Abstract
An integrated clinical environment (ICE) enables the connection and coordination of the internet of medical things around the care of patients in hospitals. However, ransomware attacks and their spread on hospital infrastructures, including ICE, are rising. Often the adversaries are targeting multiple hospitals with the same ransomware attacks. These attacks are detected by using machine learning algorithms. But the challenge is devising the anti-ransomware learning mechanisms and services under the following conditions: (1) provide immunity to other hospitals if one of them got the attack, (2) hospitals are usually distributed over geographical locations, and (3) direct data sharing is avoided due to privacy concerns. In this regard, this paper presents a federated distributed integrated clinical environment, aka. FedDICE. FedDICE integrates federated learning (FL), which is privacy-preserving learning, to SDN-oriented security architecture to enable collaborative learning, detection, and mitigation of ransomware attacks. We demonstrate the importance of FedDICE in a collaborative environment with up to 4 hospitals and 4 ransomware families, namely WannaCry, Petya, BadRabbit and PowerGhost. Our results find that in both IID and non-IID data setups, FedDICE achieves the centralized baseline performance that needs direct data sharing for detection. However, as a trade-off to data privacy, FedDICE observes overhead in the anti-ransomware model training, e.g., \(28{\times }\) for the logistic regression model. Besides, FedDICE utilizes SDN’s dynamic network programmability feature to remove the infected devices in ICE.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
The hospital room of the future datasets. http://perception.inf.um.es/ICE-datasets/. Accessed 05 Feb 2021
NIST cybersecurity framework. https://www.nist.gov/cyberframework/risk-management-framework
Pytorch. https://pytorch.org/
Ransomware: Past, present, and future. https://blog.talosintelligence.com/2016/04/ransomware.html#ch3-portent
Tcpreplay. https://linux.die.net/man/1/tcpreplay. Accessed 2 Apr 2021
Arney, D., Plourde, J., Goldman, J.M.: OpenICE medical device interoperability platform overview and requirement analysis. Biomed. Tech. 63, 39–47 (2018)
Brok, C.: Following ransomware attack Indiana hospital pays \$55k to unlock data (2020). https://digitalguardian.com/blog/following-ransomware-attack-indiana-hospital-pays-55k-unlock-data#:~:text=A%20hospital%20in%20Indiana%20paid, stop%20the%20bleeding%20on%20Friday
Cabaj, K., Mazurczyk, W.: Using software-defined networking for ransomware mitigation: the case of CryptoWall. IEEE Netw. 30(6), 14–20 (2016)
Cabaj, K., Gregorczyk, M., Mazurczyk, W.: Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Comput. Electr. Eng. 66, 353–368 (2018)
Celdran, A.H., Karmakar, K.K., Marmol, F.G., Varadharajan, V.: Detecting and mitigating cyberattacks using software defined networks for integrated clinical environments. Peer-to-Peer Netw. Appl. 14, 1–16 (2021)
CheckPoint: Attacks targeting healthcare organizations spike globally as covid-19 cases rise again (2021). https://blog.checkpoint.com/2021/01/05/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again/
Dimitrov, D.V.: Medical internet of things and big data in healthcare. Healthc. Inform. Res. 22(3), 156–163 (2016)
EU: Regulation (EU) 2016/679 general data protection regulation. Off. J. Eur. Union (2016)
ASTM F2761: Medical devices and medical systems - essential safety requirements for equipment comprising the patient-centric integrated clinical environment (ICE) - part 1: General requirements and conceptual model. ASTM International (2013). https://www.astm.org/Standards/F2761.htm
Fernandez Maimo, L., Huertas Celdran, A., Perales Gomez, L., Garcia Clemente, F.J., Weimer, J., Lee, I.: Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments. Sensors 19(5), 1114 (2019)
Gallagher, R.: Bloomberg: Hackers ‘without conscience’ demand ransom from dozens of hospitals and labs working on coronavirus (2020). https://fortune.com/2020/04/01/hackers-ransomware-hospitals-labs-coronavirus/
Gibert, D., Mateu, C., Planes, J.: The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J. Netw. Comput. Appl. 153, 102526 (2020)
Khraisat, A., Gonda, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(20), 1–22 (2019)
Konecný, J., McMahan, B., Ramage, D.: Federated optimization: distributed optimization beyond the datacenter. arxiv (2015). https://arxiv.org/pdf/1511.03575.pdf
Köksal, Ö., Tekinerdogan, B.: Obstacles in data distribution service middleware: a systematic review. Future Gener. Comput. Syst. 68, 191–210 (2017)
Lin, K.Y., Huang, W.R.: Using federated learning on malware classification. In: Proceedings of the ICACT, pp. 585–589 (2020)
Mathews, L.: Ransomware attacks on the healthcare sector are skyrocketing (2021). https://www.forbes.com/sites/leemathews/2021/01/08/ransomware-attacks-on-the-healthcare-sector-are-skyrocketing/?sh=2c5aa87d2d25
McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the AISTATS, pp. 1273–1282 (2017)
Mothukuri, V., Parizi, R.M., Pouriyeh, S., Huang, Y., Dehghantanha, A., Srivastava, G.: A survey on security and privacy of federated learning. Futur. Gener. Comput. Syst. 115, 619–640 (2021)
Nguyen, H., Acharya, B., et al.: Cloud-based secure logger for medical devices. In: Proceedings of the IEEE CHASE, pp. 89–94 (2016)
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: DIoT: a federated self-learning anomaly detection system for IoT. In: Proceedings of the ICDCS, pp. 756–767 (2019)
O’Neill, P.H.: A patient has died after ransomware hackers hit a German hospital (2020). https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/
Riboni, D., Villani, A., Vitali, D., Bettini, C., Mancini, L.V.: Obfuscation of sensitive data in network flows. In: 2012 Proceedings of the IEEE INFOCOM, pp. 2372–2380 (2012)
Sheller, M.J., Edwards, B., Reina, G.A., et al.: Federated learning in medicine: facilitating multi-institutional collaborations without sharing patient data. Sci. Rep. 10, 12598 (2020). https://doi.org/10.1038/s41598-020-69250-1
Sherpa.ai: Federated learning framework. https://github.com/sherpaai/Sherpa.ai-Federated-Learning-Framework
Stankovic, J.A.: Research directions for cyber physical systems in wireless and mobile healthcare. ACM Trans. Cyber-Phys. Syst. 1(1), 1–12 (2016)
Taheri, R., Shojafar, M., Alazab, M., Tafazolli, R.: FED-IIoT: a robust federated malware detection architecture in industrial IoT. IEEE TII (2020)
Thapa, C., Camtepe, S.: Precision health data: requirements, challenges and existing techniques for data security and privacy. Comput. Biol. Med. 129, 1–23 (2021)
Verizon: DBIR 2020 data breach investigation report (2020). https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
Vogelsang, A., Borg, M.: Requirements engineering for machine learning: perspectives from data scientists. In: Proceedings of the IEEE 27th International Requirements Engineering Conference Workshops (REW) (2019)
Wang, L., Dyer, K.P., Akella, A., Ristenpart, T., Shrimpton, T.E.: Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pp. 57–69 (2015)
Zhao, Y., Chen, J., Wu, D., Teng, J., Yu, S.: Multi-task network anomaly detection using federated learning. In: Proceedings of the SoICT, pp. 273–279 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Thapa, C., Karmakar, K.K., Celdran, A.H., Camtepe, S., Varadharajan, V., Nepal, S. (2021). FedDICE: A Ransomware Spread Detection in a Distributed Integrated Clinical Environment Using Federated Learning and SDN Based Mitigation. In: Yuan, X., Bao, W., Yi, X., Tran, N.H. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Systems. QShine 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 402. Springer, Cham. https://doi.org/10.1007/978-3-030-91424-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-91424-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91423-3
Online ISBN: 978-3-030-91424-0
eBook Packages: Computer ScienceComputer Science (R0)