Detection of Active Attacks on Wireless IMDs Using Proxy Device and Localization Information

Darji, Monika; Trivedi, Bhushan

doi:10.1007/978-3-662-44966-0_34

Cited by 2 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Anomaly detection is a security approach for the detection of outliers, i.e., events that do not conform to the normal typical pattern (as learned by representative normal cases from the analyzed population). Darji and Trivedi [13]propose a similar solution using a proxy device which creates a signature of the authorized external device based on several features, such as arrival time difference, received time of transmission, phase of arrival, and angle of arrival; these features are estimated via triangulation techniques. The proxy device uses anomaly detection of these characteristics and tends to detect incidents of unauthorized connections.…”

Section: B Security Mechanisms For Icdsmentioning

confidence: 99%

“…We were able to identify previous academic studies that deal with protecting CIEDs from illegitimate intrusions, such as connecting to the CIED at prohibited times or from unauthorized locations, using illegitimate devices such as improvised antenna [13]. However, we were unable to find any prior work or existing solutions aimed at the problem of abusing or attacking a legitimate programmer device in order to attack the CIED.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CardiWall: A Trusted Firewall for the Detection of Malicious Clinical Programming of Cardiac Implantable Electronic Devices

et al. 2020

View full text Add to dashboard Cite

Today, cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs), play an increasingly important role in healthcare ecosystems as patient life support devices. Physicians control, program and configure CIEDs on a regular basis using a dedicated programmer device. The programmer device is open to external connections (e.g., USB, Bluetooth, etc.), and thus it is exposed to a variety of cyber-attacks by which an attacker can manipulate the programmer device's operations and consequently harm the patient. In this paper, we present CardiWall, a novel detection and prevention system designed to protect ICDs from cyber-attacks aimed at the programmer device. Our system has six different layers of protection, leveraging medical experts' knowledge, statistical methods, and machine learning algorithms. We evaluated the CardiWall system extensively in two comprehensive experiments. For the evaluation, we gathered data for a period of four years and used 775 benign clinical commands that are related to hundreds of different patients (obtained from different programmer devices located at Barzilai University Medical center) and 28 malicious clinical commands (created by two cardiology experts from different hospitals). The evaluation results show that only two out of the six layers proposed in CardiWall system provided a high detection capability associated with high rates of true positive, and low rates of false positive. With the configuration that provided the best harmonic mean of sensitivity and specificity (HMSS), CardiWall achieved a high true positive rate (TPR) of 91.4% and a very low false positive rate (FPR) of 1%, with an AUC of 94.7%.

show abstract

Section: B Security Mechanisms For Icdsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%