An Explainable Artificial Intelligence Based Hybrid Intrusion Detection System for Enhancing Healthcare Security - The Internet of Medical Things (IoMT) refers to a connected infrastructure of medical devices, healthcare
software, and digital health services. This infrastructure transports health data to the cloud or internal servers
through healthcare provider networks. The recent increase in IoMT has rapidly changed the healthcare industry.
Its use in hospitals, however, has also raised severe security and privacy concerns. In October 2018, the FDA
highlighted the vulnerability of numerous implantable cardioverter defibrillators to malicious attacks. This
emphasizes that real-world attacks on IoMT can cause life-threatening risks to patients. Existing security
solutions, primarily prevention-based, are insufficient due to constraints on power consumption, costly resources,
and patient safety. Integrating machine learning algorithms for predicting and identifying potential cyber threats
represents a promising advancement. They, however, were not widely accepted in medical practice because of
their inherent complexity and lack of explainability. These constraints make implementing robust security
systems challenging. Our research proposes a novel explainable artificial intelligence (XAI) based hybrid
intrusion detection system to enhance the security of IoMT devices. It aims to develop an integrated security
framework for detecting malicious attacks by providing understandable explanations of their decisions to
healthcare administrators. In particular, the proposed research has three specific aims. First, we will create a
formal threat analysis model to examine known vulnerabilities by executing attacks on targeted devices. This is
known as misuse detection. Then, advanced machine learning algorithms will be developed to model normal
behavior and detect anomalies representing unknown malicious activities. This is known as anomaly detection.
Subsequently, we will construct an explainable hybrid detection model to combine both misuse and anomaly
detectors effectively and efficiently. To our knowledge, the proposed research is pioneering in integrating formal
threat analysis model based misuse and machine learning-based anomaly detection in an XAI framework. The
study is significant because it comprehensively addresses known and unknown threats against medical devices.
Its outcomes will improve healthcare delivery, reduce treatment errors, and improve patient trust.
