Norihiro Okui,Yusuke Akimoto,A. Kubota,Takuya Yoshida

DOI: https://doi.org/10.1109/COMPSAC57700.2023.00154

2023-06-01

Abstract:With the spread of Internet of Things (IoT) devices, countermeasures against cyber-attacks have become an issue. In this study, we focused on anomaly detection using flow data, which can reduce the data volume, and proposed a new anomaly detection method that combines a new graph composition method that represents a sequence of flow data as a graph and a graph neural network (GNN). Various detection methods, including deep learning, have been proposed for identifying malware such as denial-of-service (DoS) attacks, in which the characteristics of traffic deviate significantly from those of benign communications. We conducted an evaluation experiment with the proposed method using the KDDI-IoT-2019 dataset and discussed its effectiveness and limitations.

Computer Science

Nidhi Rastogi,James Hendler

DOI: https://doi.org/10.48550/arXiv.1701.06823

2017-01-24

Abstract:In the Internet of Things (IoT) devices are exposed to various kinds of attacks when connected to the Internet. An attack detection mechanism that understands the limitations of these severely resource-constrained devices is necessary. This is important since current approaches are either customized for wireless networks or for the conventional Internet with heavy data transmission. Also, the detection mechanism need not always be as sophisticated. Simply signaling that an attack is taking place may be enough in some situations, for example in NIDS using anomaly detection. In graph networks, central nodes are the nodes that bear the most influence in the network. The purpose of this research is to explore experimentally the relationship between the behavior of central nodes and anomaly detection when an attack spreads through a network. As a result, we propose a novel anomaly detection approach using this unique methodology which has been unexplored so far in communication networks. Also, in the experiment, we identify presence of an attack originating and propagating throughout a network of IoT using our methodology.

Cryptography and Security,Networking and Internet Architecture

Yi Li,Zhangbing Zhou,Shuiguang Deng,Xiao Sun,Xiao Xue,Sami Yangui,Walid Gaaloul

DOI: https://doi.org/10.1109/icws62655.2024.00077

2024-01-01

Abstract:Anomaly detection is a long-standing research topic to support the prompt remedy of potential risks for dependency-aware tasks, where Graph Neural Networks (GNNs) models have been adopted to differentiate anomalies from normal patterns. Generally, GNN models utilize time series data to construct graph structures for capturing task dependencies between Internet of Things (IoT) devices, such that deviations from predicted behaviours are assumed as anomalies. Current forecasting-based anomaly detection methods can hardly detect anomalies, which are uncovered by historical sensory data, but are explicitly specified by domain knowledge. To solve this issue, this paper proposes a Knowledge-enhanced graph attention-based Anomaly Detection (KeAD) method. Specifically, a knowledge-enhanced graph structure is constructed by incorporating domain-specific knowledge to represent spatio-temporal dependencies between IoT devices. Thereafter, a knowledge-enhanced graph attention-based forecasting network is developed to predict future behaviours of IoT devices. Anomalies are detected by analyzing deviations from these predicted behaviours, taking domain-specific knowledge into account. Extensive experiments are conducted based on publicly-available datasets, and evaluation results demonstrate that our KeAD outperform the state-of-the-art techniques in terms of the accuracy of anomaly detection.

Wei Dong,Yi Gao,Haoyu Li

DOI: https://doi.org/10.1109/ICPADS60453.2023.00055

2023-12-17

Abstract:The popularity of the wireless network and the embedded system has promoted the widespread application of the Internet of Things (IoT) monitoring system which detects anomalies for discovering emergency events to avoid losses by deploying various sensors. In the face of anomaly detection algorithms for multi-dimensional data in the IoT monitoring system, the currently popular method is to implement a model based on the graph neural network (GNN). Graph attention network (GAT), a mutant of GNN, is widely used because of the attention mechanism in capturing multi-dimensional nonlinear features between nodes. However, the GAT’s weakness in processing complex temporal features leads to the fact that anomalies with distinctive temporal features are hard to detect. In this paper, we propose Time-Series Graph Attention Network (TSGAT), an innovative GAT-based model for anomaly detection. Given the simplified attention mechanism of the GAT and its weakness in extracting temporal pattern features, we embed the time-series layer to enhance the ability to process time-series data. In addition, we designed the loss function and anomaly scoring mechanism based on data reconstruction features, multidimensional features, and temporal features. TSGAT achieves the improvement of 7%-8% F1 score on two classical public datasets for IoT monitoring: SWaT and WADI, compared with the state-of-the-art GNN-based anomaly detection model.

Computer Science,Engineering

Yulei Wu,Hong-Ning Dai,Haina Tang

DOI: https://doi.org/10.1109/jiot.2021.3094295

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) plays an important role in digital transformation of traditional industries toward Industry 4.0. By connecting sensors, instruments, and other industry devices to the Internet, IIoT facilitates the data collection, data analysis, and automated control, thereby improving the productivity and efficiency of the business as well as the resulting economic benefits. Due to the complex IIoT infrastructure, anomaly detection becomes an important tool to ensure the success of IIoT. Due to the nature of IIoT, graph-level anomaly detection has been a promising means to detect and predict anomalies in many different domains, such as transportation, energy, and factory, as well as for dynamically evolving networks. This article provides a useful investigation on graph neural networks (GNNs) for anomaly detection in IIoT-enabled smart transportation, smart energy, and smart factory. In addition to the GNN-empowered anomaly detection solutions on point, contextual, and collective types of anomalies, useful data sets, challenges, and open issues for each type of anomalies in the three identified industry sectors (i.e., smart transportation, smart energy, and smart factory) are also provided and discussed, which will be useful for future research in this area. To demonstrate the use of GNN in concrete scenarios, we show three case studies in smart transportation, smart energy, and smart factory, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Thin Tharaphe THEIN,Yoshiaki SHIRAISHI,Masakatu MORII

DOI: https://doi.org/10.1587/transinf.2022ofp0004

2023-09-01

IEICE Transactions on Information and Systems

Abstract:With a rapidly escalating number of sophisticated cyber-attacks, protecting Internet of Things (IoT) networks against unauthorized activity is a major concern. The detection of malicious attack traffic is thus crucial for IoT security to prevent unwanted traffic. However, existing traditional malicious traffic detection systems which relied on supervised machine learning approach need a considerable number of benign and malware traffic samples to train the machine learning models. Moreover, in the cases of zero-day attacks, only a few labeled traffic samples are accessible for analysis. To deal with this, we propose a few-shot malicious IoT traffic detection system with a prototypical graph neural network. The proposed approach does not require prior knowledge of network payload binaries or network traffic signatures. The model is trained on labeled traffic data and tested to evaluate its ability to detect new types of attacks when only a few labeled traffic samples are available. The proposed detection system first categorizes the network traffic as a bidirectional flow and visualizes the binary traffic flow as a color image. A neural network is then applied to the visualized traffic to extract important features. After that, using the proposed few-shot graph neural network approach, the model is trained on different few-shot tasks to generalize it to new unseen attacks. The proposed model is evaluated on a network traffic dataset consisting of benign traffic and traffic corresponding to six types of attacks. The results revealed that our proposed model achieved an F1 score of 0.91 and 0.94 in 5-shot and 10-shot classification, respectively, and outperformed the baseline models.

computer science, information systems, software engineering

Reem Atassi,

DOI: https://doi.org/10.54216/fpa.130110

2023-01-01

Abstract:The proliferation of Internet of Things (IoT) devices has ushered in an era of unprecedented connectivity and innovation. However, this interconnected landscape also presents unique security challenges, necessitating robust intrusion detection mechanisms. In this research, we present a comprehensive study of anomaly detection in IoT networks, leveraging advanced machine learning techniques. Specifically, we employ the Gated Recurrent Unit (GRU) architecture as the backbone network to capture temporal dependencies within IoT traffic. Furthermore, our approach embraces hierarchical federated training to ensure scalability and privacy preservation across distributed IoT devices. Our experimental design encompasses public IoT datasets, facilitating rigorous evaluation of the model's performance and adaptability. Results indicate that our GRU-based model excels in identifying a spectrum of attacks, from Distributed Denial of Service (DDoS) incursions to SQL injection attempts. Visualizations of learning curves, Receiver Operating Characteristic (ROC) curves, and confusion matrices offer insights into the model's learning process, discriminatory power, and classification performance. Our findings contribute to the evolving landscape of IoT security, offering a roadmap for enhancing the resilience of interconnected systems in an era of increasing connectivity.

Zekai Chen,Dingshuo Chen,Xiao Zhang,Zixuan Yuan,Xiuzhen Cheng

DOI: https://doi.org/10.1109/JIOT.2021.3100509

2022-01-18

Abstract:Many real-world IoT systems, which include a variety of internet-connected sensory devices, produce substantial amounts of multivariate time series data. Meanwhile, vital IoT infrastructures like smart power grids and water distribution networks are frequently targeted by cyber-attacks, making anomaly detection an important study topic. Modeling such relatedness is, nevertheless, unavoidable for any efficient and effective anomaly detection system, given the intricate topological and nonlinear connections that are originally unknown among sensors. Furthermore, detecting anomalies in multivariate time series is difficult due to their temporal dependency and stochasticity. This paper presented GTA, a new framework for multivariate time series anomaly detection that involves automatically learning a graph structure, graph convolution, and modeling temporal dependency using a Transformer-based architecture. The connection learning policy, which is based on the Gumbel-softmax sampling approach to learn bi-directed links among sensors directly, is at the heart of learning graph structure. To describe the anomaly information flow between network nodes, we introduced a new graph convolution called Influence Propagation convolution. In addition, to tackle the quadratic complexity barrier, we suggested a multi-branch attention mechanism to replace the original multi-head self-attention method. Extensive experiments on four publicly available anomaly detection benchmarks further demonstrate the superiority of our approach over alternative state-of-the-arts. Codes are available at <a class="link-external link-https" href="https://github.com/ZEKAICHEN/GTA" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Cryptography and Security,Systems and Control

Xisong Chen,Kaihong Yan,Tao Fu,Jin Zhang,D. Niu,Li Wang

DOI: https://doi.org/10.1109/CAC51589.2020.9327030

2020-11-06

Abstract:With the rapid development of information network, network security is becoming more and more important. Intrusion detection is an important component of the network security system. The traditional signature-based matching detection method is difficult to cope with the increasingly complex network environment. On the contrary, anomaly detection which is based on network traffic pattern analysis has obvious advantages in dealing with encryption attacks, zero-day attacks and other new attacks. This paper studies the network traffic anomaly detection, and proposes a traffic anomaly detection model which combines convolution neural network and eXtreme Gradient Boosting algorithm. First, the collected traffic data is preprocessed into appropriate format that meets the input requirements of the model. Then the improved LeNet-5 convolution neural network is used for feature learning, and finally XGBoost algorithm is used to classify the learning features. Experimental results show that the proposed network traffic anomaly detection method based on CNN and XGBoost has a high accuracy, and good experimental results have been achieved in both two- classification and multi-classification.

Computer Science

Yining Pang,Chenghan Li

2024-12-11

Abstract:With the proliferation of the Internet and smart devices, IoT technology has seen significant advancements and has become an integral component of smart homes, urban security, smart logistics, and other sectors. IoT facilitates real-time monitoring of critical production indicators, enabling businesses to detect potential quality issues, anticipate equipment malfunctions, and refine processes, thereby minimizing losses and reducing costs. Furthermore, IoT enhances real-time asset tracking, optimizing asset utilization and management. However, the expansion of IoT has also led to a rise in cybercrimes, with devices increasingly serving as vectors for malicious attacks. As the number of IoT devices grows, there is an urgent need for robust network security measures to counter these escalating threats. This paper introduces a deep learning model incorporating LSTM and attention mechanisms, a pivotal strategy in combating cybercrime in IoT networks. Our experiments, conducted on datasets including IoT-23, BoT-IoT, IoT network intrusion, MQTT, and MQTTset, demonstrate that our proposed method outperforms existing baselines.

Cryptography and Security,Machine Learning

Tanzeela Altaf,Xu Wang,Wei Ni,Guangsheng Yu,Ren Ping Liu,Robin Braun

DOI: https://doi.org/10.3390/electronics13122274

IF: 2.9

2024-06-11

Electronics

Abstract:This research introduces a novel framework utilizing a sequential gated graph convolutional neural network (GGCN) designed specifically for botnet detection within Internet of Things (IoT) network environments. By capitalizing on the strengths of graph neural networks (GNNs) to represent network traffic as complex graph structures, our approach adeptly handles the temporal dynamics inherent to botnet attacks. Key to our approach is the development of a time-stamped multi-edge graph structure that uncovers subtle temporal patterns and hidden relationships in network flows, critical for recognizing botnet behaviors. Moreover, our sequential graph learning framework incorporates time-sequenced edges and multi-edged structures into a two-layered gated graph model, which is optimized with specialized message-passing layers and aggregation functions to address the challenges of time-series traffic data effectively. Our comparative analysis with the state of the art reveals that our sequential gated graph convolutional neural network achieves substantial improvements in detecting IoT botnets. The proposed GGCN model consistently outperforms the conventional model, achieving improvements in accuracy ranging from marginal to substantial—0.01% for BoT IoT and up to 25% for Mirai. Moreover, our empirical analysis underscores the GGCN's enhanced capabilities, particularly in binary classification tasks, on imbalanced datasets. These findings highlight the model's ability to effectively navigate and manage the varying complexity and characteristics of IoT security threats across different datasets.

engineering, electrical & electronic,physics, applied,computer science, information systems

Zhipeng Liu,Junyi Hu,Yang Liu,Kaushik Roy,Xiaohong Yuan,Jinsheng Xu

DOI: https://doi.org/10.1109/access.2023.3307463

IF: 3.9

2023-09-01

IEEE Access

Abstract:Adversarial attacks have threatened the credibility of machine learning models and cast doubts over the integrity of data. The attacks have created much harm in the fields of computer vision, and natural language processing. In this paper, we focus on the adversarial attack, in particular the poisoning attack, against the network intrusion detection system (NIDS), which is often viewed as the first line of defense against cyber threats. We develop a generative adversarial network (GAN) in AIGAN, which uses deep learning techniques to generate adversarial data and to conduct an anomaly attack on IoT networks. To evaluate the effectiveness of our generator, we measure the similarities between real and fake data using the Jaccard similarity index, in addition comparing the F1-scores from four generic algorithms: multilayer perception, logistic regression, decision tree, random forest. We contrast the performance of ten machine learning classifiers experimented on two real IoT datasets and their fake adversarial samples. Our work highlights a vulnerable side of NIDS created by machine learning when attacked with adversarial perturbation.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammad Al Rawajbeh,Wael Alzyadat,Khalid Kaabneh,Suha Afaneh,Dima Farhan Alrwashdeh,Hamdah Samih Albayaydah,ssam Hamad AlHadid

DOI: https://doi.org/10.5267/j.ijdns.2023.5.001

2023-01-01

International Journal of Data and Network Science

Abstract:In the era of IoT gaining traction, attacks on IoT-enabled devices are the order of the day that emanates the need for more protected IoT networks. IoT's key feature deals with massive amounts of data sensed by numerous heterogeneous IoT devices. Numerous machine learning techniques are used to collect data from different types of sensors on the objects and transform them into information relevant to the application. Furthermore, business and data analytics algorithms help in event prediction based on observed behavior and information. Routing information securely over the internet with limited resources in IoT applications is a key problem. The study proposes a model for detecting network anomalies in IoT devices to enhance the security of the devices. The study employed the IoT Botnet dataset, and K-fold cross-validation tests were used for validating the values of evaluation metrics. The average values of Accuracy, Precision, Recall, and F Score was 97.4.

Huiling Shi,Wei Zhang,Lei Zhang,Kuichao Zhang,Hongyang Sun

DOI: https://doi.org/10.1109/NaNA60121.2023.00051

2023-08-01

Abstract:Detecting malicious attacks in normal network traffic is critical to network security. Traditional traffic identification methods often struggle to capture the complex communication patterns in network traffic, hindering their effectiveness. We introduce GraphMal, a framework utilizing Graph Neural Networks (GNNs) for the identification of malicious traffic. This approach effectively exploits network topology and traffic characteristics to improve performance. We first apply Pearson's correlation coefficient and random forest approaches to effectively reduce the dimensionality of the dataset. Then, the E-GraphSAGE algorithm is used to extract salient features from the traffic topology graph and construct a robust graph classifier. Additionally, the focal loss function is used to solve the data imbalance problem. Experiments conducted on the UNSW-NB15 dataset demonstrate GraphMal's remarkable performance in both binary and multi-class classification tasks, while improving the learning efficiency of GNNs.

Computer Science

Tao Wang,Wenwei Li,Huigui Rong,Ziqiao Yue,Jiancun Zhou

DOI: https://doi.org/10.1007/s11276-022-02992-0

IF: 2.701

2022-05-21

Wireless Networks

Abstract:The implementation of IoT in industrial management is referred as Industrial IoT (IIoT). It is used to increase the overall operational efficiency. IIoT is considered as the backbone of the contemporary industries. For this purpose, strong security foundations have to be deployed with IIoT. This accelerates the industrial automation process by enrolling thousands of IoT devices and thus befitting the scattered connection and constrained functionalities of the IoT devices. In the Industrial Internet of Things, abnormal traffic detection is an emerging dilemma in network security. It can be ensured by monitoring the traffic flow in large-scale networks. In this connection, the deep learning paradigm has been accepted as the mainstream phenomenon in the field of abnormal traffic detection. It has achieved optimal results due to the constant improvement of computer performance with the help of Artificial Intelligence. Majority of the existing methods are based on supervised learning. As a result, due to numerous constraints, obtaining and marking abnormal traffic data samples in real life is extremely difficult. In addition, due to the diversity and complexity of the abnormal network data, the adaptability of various detection methods is low as well as difficult to judge the new abnormal traffic. Based on the above problems, this paper has proposed a semi-supervised abnormal flow detection framework in the IIoT based network scenario. The proposed model is named Memory Augment Based on Generative Adversarial Network (MeAEG-Net). It detects anomalies by training only normal flow of sample data and comparing the reconstruction errors of the underlying characteristics of input flow of generator module. To improve the generator's training, generative adversarial network has been deployed to tackle the problem of the autoencoder which is susceptible to noise. The generator uses an autoencoder and decoder structure. In addition, the memory augments module is introduced to the autoencoder's sub-network to reduce the generator module's generalization ability and raise the abnormal traffic reconstruction error. Our experimental results show that the method proposed in this paper can achieve a good effect of abnormal traffic detection in IIoT based networks under the premise of learning normal traffic data samples and improving the overall performance in all sectors of the industry.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rong Gao,Zhiwei Chen,Xinyun Wu,Yonghong Yu,Li Zhang

DOI: https://doi.org/10.1007/s10586-024-04707-w

2025-01-01

Abstract:Anomaly detection of multi-time series data during the working process of Internet of Things systems that utilize sensors is one of the key aspects to prevent accidents in industrial information systems. The key challenge is to discover generalized normal patterns by capturing spatio-temporal correlations in multi-sensor data. However, most of the existing studies face the following challenges: (1) Complex topologies and nonlinear connectivity among sensors lack effective characterization methods. (2) Sophisticated correlations among time series need to be mined deeply. Therefore, we propose a novel dynamic deep graph convolution with enhanced transformer networks (DDGCT) for time series anomaly detection. We first construct a dynamic deep graph convolutional network to automatically learn the complex spatial dependencies of sensor data, which introduces l_0 norm with Hard Concrete distribution to further guide the optimization of graph structure in graph learning. Meanwhile, we devise a new transformer model to deeply mine temporal dependencies from time-series data by designing a new positional encoding coupled with patch design as well as channel independence constraint. Then, DDGCT fuses and optimizes the captured temporal and deep spatial features using attention networks. Finally, anomaly scores are efficiently computed by prediction methods with threshold-based approaches to detect anomalies. Extensive experiments on real datasets show that DDGCT outperforms several state-of-the-art methods.

Qian Yang,Jiaming Zhang,Junjie Zhang,Cailing Sun,Shanyi Xie,Shangdong Liu,Yimu Ji

DOI: https://doi.org/10.3390/electronics13112032

IF: 2.9

2024-05-24

Electronics

Abstract:Cyber–physical systems (CPSs) serve as the pivotal core of Internet of Things (IoT) infrastructures, such as smart grids and intelligent transportation, deploying interconnected sensing devices to monitor operating status. With increasing decentralization, the surge in sensor devices expands the potential vulnerability to cyber attacks. It is imperative to conduct anomaly detection research on the multivariate time series data that these sensors produce to bolster the security of distributed CPSs. However, the high dimensionality, absence of anomaly labels in real-world datasets, and intricate non-linear relationships among sensors present considerable challenges in formulating effective anomaly detection algorithms. Recent deep-learning methods have achieved progress in the field of anomaly detection. Yet, many methods either rely on statistical models that struggle to capture non-linear relationships or use conventional deep learning models like CNN and LSTM, which do not explicitly learn inter-variable correlations. In this study, we propose a novel unsupervised anomaly detection method that integrates Sparse Autoencoder with Graph Transformer network (SGTrans). SGTrans leverages Sparse Autoencoder for the dimensionality reduction and reconstruction of high-dimensional time series, thus extracting meaningful hidden representations. Then, the multivariate time series are mapped into a graph structure. We introduce a multi-head attention mechanism from Transformer into graph structure learning, constructing a Graph Transformer network forecasting module. This module performs attentive information propagation between long-distance sensor nodes and explicitly models the complex temporal dependencies among them to enhance the prediction of future behaviors. Extensive experiments and evaluations on three publicly available real-world datasets demonstrate the effectiveness of our approach.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yalu Wang,Jie Li,Wei Zhao,Zhijie Han,Hang Zhao,Lei Wang,Xin He

DOI: https://doi.org/10.3390/rs15143611

IF: 5

2023-01-01

Remote Sensing

Abstract:With the rapid development of the Internet of Things (IoT)-based near-Earth remote sensing technology, the problem of network intrusion for near-Earth remote sensing systems has become more complex and large-scale. Therefore, seeking an intelligent, automated, and robust network intrusion detection method is essential. Many researchers have researched network intrusion detection methods, such as traditional feature-based and machine learning methods. In recent years, network intrusion detection methods based on graph neural networks (GNNs) have been proposed. However, there are still some practical issues with these methods. For example, they have not taken into consideration the characteristics of near-Earth remote sensing systems, the state of the nodes, and the temporal features. Therefore, this article analyzes the factors of existing near-Earth remote sensing systems and proposes a spatio-temporal graph attention network (N-STGAT) that considers the state of nodes and applies them to the network intrusion detection of near-Earth remote sensing systems. Finally, the proposed method in this article is validated using the latest flow-based datasets NF-BoT-IoT-v2 and NF-ToN-IoT-v2. The results demonstrate that the binary classification accuracy for network intrusion detection exceeds 99%, while the multi-classification accuracy exceeds 93%. These findings provide substantial evidence that the proposed method outperforms existing intrusion detection techniques.

Tianyue Liu,Zhenwan Li,Haixia Long,Anas Bilal

DOI: https://doi.org/10.3390/electronics12040789

IF: 2.9

2023-02-04

Electronics

Abstract:IoT Android application is the most common implementation system in the mobile ecosystem. As assaults have increased over time, malware attacks will likely happen on 5G mobile IoT Android applications. The huge threat posed by malware to communication systems security has made it one of the main focuses of information security research. Therefore, this paper proposes a new graph neural network model based on a network traffic graph for Android malware detection (NT-GNN). While some current malware detection systems use network traffic data for detection, they ignore the complex structural relationships of network traffic, focusing exclusively on network traffic between pairs of endpoints. Additionally, our suggested network traffic graph neural network model (NT-GNN) considers the graph node and edge aspects, capturing the connection between various traffic flows and individual traffic attributes. We first extract the network traffic graph and then detect it using a novel graph neural network architecture. Finally, we experimented with the proposed NT-GNN model on the well-known Android malware CICAndMal2017 and AAGM datasets and achieved 97% accuracy. The results reflect the sophisticated nature of our methodology. Furthermore, we want to provide a new method for malicious code detection.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jun Wang,Hanlei Jin,Junxiao Chen,Jinghua Tan,Kaiyang Zhong

DOI: https://doi.org/10.1016/j.ins.2022.10.060

IF: 8.1

2022-12-01

Information Sciences

Abstract:IoMT technology has many advantages in healthcare system, such as optimizing the medical service model, improving the efficiency of hospital operation and management, and improving the overall service level of the hospital. IoMT devices do not have a security authentication mechanism, and the trust between devices relies heavily on centralized third-party services. Blockchain can provide a secure interactive environment for the medical Internet of Things. However, security issues in the IoMT-Blockchain environment are also becoming increasingly prominent. Cyber-attacks targeting IoMT-Blockchain will not only compromise the security of IoT devices, but also seriously affect the security of the Internet. Therefore, how to detect abnormal traffic in the IoMT-Blockchain environment becomes particularly important. In this work, an abnormal traffic detection with deep neural network is designed for abnormal traffic detection in IoMT-Blockchain environment. First, this work proposes a feature extraction algorithm based on multi-model autoencoders. The algorithm processes the feature information in groups to reduce the complexity between traffic feature information. It builds a multi-model autoencoder to further extract fusion features between multi-model features. Second, to maximize use of traffic data information in detection network, this work proposes a multi-feature sequence anomaly detection algorithm. The algorithm extracts low-level fusion features and high-level temporal features in network traffic respectively, and applies the features to anomaly detection and classification tasks by means of residual learning.

computer science, information systems