Host-based anomaly detection for pervasive medical systems

Intrusion detection systems are deployed on hosts in a computing infrastructure to tackle undesired events in the course of usage of the systems. One of the promising domains of applying intrusion detection is the healthcare domain. A typical healthcare scenario is characterized by high degree of mobility, frequent interruptions and above all demands access to sensitive medical records by concerned stakeholders. Migrating this set of concerns in pervasive healthcare environments where the traditional characteristics are more intensified in terms of uncertainty, one ends up with more challenges on security due to nature of pervasive devices and wireless communication media along with classic security problems for desktop based systems. Despite evolution of automated healthcare services and sophistication of attacks against such services, there is a reasonable lack of techniques, tools and experimental setups for protecting hosts against intrusive actions. This paper presents a contribution to provide a host-based, anomaly modeling and detection approach based on data mining techniques for pervasive healthcare systems. The technique maintains normal usage profile of pervasive healthcare applications and inspects current workflow against normal usage profile so as to classify it as anomalous or normal. The technique is implemented as a prototype with sample data set and the results obtained revealed that the technique is able to perform classification of anomalous activities.

[1]  A. Anou,et al.  RETRACTED: A Bayesian Networks in Intrusion Detection Systems , 2007 .

[2]  Yang Xiao,et al.  Security in distributed, grid, mobile, and pervasive computing , 2007 .

[3]  David Taniar,et al.  ODAM: An optimized distributed association rule mining algorithm , 2004, IEEE Distributed Systems Online.

[4]  J. Jahnke Toward Context-Aware Computing in Clinical Care Position Paper , 2005 .

[5]  Salvatore J. Stolfo,et al.  A comparative evaluation of two algorithms for Windows Registry Anomaly Detection , 2005, J. Comput. Secur..

[6]  Sandeep K. S. Gupta,et al.  Security solutions for pervasive healthcare , 2007 .

[7]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[8]  San-Yih Hwang,et al.  A process-mining framework for the detection of healthcare fraud and abuse , 2006, Expert Syst. Appl..

[9]  Vincent M. Stanford,et al.  Using Pervasive Computing to Deliver Elder Care , 2002, IEEE Pervasive Comput..

[10]  Frank Stajano,et al.  Security for Ubiquitous Computing , 2002, ICISC.

[11]  Qi Shi,et al.  Nethost-sensor: a novel concept in intrusion detection systems , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.

[12]  Lizhu Zhou,et al.  Integrating Classification and Association Rule Mining: A Concept Lattice Framework , 1999, RSFDGrC.

[13]  Giovanni Vigna,et al.  Designing and implementing a family of intrusion detection systems , 2003, ESEC/FSE-11.

[14]  Jacques Wainer,et al.  Anomaly detection algorithms in logs of process aware systems , 2008, SAC '08.

[15]  Wojciech Tylman Misuse-Based Intrusion Detection Using Bayesian Networks , 2008, DepCoS-RELCOMEX.

[16]  Frans Coenen,et al.  Data structure for association rule mining: T-trees and P-trees , 2004, IEEE Transactions on Knowledge and Data Engineering.

[17]  Joohan Lee,et al.  A dynamic data mining technique for intrusion detection systems , 2005, ACM Southeast Regional Conference.

[18]  Upkar Varshney,et al.  Pervasive Healthcare , 2003, Computer.

[19]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[20]  Jakob E. Bardram,et al.  Applications of context-aware computing in hospital work: examples and design principles , 2004, SAC '04.

[21]  Pedro A. Ortega,et al.  A Medical Claim Fraud/Abuse Detection System based on Data Mining: A Case Study in Chile , 2006, DMIN.

[22]  Qiaoyan Wen,et al.  Intrusion detection model based on Android , 2011, 2011 4th IEEE International Conference on Broadband Network and Multimedia Technology.

[23]  Felix C. Freiling,et al.  Dependability Issues of Pervasive Computing in a Healthcare Environment , 2003, SPC.

[24]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[25]  Jakob E. Bardram,et al.  The trouble with login: on usability and computer security in ubiquitous computing , 2005, Personal and Ubiquitous Computing.

[26]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[27]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[28]  Hossein Bidgoli Handbook of Information Security , 2005 .

[29]  Ulrich Güntzer,et al.  Algorithms for association rule mining — a general survey and comparison , 2000, SKDD.

[30]  Matthias Baldauf,et al.  A survey on context-aware systems , 2007, Int. J. Ad Hoc Ubiquitous Comput..

[31]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[32]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.