The Medical Internet of Things (MIoT) has enabled small, ubiquitous medical devices to communicate with each other to facilitate interconnected healthcare delivery. These devices interact using communication protocols like MQTT, Bluetooth, and Wi-Fi. However, as MIoT devices proliferate, these networked devices are vulnerable to cyber-attacks. This paper focuses on the vulnerabilities present in the Message Queuing Telemetry and Transport (MQTT) protocol. The MQTT protocol is prone to cyber-attacks that can harm the system's functionality. The memory-constrained MIoT devices enforce a limitation on storing all data logs that are required for comprehensive network forensics. This paper solves the data log availability challenge by detecting the attack in real-time and storing the corresponding logs for further analysis with the proposed network forensics framework: MediHunt. Machine learning (ML) techniques are the most real safeguard against cyber-attacks. However, these models require a specific dataset that covers diverse attacks on the MQTT-based IoT system for training. The currently available datasets do not encompass a variety of applications and TCP layer attacks. To address this issue, we leveraged the usage of a flow-based dataset containing flow data for TCP/IP layer and application layer attacks. Six different ML models are trained with the generated dataset to evaluate the effectiveness of the MediHunt framework in detecting real-time attacks. F1 scores and detection accuracy exceeded 0.99 for the proposed MediHunt framework with our custom dataset.

翻译：医疗物联网（MIoT）使得小型、普适的医疗设备能够相互通信，从而促进互联医疗服务的实现。这些设备通过MQTT、蓝牙和Wi-Fi等通信协议进行交互。然而，随着MIoT设备的激增，这些网络设备容易受到网络攻击。本文聚焦于消息队列遥测传输（MQTT）协议中存在的漏洞。MQTT协议易受网络攻击，可能损害系统功能。内存受限的MIoT设备对存储全面网络取证所需的所有数据日志施加了限制。本文通过实时检测攻击并存储相应日志以进行进一步分析，利用提出的网络取证框架MediHunt解决了数据日志可用性挑战。机器学习（ML）技术是抵御网络攻击最有效的保障。然而，这些模型需要覆盖MQTT物联网系统上多种攻击的特定数据集进行训练。当前可用数据集未涵盖多样化应用和TCP层攻击。为解决此问题，我们利用了一个包含TCP/IP层和应用程序层攻击流数据的流式数据集。使用生成的数据集训练了六种不同的ML模型，以评估MediHunt框架在实时检测攻击中的有效性。针对我们自定义数据集，提出的MediHunt框架的F1分数和检测准确率均超过0.99。