Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review
The threat situation due to cyber attacks in hospitals is emerging and patient life is at risk. One significant source of potential vulnerabilities is medical cyber-physical systems (MCPS). Detecting intrusions in this environment faces challenges different from other domains, mainly due to the hete...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10107991/ |
_version_ | 1797805949827678208 |
---|---|
author | Simon B. Weber Stefan Stein Michael Pilgermann Thomas Schrader |
author_facet | Simon B. Weber Stefan Stein Michael Pilgermann Thomas Schrader |
author_sort | Simon B. Weber |
collection | DOAJ |
description | The threat situation due to cyber attacks in hospitals is emerging and patient life is at risk. One significant source of potential vulnerabilities is medical cyber-physical systems (MCPS). Detecting intrusions in this environment faces challenges different from other domains, mainly due to the heterogeneity of devices, the diversity of connectivity types, and the variety of terminology. To summarize existing results, we conducted a structured literature review (SLR) following the guidelines of Kitchenham et al. for SLRs in software engineering. We developed six research questions regarding detection approach, detection location, included features, adversarial focus, utilized datasets, and intrusion prevention. We identified that most researchers focused on an anomaly-based detection approach at the network layer. The primary focus was on the detection of malicious insiders. While several researchers used publicly available datasets for training and testing their algorithms, the lack of suitable datasets resulted in the development of testbeds consisting of various medical devices. Based on the results, we formulated five future research topics. First, the special conditions of hospital networks, the MCPS deployed within them, and the contrasts to other IT and OT environments should be examined. Thereupon, MCPS-specific datasets should be created that allow researchers to address the health domain’s unique requirements and possibilities. At the same time, endeavors aimed at standardization in this area should be supported and expanded. Moreover, the use of medical context for attack detection should be further explored. Last but not least, efforts for MCPS-tailored intrusion prevention should be intensified. This way, the emerging threat landscape can be addressed, IT security in hospitals can be improved, and patient health can be protected. |
first_indexed | 2024-03-13T06:00:10Z |
format | Article |
id | doaj.art-77d30f03e39346c8bc9a11139e24af0a |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-13T06:00:10Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-77d30f03e39346c8bc9a11139e24af0a2023-06-12T23:01:22ZengIEEEIEEE Access2169-35362023-01-0111417964181510.1109/ACCESS.2023.327022510107991Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature ReviewSimon B. Weber0https://orcid.org/0000-0002-1846-2727Stefan Stein1https://orcid.org/0000-0001-7403-1158Michael Pilgermann2https://orcid.org/0000-0002-1129-437XThomas Schrader3https://orcid.org/0000-0001-7954-6791Department of Computer Science, Heinrich Heine University Düsseldorf, Düsseldorf, GermanyDepartment of Computer Science and Media, Brandenburg University of Applied Sciences, Brandenburg an der Havel, GermanyDepartment of Computer Science and Media, Brandenburg University of Applied Sciences, Brandenburg an der Havel, GermanyDepartment of Computer Science and Media, Brandenburg University of Applied Sciences, Brandenburg an der Havel, GermanyThe threat situation due to cyber attacks in hospitals is emerging and patient life is at risk. One significant source of potential vulnerabilities is medical cyber-physical systems (MCPS). Detecting intrusions in this environment faces challenges different from other domains, mainly due to the heterogeneity of devices, the diversity of connectivity types, and the variety of terminology. To summarize existing results, we conducted a structured literature review (SLR) following the guidelines of Kitchenham et al. for SLRs in software engineering. We developed six research questions regarding detection approach, detection location, included features, adversarial focus, utilized datasets, and intrusion prevention. We identified that most researchers focused on an anomaly-based detection approach at the network layer. The primary focus was on the detection of malicious insiders. While several researchers used publicly available datasets for training and testing their algorithms, the lack of suitable datasets resulted in the development of testbeds consisting of various medical devices. Based on the results, we formulated five future research topics. First, the special conditions of hospital networks, the MCPS deployed within them, and the contrasts to other IT and OT environments should be examined. Thereupon, MCPS-specific datasets should be created that allow researchers to address the health domain’s unique requirements and possibilities. At the same time, endeavors aimed at standardization in this area should be supported and expanded. Moreover, the use of medical context for attack detection should be further explored. Last but not least, efforts for MCPS-tailored intrusion prevention should be intensified. This way, the emerging threat landscape can be addressed, IT security in hospitals can be improved, and patient health can be protected.https://ieeexplore.ieee.org/document/10107991/DetectionIDSintrusion preventionmedical cyber-physical systemsmedical CPSinternet of health things |
spellingShingle | Simon B. Weber Stefan Stein Michael Pilgermann Thomas Schrader Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review IEEE Access Detection IDS intrusion prevention medical cyber-physical systems medical CPS internet of health things |
title | Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review |
title_full | Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review |
title_fullStr | Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review |
title_full_unstemmed | Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review |
title_short | Attack Detection for Medical Cyber-Physical Systems–A Systematic Literature Review |
title_sort | attack detection for medical cyber physical systems x2013 a systematic literature review |
topic | Detection IDS intrusion prevention medical cyber-physical systems medical CPS internet of health things |
url | https://ieeexplore.ieee.org/document/10107991/ |
work_keys_str_mv | AT simonbweber attackdetectionformedicalcyberphysicalsystemsx2013asystematicliteraturereview AT stefanstein attackdetectionformedicalcyberphysicalsystemsx2013asystematicliteraturereview AT michaelpilgermann attackdetectionformedicalcyberphysicalsystemsx2013asystematicliteraturereview AT thomasschrader attackdetectionformedicalcyberphysicalsystemsx2013asystematicliteraturereview |