IoMT-TrafficData: A Dataset for Benchmarking Intrusion Detection in IoMT

Article Information The work involved in developing the dataset and benchmarking its use of machine learning is set out in the article ‘IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things’. DOI: 10.1109/ACCESS.2024.3437214. Please do cite the aforementioned article when using this dataset.  Abstract The increasing importance of securing the Internet of Medical Things (IoMT) due to its vulnerabilities to cyber-attacks highlights the need for an effective intrusion detection system (IDS). In this study, our main objective was to develop a Machine Learning Model for the IoMT to enhance the security of medical devices and protect patients’ private data. To address this issue, we built a scenario that utilised the Internet of Things (IoT) and IoMT devices to simulate real-world attacks. We collected and cleaned data, pre-processed it, and provided it into our machine-learning model to detect intrusions in the network. Our results revealed significant improvements in all performance metrics, indicating robustness and reproducibility in real-world scenarios. This research has implications in the context of IoMT and cybersecurity, as it helps mitigate vulnerabilities and lowers the number of breaches occurring with the rapid growth of IoMT devices. The use of machine learning algorithms for intrusion detection systems is essential, and our study provides valuable insights and a road map for future research and the deployment of such systems in live environments. By implementing our findings, we can contribute to a safer and more secure IoMT ecosystem, safeguarding patient privacy and ensuring the integrity of medical data. ZIP Folder Content The ZIP folder comprises two main components: Captures and Datasets. Within the captures folder, we have included all the captures used in this project. These captures are organized into separate folders corresponding to the type of network analysis: BLE or IP-Based. Similarly, the datasets folder follows a similar organizational approach. It contains datasets categorized by type: BLE, IP-Based Packet, and IP-Based Flows. To cater to diverse analytical needs, the datasets are provided in two formats: CSV (Comma-Separated Values) and pickle. The CSV format facilitates seamless integration with various data analysis tools, while the pickle format preserves the intricate structures and relationships within the dataset. This organization enables researchers to easily locate and utilize the specific captures and datasets they require, based on their preferred network analysis type or dataset type. The availability of different formats further enhances the flexibility and usability of the provided data. Datasets' Content Within this dataset, three sub-datasets are available, namely BLE, IP-Based Packet, and IP-Based Flows. Below is a table of the features selected for each dataset and consequently used in the evaluation model within the provided work. Identified Key Features Within Bluetooth Dataset Feature Meaning btle.advertising_header BLE Advertising Packet Header btle.advertising_header.ch_sel BLE Advertising Channel Selection Algorithm btle.advertising_header.length BLE Advertising Length btle.advertising_header.pdu_type BLE Advertising PDU Type btle.advertising_header.randomized_rx BLE Advertising Rx Address btle.advertising_header.randomized_tx BLE Advertising Tx Address btle.advertising_header.rfu.1 Reserved For Future 1 btle.advertising_header.rfu.2 Reserved For Future 2 btle.advertising_header.rfu.3 Reserved For Future 3 btle.advertising_header.rfu.4 Reserved For Future 4 btle.control.instant Instant Value Within a BLE Control Packet btle.crc.incorrect Incorrect CRC btle.extended_advertising Advertiser Data Information btle.extended_advertising.did Advertiser Data Identifier btle.extended_advertising.sid Advertiser Set Identifier btle.length BLE Length frame.cap_len Frame Length Stored Into the Capture File frame.interface_id Interface ID frame.len Frame Length Wire nordic_ble.board_id Board ID nordic_ble.channel Channel Index nordic_ble.crcok Indicates if CRC is Correct nordic_ble.flags Flags nordic_ble.packet_counter Packet Counter nordic_ble.packet_time Packet time (start to end) nordic_ble.phy PHY nordic_ble.protover Protocol Version   Identified Key Features Within IP-Based Packets Dataset Feature Meaning http.content_length Length of content in an HTTP response http.request HTTP request being made http.response.code Sequential number of an HTTP response http.response_number Sequential number of an HTTP response http.time Time taken for an HTTP transaction tcp.analysis.initial_rtt Initial round-trip time for TCP connection tcp.connection.fin TCP connection termination with a FIN flag tcp.connection.syn TCP connection initiation with SYN flag tcp.connection.synack TCP connection establishment with SYN-ACK flags tcp.flags.cwr Congestion Window Reduced flag in TCP tcp.flags.ecn Explicit Congestion Notification flag in TCP tcp.flags.fin FIN flag in TCP tcp.flags.ns Nonce Sum flag in TCP tcp.flags.res Reserved flags in TCP tcp.flags.syn SYN flag in TCP tcp.flags.urg Urgent flag in TCP tcp.urgent_pointer Pointer to urgent data in TCP ip.frag_offset Fragment offset in IP packets eth.dst.ig Ethernet destination is in the internal network group eth.src.ig Ethernet source is in the internal network group eth.src.lg Ethernet source is in the local network group eth.src_not_group Ethernet source is not in any network group arp.isannouncement Indicates if an ARP message is an announcement   Identified Key Features Within IP-Based Flows Dataset Feature Meaning proto Transport layer protocol of the connection service Identification of an application protocol orig_bytes Originator payload bytes resp_bytes Responder payload bytes history Connection state history orig_pkts Originator sent packets resp_pkts Responder sent packets flow_duration Length of the flow in seconds fwd_pkts_tot Forward packets total bwd_pkts_tot Backward packets total fwd_data_pkts_tot Forward data packets total bwd_data_pkts_tot Backward data packets total fwd_pkts_per_sec Forward packets per second bwd_pkts_per_sec Backward packets per second flow_pkts_per_sec Flow packets per second fwd_header_size Forward header bytes bwd_header_size Backward header bytes fwd_pkts_payload Forward payload bytes bwd_pkts_payload Backward payload bytes flow_pkts_payload Flow payload bytes fwd_iat Forward inter-arrival time bwd_iat Backward inter-arrival time flow_iat Flow inter-arrival time active Flow active duration