fast adaptation to recent patterns, which is essential for intrusion scenarios where malicious behaviors may shift over time.

Following learning, the system updates all evaluation metrics incrementally using the observed $(y_t,{\widehat{y}}_t)$ pair. This real-time logging enables performance monitoring without requiring batch aggregation, thereby supporting on-the-fly diagnostic visualization and adaptive thresholding.

Next, concept drift is assessed using the Page–Hinkley test. If a drift is detected—indicating a statistically significant increase in classification error—the system flags the corresponding instance index and records the detection timestamp. This flag can be used to trigger mitigation procedures, such as alerting administrators, retraining the model, or initiating forensic analysis.

To quantify computational efficiency, the time required for prediction, learning, metric computation, and drift detection is measured individually for each instance. These times are aggregated to compute average processing time per instance and identify performance bottlenecks. Let $T_{\mathrm{total}}^{\left(t\right)}$ be the cumulative processing time after t instances:

$$T_{\mathrm{total}}^{\left(t\right)}=\sum _{i=1}^t\left(T_{\mathrm{predict}}^{\left(i\right)}+T_{\mathrm{learn}}^{\left(i\right)}+T_{\mathrm{metrics}}^{\left(i\right)}+T_{\mathrm{drift}}^{\left(i\right)}\right)$$

(16)

This fine-grained timing analysis provides insight into the model’s suitability for real-time deployment.

The loop continues until all instances in the stream have been processed. At specified intervals, the system logs intermediate results to the console or a visualization dashboard, offering periodic feedback on the number of instances processed, current metric scores, and drift event occurrences. This modular and interpretable design allows the system to operate robustly in real-time settings while supporting maintainability, extensibility, and traceability.

In order to clearly describe the operational workflow of the proposed online intrusion detection framework, Algorithm 1 presents the detailed procedural steps. The framework operates in a fully online manner, processing each incoming instance sequentially without revisiting previous data. Upon arrival of a new instance, the system first standardizes the input features using running statistics to ensure numerical stability. The standardized instance is then used to generate predictions through an ensemble of Hoeffding Tree base learners, with their outputs aggregated to produce the final predicted label. After prediction, each base learner is updated based on a stochastic resampling strategy governed by a Poisson distribution, promoting ensemble diversity. Simultaneously, the system updates evaluation metrics incrementally to track real-time performance. Concept drift detection is continuously performed using the Page–Hinkley test, monitoring the error stream for significant deviations. In the event of detected drift, appropriate adaptation strategies are triggered to maintain model relevance. Additionally, instance-level processing times are recorded to assess the computational efficiency of the system. This integrated, sequential process ensures that the proposed framework remains adaptive, accurate, and computationally feasible for deployment in real-time smart healthcare environments.

3.3. Dataset for Real-Time Stream Simulation

The evaluation of the proposed online intrusion detection framework was conducted using the CICIoMT2024 dataset [35], a comprehensive benchmark designed to reflect the diverse characteristics of network traffic in smart IoT-enabled healthcare environments. This dataset encompasses a wide range of benign and malicious traffic flows generated by various IoT devices, offering a realistic and challenging testbed for developing and validating data-stream learning algorithms.

In contrast to conventional batch learning models, the proposed framework operates under a fully online learning paradigm, eliminating the need for a separate training phase. Instead, a prequential evaluation protocol was adopted, wherein each incoming instance was first subjected to prediction and then immediately used to update the model. This procedure ensures that performance metrics accurately reflect the model’s adaptability and generalization capabilities in real-time conditions. It also aligns with real-world deployment scenarios, where IDSs must learn continuously from sequentially arriving traffic without prior access to future observations.

Accordingly, only the test portion of the CICIoMT2024 dataset was utilized for both evaluation and incremental learning. To construct a unified dataset for streaming simulation, multiple session-specific CSV files were consolidated, and label normalization was performed to remove session identifiers and standardize attack naming conventions. Labels were subsequently mapped into three hierarchical granularities: a binary scheme distinguishing benign and attack traffic; a six-class scheme grouping attacks into major families such as DDoS, DoS, MQTT abuse, reconnaissance, and spoofing; and a fine-grained nineteen-class scheme capturing specific attack types including DDoS-UDP, port scanning, and ARP spoofing. The distribution of instances across these labeling schemes is summarized in

Table 3. Instance distribution across label schemes in CICIoMT2024.

Class	Category	Attack	Instance Count
Benign	-	-	37,607
Attack	Spoofing	ARP spoofing	1744
	Recon	Ping sweep	186
		VulScan	1011
		OS scan	3495
		Port scan	20,921
	MQTT	Malformed data	1747
		DoS-Connect Flood	3131
		DDoS-Publish Flood	8416
		DoS-Publish Flood	8505
		DDoS-Connect Flood	41,916
	DoS	DoS-TCP	82,096
		DoS-ICMP	98,432
		DoS-SYN	98,595
		DoS-UDP	137,553
	DDoS	DDoS-SYN	172,397
		DDoS-TCP	182,597
		DDoS-ICMP	349,698
		DDoS-UDP	362,070

.

Algorithm 1: Online intrusion detection framework

Rigorous data quality validation was performed during preprocessing. Null-value inspections confirmed the absence of missing entries, and duplicate records were removed, retaining only the first occurrence of each duplicated instance to preserve the integrity of the data. Following preprocessing, the feature matrix and corresponding labels were extracted and prepared for real-time simulation.

To emulate a streaming environment, the dataset was randomized by shuffling the instances before evaluation [36], thereby mitigating potential ordering biases inherent to session-based traffic captures. A fixed random seed of 42 was applied during shuffling to ensure reproducibility. During the simulation, instances were streamed sequentially to the online learning model, with each instance processed independently and without access to future data. This setup accurately mirrors operational conditions in smart healthcare networks, where data must be processed immediately upon arrival under strict real-time constraints.

3.4. Experimental Setup

All experiments were conducted on a personal computer running the Windows 11 operating system, equipped with a 13th Generation Intel(R) Core(TM) i7-13700 processor operating at 2.10 GHz and 16.0 GB of RAM. The online intrusion detection framework was implemented in Python (version 3.10.13), leveraging several key open-source libraries to support data manipulation, model development, and evaluation. In particular, Pandas (version 2.2.3) and NumPy (version 1.26.4) were utilized for data processing, Matplotlib (version 3.8.3) for result visualization, Scikit-learn (version 1.4.2) for utility functions such as data shuffling, and the River (version 0.21.2) library for implementing online ML models [37], stream simulation, and concept drift detection. All experiments adhered to best practices in software reproducibility, and the full implementation, including source code and configuration files, is publicly available in a GitHub repository at https://github.com/TATU-hacker/Smart-Healthcare-Online-Intrusion-Detection.git (uploaded on 29 April 2025).

4. Results

This section presents the evaluation results of the proposed Leveraging Bagging framework across three classification configurations: binary (2 classes), medium-scale (6 classes), and fine-grained (19 classes). The performance of the model was assessed using standard classification metrics, including accuracy, precision, recall, and F1-score. Additional focus was placed on the model’s ability to detect concept drift and its runtime behavior during execution.

4.1. Binary Classification

In the binary classification configuration, the Leveraging Bagging framework demonstrated high predictive accuracy, efficient runtime performance, and strong adaptability across the entire data stream. Notably, no concept drift events were detected during execution, suggesting that the underlying data distribution remained stable. The absence of drift not only reflects the stationarity of the task but also validates the model’s capacity to generalize effectively without overfitting or requiring frequent adaptation.

The final evaluation metrics underscore the reliability of the framework: the model achieved an accuracy of 0.9963, a precision of 0.9962, a recall of 0.9963, and an F1-score of 0.9961. These values indicate a well-balanced classifier with excellent sensitivity and specificity. Precision and recall remain closely aligned, demonstrating the framework’s ability to manage false positives and false negatives symmetrically—an essential trait for IDSs where both types of errors carry significant operational consequences.

Runtime statistics further reinforce the framework’s suitability for real-time applications (

Table 4. Binary classification runtime.

Process	Time (s)
Total Execution Time	15,696.72
Drift Detection Time	5.71
Metric Update Time	7.91

). The total execution time was 15,696.72 s, with only 5.71 s dedicated to drift detection and 7.91 s to metric computation. These minimal overheads highlight the computational feasibility of deploying the model in continuous monitoring environments, such as smart healthcare networks where rapid response is critical.

In the binary classification task, the model demonstrated rapid convergence and high stability across all evaluation metrics. As depicted in Figure 3, the accuracy, precision, recall, and F1-score metrics initially fluctuated but quickly stabilized after processing around 25 instances. The mid-scale (Figure 4) and large-scale evaluations (Figure 5) confirmed sustained high performance, with metrics consistently exceeding 0.99 and exhibiting minimal variance. In the full-scale evaluation (Figure 6), the metrics maintained near-perfect values throughout the stream. These results indicate that the Leveraging Bagging framework efficiently captures binary decision boundaries and remains resilient over extended operation without performance degradation.

4.2. Medium-Scale Classification

The medium-scale classification task involved distinguishing among six categories, increasing in complexity compared to the binary configuration. The proposed Leveraging Bagging framework demonstrated strong and balanced predictive performance, achieving an accuracy of 0.9949, precision of 0.9950, recall of 0.9949, and F1-score of 0.9949. These closely aligned metrics reflect the model’s robustness in handling multi-class distinctions while maintaining equal sensitivity to false positives and false negatives. Such consistency is critical in online intrusion detection scenarios, where reliable identification across all classes is essential.

A total of five concept drift events were detected during this experiment using the Page–Hinkley method.

Table 5. Drift events in medium-scale classification.

	Drift Instance	Detection Time
1	2017	2025-05-01 20:33:43.800195
2	3198	2025-05-01 20:34:03.214649
3	4848	2025-05-01 20:34:29.537861
4	21,462	2025-05-01 20:38:12.112993
5	332,591	2025-05-01 21:28:51.125551

lists the indices and timestamps of each event. These drifts occurred at both early and late phases of the stream, indicating temporal variation in data patterns. Notably, the model responded to these distributional shifts with minimal performance degradation. Post-drift recovery was swift, and no long-term drop in metrics was observed. This confirms the framework’s capability for online adaptation without retraining or external intervention.

Runtime analysis in

Table 6. Medium-scale classification runtime.

Process	Time (s)
Total Execution Time	12,895.26
Drift Detection Time	5.28
Metric Update Time	7.51

affirms the model’s efficiency. The total execution time was 12,895.26 s. Of this, only 5.28 s was used for drift detection and 7.51 s for metric updates—amounting to less than 0.1% of the total runtime. These results demonstrate that the system’s monitoring and evaluation operations are non-intrusive and do not compromise real-time throughput.

In the initial stage (Figure 7), the model demonstrates transient instability, particularly in precision and F1-score, as it begins adapting to the stream with limited class exposure. As more instances are processed (Figure 8), performance metrics stabilize rapidly, with accuracy and recall showing early convergence. During the midstream phase (Figure 9), several concept drift events are detected, coinciding with brief metric degradations, most notably in precision. However, recovery is consistent and swift, underscoring the model’s adaptability. In the final stage (Figure 10), the framework maintains high and stable performance across all metrics, despite the occurrence of multiple drift events. These patterns collectively demonstrate the model’s ability to learn incrementally, adapt to evolving data distributions, and preserve long-term predictive robustness under non-stationary streaming conditions.

4.3. Fine-Grained Classification

The fine-grained classification task involved distinguishing among nineteen target classes, representing the most complex configuration in the evaluation. Despite the increased class granularity and a highly dynamic data stream, the proposed Leveraging Bagging framework maintained strong performance. The final evaluation metrics were robust, with an accuracy of 0.9860, precision of 0.9854, recall of 0.9860, and F1-score of 0.9849. These closely aligned values suggest that the model effectively balanced class sensitivity and precision, even under severe class overlap and distributional shift.

The Page–Hinkley drift detector identified thirteen concept drift events throughout the stream, as detailed in

Table 7. Drift events in fine-grained classification.

	Drift Instance	Detection Time
1	1781	2025-04-30 15:09:35.624802
2	5165	2025-04-30 15:14:21.201712
3	6811	2025-04-30 15:16:28.848062
4	11,376	2025-04-30 15:20:13.645260
5	19,817	2025-04-30 15:27:13.615158
6	20,975	2025-04-30 15:28:08.054874
7	30,666	2025-04-30 15:34:29.163329
8	45,592	2025-04-30 15:42:43.216692
9	111,000	2025-04-30 16:16:45.845562
10	331,293	2025-04-30 18:00:28.518819
11	430,877	2025-04-30 18:44:44.290427
12	575,695	2025-04-30 19:41:43.692894
13	807,680	2025-04-30 20:24:22.028211

. These events were dispersed across early, midstream, and late phases of the classification process, with drift instances ranging from 1781 to 807,680. The high frequency of drifts highlights the temporal variability and evolving nature of the data distribution in fine-grained classification. Importantly, the model consistently responded to these shifts without exhibiting sustained performance degradation, underscoring its adaptive capacity in streaming environments with non-stationary inputs.

The runtime profile, presented in

Table 8. Fine-grained classification runtime.

Process	Time (s)
Total Execution Time	25,543.29
Drift Detection Time	7.76
Metric Update Time	14.26

, further confirms the efficiency of the proposed framework under this high-complexity setting. The total execution time was 25,543.29 s. Drift detection consumed just 7.76 s, and metric updates accounted for 14.26 s, together representing a minimal fraction of total processing time. These results reinforce the scalability of the system, demonstrating that increased classification granularity and frequent drift events do not compromise its suitability for real-time deployment.

Initial performance volatility was observed (Figure 11), particularly in precision, due to class imbalance and sparse early instances. However, by 10,000 processed instances (Figure 12), accuracy and recall exceeded 0.6, and the model displayed resilience to drift events. Continued learning up to 50,000 instances (Figure 13) resulted in performance stabilizing near 0.85 for all metrics, despite recurrent concept drifts. Ultimately, in the full stream analysis (Figure 14), all metrics surpassed 0.95, indicating robust long-term generalization, effective adaptation, and suitability for real-time fine-grained classification in evolving data environments.

5. Discussion

This section provides a comprehensive analysis of the Leveraging Bagging model’s performance across varying classification scales. The evaluation emphasizes runtime efficiency, adaptability to concept drift, stability of accuracy before and after drift events, and robustness in streaming environments. Furthermore, comparative insights underscore the model’s practical strengths and limitations against recent offline and DL methods.

5.1. Performance in Binary Classification

The binary classification scenario, distinguishing between benign and attack instances, demonstrates several notable findings in terms of runtime efficiency, computational distribution, and data imbalance. First, an analysis of the instance-level processing time (Figure 15) shows that the vast majority of instances are processed within an extremely narrow window, with a mean of 0.0097 s and a median of 0.0095 s. Despite the presence of 1013 outliers exceeding the threshold of 0.0368 s, their proportion is negligible relative to the total 1.6 million processed instances. This outcome confirms the framework’s capacity for low-latency inference, which is essential for high-throughput real-time IDSs.

In terms of computational workload decomposition (Figure 16), the cumulative time analysis indicates that drift detection and metric updates account for a relatively balanced share of the overall time—approximately 40% and 60%, respectively. The black dashed line representing the total cumulative time remains consistently linear, reflecting the system’s scalability under continuous data flow. Notably, the consistent drift detection overhead suggests that the Page–Hinkley method integrates efficiently without significant disruption to throughput.

The class distribution analysis (Figure 17) highlights a substantial class imbalance, with attack instances constituting the overwhelming majority of the data stream. The disparity between the “Attack” and “Benign” classes widens linearly over time, increasing the difficulty of achieving balanced recall and precision scores. Despite this, the classifier maintains high overall performance metrics—accuracy, precision, recall, and F1-score—throughout the stream, underscoring the robustness of the Leveraging Bagging approach with Hoeffding Trees in handling imbalanced streaming data.

5.2. Adaptability in Medium-Scale Classification

The runtime performance in the six-class classification setting (Figure 18) shows a highly efficient processing pipeline with a mean per-instance processing time of 0.0080 s and a median of 0.0070 s. The narrow standard deviation (±0.0135 s) and the extremely low outlier ratio (only 450 outliers among over 1.6 million instances) confirm that the system achieves stable and consistent runtime behavior, which is critical in real-time streaming applications. The histogram also reveals that almost all processing times are tightly concentrated below the outlier threshold of 0.0486 s, indicating low latency and minimal computational variance.

The cumulative breakdown of time consumption between drift detection and metric updates (Figure 19) reveals that both components contribute stably across the entire stream. Notably, drift detection accounts for roughly 40% of the total computation time, while metric updates dominate with 60%. This balance remains consistent even as the number of instances increases, supporting the scalability of the proposed method. The total cumulative runtime remains under 13 s for the entire stream of 1.6 million instances, demonstrating the system’s high throughput.

The drift analysis (Figure 20) identifies five key drift events. Accuracy remained largely resilient across all events, with only negligible variations between pre- and post-drift periods. The accuracy delta remained under ±0.021% for all drifts, suggesting that the model adapted quickly and maintained predictive stability even in the presence of distributional shifts. The red horizontal line marks the average accuracy of 0.99, and the post-drift bars show minimal degradation or, in some cases, slight improvements.

The class distribution analysis (Figure 21) highlights a significant imbalance in the dataset. The DDoS and DoS classes dominate the stream, while classes such as MQTT, Benign, Recon, and Spoofing occur far less frequently. This imbalance introduces a layer of complexity in both training and drift detection. However, the model’s consistent accuracy throughout suggests that the learning algorithm, combined with Leveraging Bagging and Hoeffding Trees, effectively mitigates the challenges posed by underrepresented classes.

5.3. Scalability in Fine-Grained Classification

In the 19-class setting, the proposed online learning framework showcased strong adaptability to fine-grained, high-cardinality classification challenges. The average processing time per instance was 0.0158 s, with a median of 0.0142 s, indicating efficient performance despite the model’s increased complexity. While the number of outliers rose to 15,836 due to variance in instance processing times (Figure 22), over 98% of the samples were processed within the defined normal range, demonstrating temporal consistency in runtime.

The cumulative processing breakdown (Figure 23) showed a total runtime of approximately 22 s for 1.6 million instances. Of this, drift detection accounted for 37% and metric updates for 63% of the cumulative contribution. The runtime overhead remained within an acceptable range, reflecting efficient scaling in high-class-granularity contexts.

The system detected 13 drift events in total, indicating greater sensitivity to shifting data distributions in complex environments. However, accuracy remained highly stable, as seen in Figure 24. The average accuracy hovered around 0.97, with most post-drift accuracies either matching or slightly improving over pre-drift levels. Minor declines in a few cases (e.g., Drifts 5, 8, and 9) were statistically insignificant (<0.01%) and rapidly recovered, reflecting the framework’s resilience to abrupt concept changes.

Figure 25 illustrates a pronounced class imbalance in the fine-grained task. While high-frequency classes such as DDoS-UDP and DDoS-ICMP exceed 350,000 instances, several rare classes like DDoS-Connect_Flood, Benign, and Port_Scan appear fewer than 50,000 times. Despite this severe skew, the Leveraging Bagging classifier maintained stable accuracy throughout the stream, demonstrating resilience to imbalance by leveraging ensemble diversity and effective drift handling mechanisms in dynamic environments.

5.4. Comparison with Existing Approaches

To contextualize the effectiveness of the proposed Leveraging Bagging framework for online intrusion detection in smart healthcare networks, a comprehensive comparison was conducted against recent state-of-the-art models across binary, medium-scale, and fine-grained classification tasks (

Table 9. Performance comparison of existing models.

Authors	Year	Model	Learning Method	Class	Accuracy	Precision	Recall	F1-Score
Hossain et al. [38]	2024	MultiD-CNN	offline	6	0.9811	0.9773	0.9821	0.9788
Dadkhah et al. [35]	2024	Random Forest	offline	2	0.996	0.971	0.951	0.961
				6	0.735	0.735	0.713	0.676
				19	0.733	0.691	0.577	0.551
Alexander et al. [39]	2024	CBLOF	offline	2	0.93	0.90	0.95	0.96
Mireya et al. [40]	2024	Adaboost	offline	2	0.9837	0.9917	0.9824	0.9870
Fatima et al. [41]	2024	XGBoost	offline	19	0.9501	-	-	-
Alireza et al. [42]	2024	CNN	offline	2	0.99	0.99	0.99	0.99
				6	0.99	0.99	0.99	0.99
				19	0.99	0.98	0.99	0.98
Hamad et al. [43]	2024	TNN-DCNNs-LSTM	offline	2	0.9999	1.0	1.0	1.0
Rajesh et al. [44]	2024	Transformer	offline	2	0.99847	-	-	-
				6	0.97426	-	-	-
Gökhan et al. [45]	2025	L2D2	offline	19	0.98	0.98	0.98	0.98
Kamir et al. [46]	2025	CNN	offline	2	0.9978	0.9978	0.9978	0.9978
Proposed Model	2025	Leveraging Bagging	online	2	0.9963	0.9962	0.9963	0.9961
				6	0.9949	0.9950	0.9949	0.9949
				19	0.9860	0.9854	0.9860	0.9849

). The benchmarking includes both conventional offline learning methods and DL architectures evaluated on the same CICIoMT2024 dataset.

Across all three configurations, the proposed model consistently demonstrated strong performance in terms of accuracy, precision, recall, and F1-score. Notably, in the six-class classification task, the proposed online method outperformed all existing offline models, including deep CNNs and transformers, achieving the highest accuracy (0.9949) among all reported studies. This result highlights the model’s robustness in medium-scale scenarios, where the balance between class diversity and generalization becomes critical.

In the binary classification setting, the proposed model achieved a competitive accuracy of 0.9963. Although several offline models, such as TNN-DCNNs-LSTM (0.9999), Transformer-based architectures (0.99847), and CNN (0.9978), reported marginally higher accuracies, they operate in a static, non-adaptive setting and require extensive retraining to accommodate evolving threats. In contrast, the proposed Leveraging Bagging model operates under real-time constraints and continuously learns from incoming data, providing significant practical advantages in adaptive intrusion detection.

In the 19-class task, which represents the most complex configuration with high class imbalance and granularity, the proposed model achieved an accuracy of 0.9860, outperforming several established models such as XGBoost (0.9501) and Random Forest (0.733). Only Alireza et al.’s offline CNN (0.99) exhibited slightly higher accuracy, benefiting from a deep architectural design and batch normalization layers. However, the inability of such offline models to respond to concept drift and non-stationarity limits their utility in real-world deployment scenarios.

Overall, the results underscore that while certain offline models may outperform the proposed method in narrowly defined static settings, the proposed Leveraging Bagging classifier offers a favorable balance between accuracy and adaptability. It stands out as a practical and efficient solution for real-time intrusion detection in dynamic environments, especially in smart healthcare systems where timely and accurate response is paramount.

6. Conclusions

This study presented a modular and adaptive online intrusion detection framework tailored for smart healthcare networks. By integrating Leveraging Bagging with Hoeffding Trees and performing real-time drift detection via the Page–Hinkley test, the proposed method demonstrated robust performance across binary, medium-scale, and fine-grained intrusion classification tasks. The framework achieved high accuracy, low latency, and reliable adaptability to concept drift, outperforming several offline models in multi-class scenarios while maintaining competitive results in binary classification. Its architecture supports scalable, interoperable deployment across heterogeneous IoMT environments. The full implementation is publicly available, enabling reproducibility and future development within the research community.

In this work, we employed Leveraging Bagging and the Page–Hinkley drift detector with their default configurations. While the results were promising, future work will explore the impact of hyperparameter optimization on classification performance [47], model responsiveness, and drift sensitivity, with the aim of further enhancing adaptive learning in non-stationary healthcare environments.