TY - JOUR
T1 - A Framework to Detect Cyber-attacks against Networked Medical Devices (Internet of Medical Things)
T2 - An Attack-Surface-Reduction by Design Approach
AU - Kavianpour, Sanaz
AU - Shanmugam, Bharanidharan
AU - Zolait, Ali
AU - Razaq, Abdul
N1 - Publisher Copyright:
© 2022 University of Bahrain. All rights reserved.
PY - 2021/7
Y1 - 2021/7
N2 - Most medical devices in the healthcare system are not built-in security concepts. Hence, these devices' built-in vulnerabilities prone them to various cyber-attacks when connected to a hospital network or cloud. Attackers can penetrate devices, tamper, and disrupt services in hospitals and clinics, which results in threatening patients' health and life. A specialist can Manage Cyber-attacks risks by reducing the system's attack surface. Attack surface analysis, either as a potential source for exploiting a potential vulnerability by attackers or as a medium to reduce cyber-attacks play a significant role in mitigating risks. Furthermore, it is necessitated to perform attack surface analysis in the design phase. This research proposes a framework that integrates attack surface concepts into the design and development of medical devices. Devices are classified as high-risk, medium-risk, and low-risk. After risk assessment, the employed classification algorithm detects and analyzes the attack surfaces. Accordingly, the relevant adapted security controls will be prompted to hinder the attack. The simulation and evaluation of the framework is the subject of further research.
AB - Most medical devices in the healthcare system are not built-in security concepts. Hence, these devices' built-in vulnerabilities prone them to various cyber-attacks when connected to a hospital network or cloud. Attackers can penetrate devices, tamper, and disrupt services in hospitals and clinics, which results in threatening patients' health and life. A specialist can Manage Cyber-attacks risks by reducing the system's attack surface. Attack surface analysis, either as a potential source for exploiting a potential vulnerability by attackers or as a medium to reduce cyber-attacks play a significant role in mitigating risks. Furthermore, it is necessitated to perform attack surface analysis in the design phase. This research proposes a framework that integrates attack surface concepts into the design and development of medical devices. Devices are classified as high-risk, medium-risk, and low-risk. After risk assessment, the employed classification algorithm detects and analyzes the attack surfaces. Accordingly, the relevant adapted security controls will be prompted to hinder the attack. The simulation and evaluation of the framework is the subject of further research.
KW - Attack surface
KW - Cyber-attack
KW - Internet of Things
KW - Networked medical device
KW - Risk assessment
UR - http://www.scopus.com/inward/record.url?scp=85128634642&partnerID=8YFLogxK
U2 - 10.12785/ijcds/1101104
DO - 10.12785/ijcds/1101104
M3 - Article
AN - SCOPUS:85128634642
SN - 2210-142X
VL - 11
SP - 1289
EP - 1298
JO - International Journal of Computing and Digital Systems
JF - International Journal of Computing and Digital Systems
IS - 1
ER -