Securing Healthcare IoT Ecosystems: Anomaly Detection and Resilience Mechanisms for Enhanced Data Privacy and Trustworthiness

1. Introduction

Internet of things (IoT) is widely suggested for use in a variety of applications across several industries. IoT depends on sensors that gather environmental data for objectives including wide-area surveillance and tracking.¹ The design of smart infrastructures such as smart grids, smart cities, and smart metering systems was developed up of this potential. Remote patient care and effective data management each have been rendered accessible by the integration of IoT devices into healthcare ecosystems, which have transformed the sector.² Sensitive healthcare data considering and captured by such networked devices is evolving to ensure privacy and security. A variety of vulnerabilities that might be exploited by attackers, the widespread adoption of IoT devices in the medical sector raises integrity and availability of patient data.³ Sensor buildings acquire data regarding patients and their environment across networks. The use of methods for data transmission from ports of entry to the border routers, data transfer to cloud servers for enhanced evaluation and storage, and analysis the border router.⁴ Flexibility technique and anomaly detection are essential for reducing the effects of safety incident and declare the function of healthcare amenities. Proactive measures including data encryption, device authentication, entrance limits and frequent security audits are part of resilience schedules.⁵ Anomaly detection, performed by monitoring device motions across time and identifying variations that point to signals of hostile behavior that is a crucial component of ecosystem protection.⁶ Anomaly detection systems is automatically recognize the usual behavior of devices, users, and network traffic in a healthcare system by using modern machine learning (ML) techniques and information analytics approaches. The value of anomaly detection in protecting IoT networks for healthcare, emphasizes and integrity of digital infrastructures in healthcare environments.⁷ The aim of this study anomaly detection in healthcare IoT ecosystems is to identify abnormal behavior or deviations from expected patterns within the network, devices, or data, aiming to promptly detect and mitigate potential security threats or breaches. The study contributes by Introducing a new, more sophisticated architecture using learning method (URF) integrated with optimization algorithm (CSCSO), this hybrid model outperforms the methids (GNB, KNN, DT) using accuracy, precision, recall, and F1-score as performance evaluation metrics.

2. Related work

The research⁸ explained a smart health care system that predicts heart disease utilizing feature fusion and ensemble deep learning (DL). The technique known as feature fusion generates relevant healthcare data by integrating features that have been obtained from healthcare data with recorded. Heart disease data are used to test the recommendation, and contrasted to standard classifiers based on combination of features, choice of features, and weighing approach. The study⁹ explained convolutional neural network (CNN) based techniques for structural health monitoring (SHM) approaches to exploit of recorded compact response data. Confusion matrices and training accuracy records are used to evaluate each CNN implementation’s performance in combination to other performance measures. The article¹⁰ described a medical image cryptosystem that generates two separate sets of chaotic randomized vectors using a stacked auto-encoder (SAE) networks. The benefits of parallel SAE calculation which decrease the intricacy and runtime cryptosystem effective, the findings shows structure might be beneficial and suitable for services offered by the medical sector. The research¹¹ described intends to develop a stable platform for early detection by integrating artificial intelligence (AI) and fog computing with smart health. The performance of the framework was evaluated in terms of power consumption, latency, network use, and storage utilization. To classify F1 score, accuracy, and precision are evaluated. The article¹² provided a framework for secure healthcare monitor that merge edge cloud and named data networking (NDN) in IoT. The model uses ciphertext and signatures to enable healthcare data transmission security and make of NDN’s capabilities to enhancethe medical data retrieval. The framework has a numerical assessment. The research¹³ provided an empirical confirmation of the connection among IoT deployment and how patient care service engagement was affected by adoption. Results demonstrates how the use of IoT devices in healthcare establishes new opportunity and challenges the established model by allowing patients to participate in selection and increasing their involvement with the system. The study¹⁴ offered an IoT was real-time health monitormodel powered by DL. The suggested system measures vital signs using wearable medical equipment and derives pertinent information using a variety of DL methods. Various numerically based performance assessment criteria are taken into consideration when conducting a thorough evaluation of the proposed system’s performance utilizing a cross-validation test.

3. Methodology

The purpose of CSCS- URF method is used to enhance data privacy safeguard sensitive patient information. In this section firstly dataset is gathered and data cleaning is employed using min max normalization, to enhance interpretability feature selection using RFE. Our proposed CSCS-URF method is executed and explained in detail. Figure 1 shows that workflow of methodology.

Figure 1. Overview of proposed workflow.

Step 1: Data Preprocessing (data cleaning and normalization).

Step 2: Splitting the dataset.

Step 3: Feature selection using recursive feature elimination (RFE).

Step 4: Anomaly detection customized sand cat swarm driven updated random forest (CSCS-URF).

Step 5: Performance Analysis.

3.4 Anomaly detection customized sand cat swarm driven updated random forest (CSCS-URF)

• - Customized sand cat swarm optimization (CSCSO)

Integrating anomaly detection systems with CSCSO technology is essential to secure healthcare IoT. While CSCSO maintains a network of compact flexible drones to observe and threat response, anomaly detection detects anomalous activity. In healthcare IoT instances, this combination strategy improves real-time monitoring and security against various cyber and physical risks. A brand-new swarm intelligence (SI) based metaheuristic technique is called CSCSO, With an emphasis on the distinctive ability of hearing and hunting skills that distinguish desert-dwelling cats, this algorithm is designed for adaptive and balanced throughout its exploration-exploitation operations. Utilizing such special abilities, the cats can follow the actions and locations of their victims. Sand cats have two main phases to their foraging, based on their behavioral traits. A sand cat is allocated to each problem’s unavailable parameter in this population-based method. Each cat, or search agent is perceived as a vector that’s length matches to the scale of that problem. The performance of algorithm based fitness function of each problems Equation (5),

(5)

$$\text{Fitness}=\text{eTandcat}={\mathrm{eTD}}_1,{\mathrm{TD}}_2,\dots ,{\mathrm{TD}}_{\mathrm{m}};\forall {\mathrm{w}}_{\mathrm{j}},\left(\text{calculated in healthcare system}\right)$$

The following Equations (2) through (5) represent the mathematical frameworks which function in the SCSO’s searching (exploration) and hunting (exploitation) stages.

(6)

$$\overrightarrow{\mathrm{d}}=\mathrm{T}-\frac{\mathrm{T}\ast \mathrm{s}}{\mathrm{S}}$$

The following Equations (6) through (7) represent the mathematical models which function well in the SCSO’s finding (exploration) and hunting (exploitation) stages.

(7)

$$\overrightarrow{\mathrm{Q}}=2\times \overrightarrow{\mathrm{d}}\times rand-\overrightarrow{\mathrm{d}}$$

(8)

$$\overrightarrow{\mathrm{q}}=\overrightarrow{\mathrm{d}}\times rand$$

Equation (8) is coefficients of $rand$ function sincecats have sensitive hearing, $\mathrm{q}$ is accountable for directing the algorithm to act in an equal secure data in healthcare.

• - Updated Random Forest (URF)

Healthcare IoT Ecosystem security is essential and anomaly detection is essential to secure the patient data. URF stands to be an effective medication. By providing increased randomness to the feature selection process, URF improves on classic are ensemble methods of learning. This increases the system’s resilience to a variety of attacksand anomalies in the intricate healthcare IoT context. URF utilizes the original data and generates several subtraining sets and matching test sets using a random sampling technique. To resampling, duplicate data appears in every training subset, preventing local extremes from becoming problems. To get at the ultimate preference, multiple decision tree models are trained using testing data. It builds each individual tree using bootstrap and feature randomness to produce a forest of uncorrelated trees with a forecast that is higher to any particular tree. The following is the method for building a URF with $N$ trees regarding each $n=1,\dots ,N$ . Figure 2 illustrates that structure of URF. Create a bootstrapped test $x_n$ using Equation (9),

(9)

$$f\left(y\right)=\frac{1}{N}\sum _{j=1}^{n}b\left(x\right)$$

Figure 2. The structure of Updated Random Forest (URF).

URF creates many decision trees by using various data subsets and input variables. The final outcome of the URF is the combined prediction of random variable in each tree, which is training data subset of the input parameters in secures the patient data. The security of the healthcare IoT ecosystem is ensured by CSCS-URF. It improves data privacy and reliability by using resilience and anomaly detection techniques. In IoT instances, CSCS-URF provides robust safety against attacks, improving the integrity of medical data. Pseudocode 1 illustrates that CSCS-URF.

Input:

Dataset: Preprocessed data (normalized by Min-Max normalization, feature selected using RFE).

N_agents: population size (Number of sand cat swarm agents).

N_trees: Number of decision trees in the URF.

Max_iterations: Maximum number of iterations.

Output:

Optimized_URF_Model: A trained URF model with hyperparameters optimized by the CSCSO.

Begin

Initialization Phase:

Initialize the population of sand cat swarm agents Xi (i = 1 to N_agents). Each agent’s position represents a candidate solution, typically a vector of hyperparameters for the URF model (max. depth of trees, features’ number to consider at a split).

Initialize (URF) model with random hyperparameters.

Define the fitness function as the primary evaluation metric,

Evaluate the initial fitness for each solution.

    Repeat until Max_iterations is reached:

For each sand cat agent i in the population:

Exploration & Hunting Behavior

Calculate the sensitivity range r for hearing ( $\overrightarrow{\mathrm{q}}=\overrightarrow{\mathrm{d}}\ast rand$ ).

Generate a random angle θ between 0 and 360 degrees.

If|Q|> 1 (Exploration Phase - searching for new regions):

Random movement based on the agent’s current position, the best candidate position (T), and the controlling parameters d and Q.

Else|Q|≤ 1 (Exploitation Phase):

move towards the best solution found (T), The new position is calculated as: $X_{\mathit{new}}=T-r\ast \mathit{sign}(cos\left(\theta \right))\ast x\_\mathit{\text{current}}$ .

Fitness Evaluation

Configure URF model with new position’s (Xi) hyperparameters.

Train the URF model on the training subset.

Calculate the trained model’s fitness on the validation subset.

Update Best Solution:

If the fitness of new position > its previous or the global best, update the solution (T).

Update the RFU (Integrate with Best Solutions):

After evaluate all solutions in the current iteration, identify the G_best agent

The URF model’s hyperparameters are set the G_best agent’s position.

Final Model Training:

Using the G_best agent, train the URF model using the entire training set.

the final output is The resulting Optimized_URF_Model is.

Return Optimized_URF_Model

End

4. Results

In this study, utilizing the Python platform and the RAM of a laptop refers to 8.00 GB the access data quickly an Intel^® Core i9 Processors, and Windows 11. To evaluate the proposed method’s performance in terms of precision, recall, f1-score, accuracy and the existing methods such as Gaussian naive bayes (GNB),¹⁶ k-nearest neighbors (KNN),¹⁶ decision tree (DT)¹⁶ that are explained in detail. Table 1 show that numerical outcomes of existings and proposed.

Accuracy: Accuracy in anomaly detection is crucial for protecting IoT networks in the healthcare industry. Anomalies indicated that potential security breaches might be detected and fixed through continually monitoring data flow and device activity. By implementing this proactive measure, the IoT infrastructure’s delicate medical data is better protected.

The comparison of accuracy among the existing approaches and proposed methods is displayed in Figure 3. When compared to existing approaches, our proposed CSCS-URF approach achieved 97% and existing methods are GNB attains 92.508%, KNN attains 92.753%, and DT attains 91.963 %. It demonstrates the greater efficiency in ensures healthcare IoT ecosystem security by using our proposed approach.

Figure 3. Result of accuracy, compare the accuracy of proposed method with DT, KNN, and GNB.

Precision: Robust anomaly detection algorithms are essential for precision in healthcare IoT ecosystem security. Anomalies indicative of potential security breaches or malfunctions was quickly detected by monitoring data flow and device performance. In healthcare IoT contexts, precision ensures prompt clarification, reducing threats to patient data integrity and system stability.

The comparison of precision among the existing approaches and proposed methods is displayed in Figure 4. When compared to other existing approach, our proposed CSCS-URF approach achieved 94% and existing methods are GNB attains 91.806%, KNN attains 91.994%, and DT attains 92.061%. It demonstrates the greater efficiency in ensures healthcare IoT ecosystem security by using our proposed approach.

Figure 4. Result of precision, compare the precision of proposed method with DT, KNN, and GNB.

Recall: Protecting medical IoT networks is the main goal of anomaly detection. It makes use of anomaly detection methods to spot anomalous patterns of behaviour that can point to security flaws or other system issues. It improves IoT security for healthcare by quickly identifying abnormalities and protecting the security and integrity of private patient information.

The comparison of recall among the existing approach and proposed methods is displayed in Figure 5. When compare to other existings approach, our proposed CSCS-URF approach achieved 96% and existings methods are GNB attains 92.508%, KNN attains 92.753%, and DT attains 91.963%. It demonstrates the greater efficiency in ensures healthcare IoT ecosystem security by using our proposed approach.

Figure 5. Result of recall, compare the recall of proposed method with DT, KNN, and GNB.

F1-score: A statistic called the F1-score is used to assess classification models function. It is a single number that combines precision and recall. This is especially helpful in cases when datasets are unbalanced, since it offers a fair evaluation of a model’s capacity to identify irregularities in Healthcare IoT networks.

The comparison of f1-score among the existing approach and proposed methods is displayed in Figure 6. When compare to other existing approach, our proposed CSCS-URF approach achieved 96% and existing methods are GNB attains 91.936%, KNN attains 92.99%, and DT attains 92.01%. It demonstrates the greater efficiency in ensures healthcare IoT ecosystem security by using our proposed approach.

Figure 6. Result of F1-score, compare the F1-score of proposed method with DT, KNN, and GNB.

5. Conclusion

Securing healthcare IoT networks requires the use of anomaly detection technologies. Device performance and network traffic patterns might be frequently examined so that abnormalities indicating potential risks or malfunctions identified promptly and fixed. Robust anomaly detection systems are essential for protecting sensitive medical data and maintaining the integrity of healthcare operations as the sector depends on IoT devices to provide effective and efficient patient care. Challenges include data privacy; interoperability, false positives/negatives, and the need for resilient and flexible algorithms arise while securing healthcare IoT using anomaly detection. To conquerthis problem we proposed CSCS-URF techniques comprehensive approach to address the challenges by focusing on anomaly detection and resilience mechanisms to enhance data privacy and trustworthiness in healthcare IoT ecosystems. The findings of this study offers an outcome of accuracy (97%), F1-score (95%), precision (94%), recall (96%) which shows that our proposed CSCS-URF approach produces the precision with an outstanding results.

6. Limitations and future scope

False positives in anomaly detection in healthcare IoT networks might result in pointless warnings and possible alarm overload among medical personnel, overly sensitive detection systems might overlook real threats, which reduce their ability to protect patient information and medical equipment from cyberattacks. The future scope includes building IoT-specific security standards to protect healthcare ecosystems from emerging threats, integrating blockchain for secure data communication, and developing anomaly detection algorithms using machine learning.

Software accessibility

The suggested Customized Sand Cat Swarm driven Updated Random Forest (CSCS-URF) framework’s source code is made available to the public to promote transparency and reproducibility. The implementation is available in a public GitHub repository under the MIT License (OSI-approved). The application has been given a Digital Object Identifier (DOI) for citation and long-term access after being permanently archived in Zenodo.

All of the scripts necessary for data preparation, feature selection, optimization, and model training are included in the repository. https://doi.org/10.5281/zenodo.18335514¹⁷