Discovering Breach Patterns on the Internet of Health Things: A Graph and Machine Learning Anomaly Analysis

Abstract

Due to the rise in the Internet of Health Things (IoHT), cyber-attacks, particularly data intrusions, have become an issue for security experts. In this work, we analyze the performance of traditional statistical, machine learning, and graph-based anomaly detection approaches in response to this problem. We believe that understanding intrusion patterns can aid in the prevention of future attacks. In this work, we use the ARMA model for statistical analysis. We also use several machine learning approaches such as multinomial naive bayes, ran- dom forest, neural networks, XGBClassifier, and support vector machines (SVM). However, while our experiments show that machine learning (ML) techniques have higher precision, accuracy, and F1 score than graph-based techniques, there are aspects to a graph-based approach that could aid security experts in the discovery of certain data breaches by combining the graph-based with the statistical and ML methods. Experiments also show combining different anomaly detection techniques allows for a diverse set of intrusion patterns to be discovered. By recognizing the power of both machine learning and graph-based approaches, we analyze their precision and accuracy while explaining how existing state-of-the-art methods can detect breach patterns. Finally, by identifying the characteristics of breach patterns, we present information that security experts can use to prevent future data intrusions.