*Result*: A novel adaptive hybrid intrusion detection system with lightweight optimization for enhanced security in internet of medical things.
Sensors (Basel). 2024 Sep 02;24(17):. (PMID: 39275623)
Sci Rep. 2025 Jul 2;15(1):22887. (PMID: 40595948)
Sensors (Basel). 2024 May 30;24(11):. (PMID: 38894310)
Entropy (Basel). 2021 Feb 06;23(2):. (PMID: 33561948)
Front Med (Lausanne). 2025 Apr 08;12:1524286. (PMID: 40309737)
Sensors (Basel). 2025 May 26;25(11):. (PMID: 40968811)
PLoS One. 2025 May 27;20(5):e0324595. (PMID: 40424227)
IEEE Trans Neural Netw. 2007 Sep;18(5):1294-305. (PMID: 18220181)
Nature. 2015 Feb 26;518(7540):529-33. (PMID: 25719670)
Bioinformatics. 2010 May 15;26(10):1340-7. (PMID: 20385727)
Comput Methods Programs Biomed. 2022 Jun;220:106773. (PMID: 35429810)
J Commun Disord. 2017 Sep;69:44-57. (PMID: 28777928)
J Anal Test. 2018;2(3):249-262. (PMID: 30842888)
*Further Information*
*The proliferation of Internet of Medical Things (IoMT) devices in e-Health systems has shown improved healthcare delivery but introduced severe cybersecurity vulnerabilities, including spoofing, denial-of-service, and data breaches. This study proposes leveraging artificial intelligence (AI) for an Intrusion Detection System (IDS) to secure IoMT environments and further assist in real-time threat detection and resilience of e-Health systems. This provided an improved model that implemented feature importance and ensemble learning, as well as contributed to developing a new hybrid system that uses the pre-trained Decision Tree (C4.5) model that incorporates a pre-trained Decision Tree (C4.5) model into the RL loop using Deep Q-Networks (DQN). This hybrid framework exploits the efficiency and low latency of pre-trained C4.5 for initial classification, and enables the ability of the system to learn dynamically from network interactions, adapt to changing patterns of attack, and improve detection performance over time. The general framework employs SMOTE to address class imbalance, while focal loss is utilized as an evaluation tool to analyze the classifiers' focus on hard-to-classify and minority class samples. It is important to note that the hybrid IDS has exhibited higher accuracy compared to Decision Tree - C4.5 with total rewards maximized, indicating the adaptive learning and stability in changing environments. The proposed model achieved an accuracy of 99.03% for binary classes, 98.55% for the five classes, and 99.56% for the 14-class experiment when using the initial classification with the Decision Tree (C4.5) model on the Canadian Institute for Cybersecurity, Internet of Medical Things-2024(CICIoMT2024) dataset. The initial classification and latency results are additionally compared to a few other lightweight classifiers such as Random Forest, XGBoost, and Simple Neural Networks. To bring adaptability and dynamic threat detection of Deep Reinforcement Learning (DRL) classifiers, the C4.5 model was integrated into a DQN framework to address evolving network threats over time. The hybrid model also persisted with improved performance, measuring 99.20% accuracy for the binary classes with CICIoMT2024 dataset. Proposed IDS was also evaluated for its generalization capability across heterogeneous datasets, i-e, WUSTL-EHMS, ECU-IoHT, DF_IOMT, and CICIOT23. The model consistently achieved high detection performance across the datasets and outperformed their respective previously achieved results with the C4.5 supervised classifier, which verified its robustness and flexibility across different IoMT contexts. The proposed hybrid IDS is therefore validated as a deployment-aware, lightweight, and adaptive framework capable of effective intrusion detection in dynamic healthcare settings that are resource-limited and demand real-time responsiveness.
(© 2025. The Author(s).)*
*Declarations. Competing interests: The authors declare no competing interests.*