Detecting Invisible Cross-Layer and Cross-Protocol Attacks in IoMT Using Resource-Aware Machine Learning
Published in Social Sciences, Electrical & Electronic Engineering, and Computational Sciences
Behind the Paper: Detecting the “Invisible” Attacks in the Internet of Medical Things (IoMT)
Healthcare systems are rapidly becoming smarter, more connected, and increasingly dependent on the Internet of Medical Things (IoMT). From wearable sensors and smart infusion pumps to remote patient monitoring systems and intelligent hospital networks, these technologies are transforming healthcare delivery and improving patient outcomes. However, this transformation also introduces new cybersecurity risks that traditional defense mechanisms are often unable to detect.
Our recent publication, “Resource-aware ML framework for multi-level cross-layer and cross-protocol attack detection in IoMT,” published in the Journal of Supercomputing, explores one of the emerging and overlooked cybersecurity threats in IoMT environments: Cross-Protocol (CP) and Cross-Layer (CL) attacks. Springer Article
Why We Started This Research
Most intrusion detection systems (IDS) are designed around isolated protocol analysis. In practice, this means they inspect traffic at a single network layer or focus on one communication protocol at a time. While this approach can detect many traditional attacks, modern attackers have become far more sophisticated.
Cross-Protocol and Cross-Layer attacks exploit interactions between multiple protocols and layers simultaneously. Instead of attacking a system directly, adversaries manipulate the relationships between communication layers or tunnel malicious traffic through unexpected protocols. This allows malicious activity to bypass conventional security monitoring tools.
In healthcare environments, such attacks can be extremely dangerous. Imagine a malicious actor manipulating communication between wearable sensors and hospital monitoring systems, delaying alerts, or disrupting medical data transmission. Even a small delay or misclassification could affect patient safety.
Despite the growing importance of IoMT security, we found that most existing research focused primarily on binary attack detection or conventional multi-class classification. Very little attention had been given to CP and CL attacks, especially under resource constraints typical in IoMT systems.
This gap motivated us to design a lightweight yet highly effective machine learning framework capable of detecting these advanced attack patterns in real time.
The Core Challenge
IoMT devices are fundamentally different from traditional computing systems. They are often resource-constrained, with limited memory, processing power, and energy availability. This means that many computationally expensive deep learning solutions may not be practical for real-world healthcare deployment.
The challenge was therefore twofold:
-
Develop a detection framework capable of identifying sophisticated CP and CL attacks.
-
Ensure the framework remains lightweight and efficient enough for deployment in practical IoMT settings.
Balancing security effectiveness with computational efficiency was a central theme of this work.
Building the Framework
To address this challenge, we designed a resource-aware intrusion detection framework using machine learning techniques. We evaluated it on the CICIoMT2024 dataset, which contains realistic Wi-Fi and MQTT traffic for IoMT environments. (researchgate.net)
Our framework included several important stages:
-
Standardized preprocessing for stable and fair evaluation.
-
Hierarchical balancing to handle data imbalance across labels and categories.
-
Feature clustering and dimensionality reduction using Principal Component Analysis (PCA).
-
Comparative evaluation of multiple machine learning models.
We intentionally explored both PCA and non-PCA configurations because dimensionality reduction can significantly influence model stability and computational cost.
One particularly interesting finding involved the Multi-Layer Perceptron (MLP) model. Without PCA, the MLP struggled significantly in CP detection. However, after applying PCA, its performance improved dramatically. This highlighted how preprocessing decisions can heavily impact the effectiveness of machine learning in cybersecurity applications.
At the same time, Random Forest consistently delivered the best balance between accuracy, stability, and efficiency.
What We Found
Among all evaluated models, Random Forest without PCA achieved the most reliable and consistent performance. The framework achieved accuracy values above 99% and F1-scores reaching 0.9951 for Cross-Protocol attacks and 0.9926 for Cross-Layer attacks. (researchgate.net)
Equally important, the framework demonstrated very low computational overhead:
-
Approximately 0.02 seconds per test instance.
-
Less than 1 MiB memory usage.
These results are highly significant because IoMT environments require low-latency and lightweight security solutions. In healthcare systems, delayed detection may directly lead to delayed medical decisions.
Our results demonstrated that high detection performance does not necessarily require extremely heavy deep learning architectures. Carefully designed resource-aware machine learning solutions can still provide strong protection while remaining deployable in constrained environments.
Beyond Accuracy Metrics
One lesson we learned from this work is that cybersecurity research should not focus solely on accuracy percentages. In many publications, very high accuracy values are reported without considering whether the proposed systems can realistically operate in constrained real-world environments.
For healthcare applications, deployability matters as much as detection capability.
This is why we emphasized resource awareness throughout the paper. A practical IDS for IoMT should not only detect attacks accurately but also
-
Operate with minimal latency.
-
Consume limited memory and computational resources.
-
Adapt to heterogeneous communication protocols.
-
Maintain reliability under realistic traffic conditions.
Future cybersecurity research should increasingly evaluate models from this operational perspective.
The Human Side of the Project
This work was also a rewarding collaborative effort between researchers and students working on advanced cybersecurity challenges in emerging healthcare technologies. One of the exciting aspects of the project was exploring how relatively classical machine learning techniques could still outperform more complex methods when combined with proper preprocessing, balancing, and evaluation strategies.
Another rewarding aspect was working with realistic IoMT traffic rather than overly simplified benchmark datasets. Real healthcare communication environments are noisy, heterogeneous, and dynamic, making the problem substantially more challenging.
Throughout the project, we repeatedly refined preprocessing pipelines, experimented with balancing strategies, and analyzed why certain models failed under specific attack scenarios. Many of the final insights emerged only after extensive iterative experimentation.
Looking Ahead
Cross-Protocol and Cross-Layer attacks are likely to become increasingly common as interconnected healthcare ecosystems continue to grow. Future IoMT systems will integrate AI-driven diagnostics, cloud-assisted healthcare, edge computing, wearable devices, and autonomous medical systems, all communicating through diverse protocols and layers.
This increasing complexity will inevitably expand the attack surface.
Future research directions may include:
-
Federated and privacy-preserving intrusion detection for distributed healthcare systems.
-
Explainable AI techniques for interpretable medical cybersecurity decisions.
-
Real-time adaptive IDS frameworks capable of evolving with new attack patterns.
-
Hybrid edge-cloud architectures for scalable IoMT security.
-
Integration of post-quantum cryptographic protection with intelligent intrusion detection.
We hope this work contributes toward building more secure and trustworthy healthcare infrastructures.
Final Thoughts
Cybersecurity in healthcare is no longer optional. As medical systems become smarter and more interconnected, attackers are also becoming more creative and adaptive.
Our goal with this research was not only to improve attack-detection performance but also to demonstrate that practical, lightweight, and deployable security solutions are achievable in IoMT environments.
Ultimately, protecting digital healthcare systems means protecting patients themselves.
We are excited to continue exploring intelligent and resource-aware cybersecurity solutions for next-generation cyber-physical and healthcare systems.
Published article:
“Resource-aware ML framework for multi-level cross-layer and cross-protocol attack detection in IoMT” in The Journal of Supercomputing. (researchgate.net)
Follow the Topic
-
The Journal of Supercomputing
The Journal of Supercomputing publishes papers on the technology, architecture and systems, algorithms, languages and programs, performance measures and methods, and applications of all aspects of supercomputing.
Related Collections
With Collections, you can get published faster and increase your visibility.
SI - Simulation-Powered Innovation: Driving the Future of Digital Ecosystems
This Special Issue publishes cutting-edge research on simulation technologies that are revolutionizing industries, fostering innovation, and enabling seamless interactions within complex digital environments. It is based on the 29th International Symposium on Distributed Simulation and Real Time Applications (DS-RT 2025).
The scope of the SI includes, but is not limited to:
• Advanced Paradigms in Large Scale Distributed and Real-Time Simulations: Exploring innovative methodologies and software architectures for extreme scale simulations, including parallel and distributed simulation, multi-agent systems, and hardware-software co-design.
• Large Scale Real-Time Systems and Concurrent Systems Design: Focusing on paradigms, modeling, and architecture for systems with hard and soft real-time constraints, emphasizing the development of robust and efficient environments.
• Innovative Modelling Techniques for Simulation: Delving into advanced modeling approaches, including the reuse of models, development of new modeling languages, agent-based modeling, and spatial modeling and simulation.
• Multi-Level, Multi-Scale, and Multi-Resolution Modeling: Investigating the complexities and challenges in creating simulations that operate across various levels, scales, and resolutions.
• Non-Functional Properties in Distributed Simulation and Real-Time Systems: Addressing key aspects like dependability, reliability, maintainability, safety, security, and quality of service in simulation and real-time systems.
• Theoretical Foundations of Real-Time and Simulation Models: Exploring fundamental concepts such as event systems, causality, space-time models, notions of time, and the coordination of simulators in discrete and continuous systems.
• Large Scale Simulation Studies: Presenting case studies and research in industrial, commercial, ecological, societal, and pervasive computing systems, focusing on large and very large scale applications.
• Performance and Validation in Large Scale Distributed Simulations: Discussing benchmarking, analytical results, and empirical studies to assess the performance and accuracy of large-scale distributed simulations.
• Parallel and Distributed Simulation Algorithms and Methods: Covering synchronization, scheduling, memory management, and load balancing in the context of parallel or distributed simulation.
• Virtual Environments and Mixed Reality Systems in Simulation: Exploring the use of interactive virtual reality, immersive environments, and human communication in simulation-based virtual and mixed reality systems.
• Collaborative Virtual and Augmented Reality: Investigating shared interaction spaces, telepresence systems, and shared workspaces, including 3D video and acoustic reconstruction.
• Serious Gaming and MMOG in Simulation: Addressing applications, architectures, and scalability issues in serious gaming and massive multiplayer online games.
• Human-Computer Interaction in Large Scale DS-RT Systems: Examining design issues, interaction designs, and the challenges raised by large-scale distributed simulation and real-time systems.
• Artificial Intelligence and Machine Learning in Simulation: Focusing on the integration and application of AI and machine learning techniques within simulation environments.
• Advances in Digital Twin Paradigms: Exploring the latest developments, applications, and challenges in the field of digital twins, emphasizing their role in bridging the physical and digital worlds.
• Intersection of Digital Twins and machine learning: enhancing predictive modeling, real-time analytics, and decision-making, focusing on on novel algorithms and use-cases.
• Role of Digital Twins in applications: enhancing automation, connectivity, and real-time data exchange. Contributions are solicited on implementation challenges and future trends on applications such as Industry 4.0, manufacturing, supply chain, construction, aerospace, logistics, energy sector, healthcare.
Submitted papers should present original, unpublished work, relevant to one of the topics of the special issue. All submitted papers will be evaluated on the basis of relevance, significance of contribution, technical quality, scholarship, and quality of presentation, by at least three independent reviewers. It is the policy of the journal that no submission, or substantially overlapping submission, be published or be under review at another journal or conference at any time during the review process. Please note that the authors of selected papers presented at the DS-RT 2025 symposium are invited to submit an extended version of their contributions by taking into consideration both the reviewers’ comments on their conference paper, and the feedback received during presentation at the conference. It is worth clarifying that the extended version is expected to contain a substantial scientific contribution, e.g., in the form of new algorithms, experiments or qualitative/quantitative comparisons, and that neither verbatim transfer of large parts of the conference paper nor reproduction of already published figures will be tolerated. The extended versions of symposium papers will undergo the standard, rigorous journal review process and be accepted only if well-suited to the topic of this special issue and meeting the scientific level of the journal. Final decisions on all papers are made by the Editor in Chief.
Publishing Model: Hybrid
Deadline: Ongoing
Section - Architectures, Systems and Hardware Security
All aspects of high-performance hardware and architectures, including optimizing and evaluating processors, systems issues, and security, especially at the hardware level and sustainability of systems.
Topics include but not limited to the following:
T
• Architectural support for programming languages or software development.
• Architectures to support extremely heterogeneous composable systems (e.g., chiplets)
• Design-space exploration/performance projection for future systems
• Evaluation and measurement on testbed or production hardware systems
• Hardware acceleration of containerization and virtualization mechanisms for HPC
• Interconnect technologies, topology, switch architecture
• I/O architecture/hardware and emerging storage technologies
• Memory systems: caches, memory technology, non-volatile memory, memory system architecture (to include address translation for cores and accelerators)
• Multi-processor architecture and micro-architecture (e.g., reconfigurable, vector, stream, dataflow, GPUs, and custom/novel architecture)
• Sustainable design aspects, including power and energy efficiency and power-management strategies
• Resilience, error correction, high availability architectures
• Scalable and composable coherence (for cores and accelerators)
• Secure architectures, side-channel attacks, and mitigation, covering all attack vectors, including all forms of side-channel attacks, piracy, reverse engineering, tampering, and hardware Trojan attacks, including countermeasures at different stages of system design - i.e., architecture definition, design, validation, and deployment
• The security of hardware and system security at all levels of abstraction
• Interactions between hardware and systems, and between hardware and firmware/software, including in the context of security and trust
• Software/hardware co-design, domain-specific language support
• Interactions among architectures, compilers, programming languages, and operating systems
Architectures, Systems and Hardware Security research relates to multiple United Nations Sustainable Development Goals (SDGs) through advances in health care, education, and energy, among other fields. This Section particularly welcomes submissions related to SDG 9 “Industry, Innovation, And Infrastructure.”
An essential aspect of supercomputing involves solving computer-intensive problems. Paper submissions are expected to address problems that require significant computational resources.
Publishing Model: Hybrid
Deadline: Ongoing
Please sign in or register for FREE
If you are a registered user on Research Communities by Springer Nature, please sign in
Glad to see our work now live on the Springer Nature Research Community. Advancing lightweight and intelligent IoMT cybersecurity remains an important research direction.