A Study into Detecting Anomalous Behaviours within HealthCare Infrastructures

Boddy, Aaron; Hurst, William; Mackay, Michael; Rhalibi, Abdennour El

doi:10.1109/dese.2016.20

Cited by 17 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The contribution of this research, (the novelty is further outlined in [4] and [22]) involves the use of Local Outlier Factor (LOF)-based data analytics techniques, an analyst-inthe-loop and visualisation to safeguard EPR data. The system provides contextual awareness to detect anomalous behaviour within EPR audit activity, using the following multi-stage process:…”

Section: Methodsmentioning

confidence: 99%

Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems

et al. 2019

Self Cite

View full text Add to dashboard Cite

This paper concerns the detection of abnormal data usage and unauthorized access in large-scale critical networks, specifically healthcare infrastructures. Hospitals in the U.K. are now connecting their traditionally isolated equipment on a large scale to Internet-enabled networks to enable remote data access. This step-change makes sensitive data accessible to a broader spectrum of users. The focus of this paper is on the safeguarding of electronic patient record (EPR) systems in particular. With over 83% of hospitals adopting EPRs, access to this healthcare data needs to be proactively monitored for malicious activity. Hospitals must maintain patient trust and ensure that the information security principles of integrity, availability, and confidentiality are applied to EPR data. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. Without proactive monitoring of audit records, data breaches may go undetected. In addition, external threats, such as phishing or social engineering techniques to acquire a clinician's logon credentials, need to be identified. Data behavior within healthcare infrastructures, therefore, needs to be proactively monitored for malicious, erratic, or unusual activity. This paper presents a system that employs a density-based local outlier detection model. The system is intended to add to the defense-in-depth of healthcare infrastructures. Patterns in EPR data are extracted to profile user behavior and device interactions in order to detect and visualize anomalous activities. The system is able to detect 144 anomalous behaviors in an unlabeled dataset of 1,007,727 audit logs. This includes 0.66% of the users on the system, 0.17% of patient record accesses, 0.74% of routine accesses, and 0.53% of the devices used in a specialist Liverpool (U.K.) hospital. INDEX TERMS Data analysis, electronic patient records, healthcare infrastructures, information security, patient privacy, visualisation.

show abstract

Section: Methodsmentioning

confidence: 99%

Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, a study 36 conducted on such methods highlighted the limitations of using existing risk assessment techniques and mitigation strategies as there exists a distinct difference between IT security and CPS security, and these risk assessment methods are not specifically designed for CPS security. From the perspective of CPS, the lack of security testing technology, lack of risk assessment systems, and the lack of behavior audit along with the use of malicious code to gain unauthorized access are the main causes of CPS (e.g., the ICS, 28 unmanned drones, 49 medical monitoring systems, 50 autonomous automotive systems, 51 and distributed robotics 52 ) being vulnerable to cyber attacks which in turn are a major strategic issue for the national economy and the livelihood of the people 28 …”

Section: Related Workmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.

show abstract

“…The goal of security engineers is to develop tools capable of detecting malicious, multi-stage intrusion attacks, weighting the individual attacks, and comparing them against the enormous and disparate database of attacks within the network [12]. This is a 'plain recognition' problem and an intruder's objectives should be determined based on the analysis of the entire dataset of attacks as a whole, rather than just an individual attack [13]. As such, in this section, a background discussion is put forward on the layout of medical infrastructures and the existing healthcare network security challenges.…”

Section: Background Researchmentioning

confidence: 99%

An Investigation into Healthcare-Data Patterns

et al. 2019

Self Cite

View full text Add to dashboard Cite

Visualising complex data facilitates a more comprehensive stage for conveying knowledge. Within the medical data domain, there is an increasing requirement for valuable and accurate information. Patients need to be confident that their data is being stored safely and securely. As such, it is now becoming necessary to visualise data patterns and trends in real-time to identify erratic and anomalous network access behaviours. In this paper, an investigation into modelling data flow within healthcare infrastructures is presented; where a dataset from a Liverpool-based (UK) hospital is employed for the case study. Specifically, a visualisation of transmission control protocol (TCP) socket connections is put forward, as an investigation into the data complexity and user interaction events within healthcare networks. In addition, a filtering algorithm is proposed for noise reduction in the TCP dataset. Positive results from using this algorithm are apparent on visual inspection, where noise is reduced by up to 89.84%.

show abstract

A Study into Detecting Anomalous Behaviours within HealthCare Infrastructures

Cited by 17 publications

References 16 publications

Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems

Density-Based Outlier Detection for Safeguarding Electronic Patient Record Systems

Security risks in cyber physical systems—A systematic mapping study

An Investigation into Healthcare-Data Patterns

Contact Info

Product

Resources

About