IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things

The healthcare industry relies heavily on a robust medical infrastructure but generates sensitive data about patients whose confidentiality and integrity protection must be guaranteed. But, although the Internet of Medical Things (IoMT) facilitates the interconnection of medical devices, software applications, and health systems, it also introduces vulnerabilities for adversaries to exploit. Moreover, in recent years, integrating machine learning (ML) into intrusion detection systems (IDS) have shown great potential in identifying malicious actions in the Internet of Things. However, such methods often require representative data for training, which is not commonly available for the IoMT. In this work, we introduce the IoMT-TrafficData, a dataset comprising IoMT network traffic data with features built over packet and network flow information for benign traffic and eight types of attacks. We present results from using several traditional ML algorithms and deep models to identify malicious traffic (binary classification) and the type of attack (multiclass classification), along with a comparative analysis of employing packet and flow statistics in ML-based intrusion detection. We show that ML algorithms can achieve high performance in identifying malicious traffic and distinct attacks, as most of the evaluated methods achieved an F1-score of over 90%. We also show that their performance on traffic-packets is, on average, almost 3% better for identifying malicious traffic than the individual attacks, and they achieve up to 5% better performance when dealing with traffic-flow statistics than when working on packed-based features. Hence, our experiments show the potential of using IoMT traffic flows in ML-based IDS and the usefulness of the IoMT-TrafficData dataset in such a context and present results that may be a benchmark reference for those who work with the dataset. The dataset can be openly accessed through the DOI 10.5281/zenodo.8116337.