"IoMT-IND2026: A Benchmark Cybersecurity Dataset for Intrusion Detection in Healthcare Internet of Medical Things Networks"

"The fast implementation of the Internet of Medical Things (IoMT) in the current healthcare systems has changed significantly the process of monitoring patients, remote diagnosis, and real-time medical data sharing. Nevertheless, interconnected medical equipment, wireless medical communication systems and cloud-based medical infrastructure have also presented severe cybersecurity risks. Medical IoT gadgets wearable sensors, patient monitoring system, infusion pump, and smart diagnostic gadgets are constantly transmitting sensitive health data over the hospital networks and hence making them the targets of cyber attackers. Even though the role of securing healthcare IoT environments has been increasingly important, the realistic and publicly available cybersecurity datasets that are specifically designed to detect intrusion in the IoMT networks is still limited. In an attempt to overcome the mentioned obstacle, the current paper presents the IoMT-IND2026 benchmark cybersecurity dataset that aims to serve the research in intrusion detection and threat analysis in healthcare IoMT networks.The IoMT-IND2026 data has been created based on an elaborate network simulation environment that has been created using the NS-3 network simulator that is a realistic model of communication behavior and healthcare infrastructure. The simulated environment is a model of a big hospital network comprising of several interconnected systems, such as medical IoT devices, wearable healthcare sensors, hospital gateway nodes, edge computing servers, cloud healthcare servers, and malicious attacker nodes. To mimic communications patterns typical to the medical device in the real world, the simulation environment includes typical healthcare communication protocols including Wi-Fi, TCP\/IP, UDP, and MQTT.In this simulated healthcare setting, the normal network traffic and various cyber-attack scenarios were simulated to produce a balanced and representative dataset in the intrusion detection research. The scenarios of attack are Denial of Service (DoS), Man-in-the-Middle (MITM) attacks, and botnet-based malicious attacks, which are some of the most common attacks to healthcare IoT systems. These injections have been done into the simulated network, and they were done in a careful way to replicate realistic attacks on the gateways of the hospital and the IoMT devices.The resulting network traffic was recorded in the form of packet-level data which were then processed to get the appropriate features of the traffic flows. The last data is in CSV format and has several network and traffic-based features such as packet size, flow time, packet rate, time to live (TTL), TCP flag characteristics (SYN, ACK, RST), window size, payload entropy, and device communication information. Each example of data is tagged with the corresponding network behavior classification, facilitating supervised machine learning and deep learning studies to detect cyber-attacks.  This data will help develop and test innovative machine learning and artificial intelligence tools to improve cybersecurity in smart healthcare networks by incorporating realistic healthcare network traffic models and labeled cases of cyber-attacks."