Design and Evaluation of a Hybrid CNN–LSTM Model for Distributed Denial of Service Detection in The Internet of Medical Things

Md Foysal; Azuan Ahmad; Mohd Ilias M. Shudud; Madihah Mohd Saudi

doi:10.37934/arsbs.42.1.310318

Authors

Md Foysal Cybersecurity and Systems Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia,71800, Nilai,Negari Sembilan, Malaysia
Azuan Ahmad Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia,71800,Nilai,Negari Sembilan, Malaysia
Mohd Ilias M. Shudud Cybersecurity and Systems Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia,71800, Nilai,Negari Sembilan, Malaysia
Madihah Mohd Saudi Cybersecurity and Systems Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia (USIM), Malaysia,71800, Nilai,Negari Sembilan, Malaysia

DOI:

https://doi.org/10.37934/arsbs.42.1.310318

Keywords:

IoMT security, DDoS detection, deep learning, convolutional neural network, long short-term memory

Abstract

The Internet of Medical Things (IoMT) has greatly revolutionized modern healthcare by allowing for real-time patient monitoring, effective medical data exchange, and improved clinical decision-making. However, the rapid growth and interconnectivity of IoMT devices have also heightened their susceptibility to cybersecurity threats, particularly Distributed Denial of Service (DDoS) attacks. Such attacks can disrupt vital healthcare services, reduce system availability, and compromise sensitive patient information, thereby posing significant risks to patient safety and operational reliability. Standard intrusion detection systems (IDS), including signature-based and rule-based techniques, often lack the adaptability required to detect the evolving and sophisticated DDoS attack patterns in IoMT environments. This study aims to design and assess a hybrid deep learning-based intrusion detection framework that integrates Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks for effective DDoS detection in IoMT networks. The CNN component is used to extract distinctive spatial features from network traffic data, while the LSTM component models the temporal dependencies associated with sequential attack behaviours. The proposed framework was evaluated using the publicly available CICIoMT2024 dataset, which contains realistic IoMT traffic scenarios comprising over two million network records. To ensure controlled experimentation and computational feasibility, a stratified subset of 100,000 samples was selected for training and testing. The experimental results reveal that the proposed CNN–LSTM model reaches a detection accuracy of 99.60% and an F1-score of 99.61%, with a false positive rate of 2.06% and a false negative rate of 0.38%. A comparative assessment with standalone CNN and LSTM baseline models substantiates the effectiveness of integrating spatial–temporal features in bolstering detection reliability. Although the false positive rate is a concern in high-volume healthcare environments, the overall outcomes indicate that the proposed hybrid framework delivers a scalable, reliable, and effective solution for enhancing IoMT cybersecurity against DDoS threats.