The rapid growth of Internet of Medical Things (IoMT) devices has revolutionized diagnostics and patient care within smart healthcare networks. However, this progress has also expanded the attack surface due to the heterogeneity and interconnectivity of medical devices. To overcome the limitations of traditional batch-trained security models, this study proposes an adaptive online intrusion detection framework designed for real-time operation in dynamic healthcare environments. The system combines Leveraging Bagging with Hoeffding Tree classifiers for incremental learning while integrating the Page–Hinkley test to detect and adapt to concept drift in evolving attack patterns. A modular and scalable network architecture supports centralized monitoring and ensures seamless interoperability across various IoMT protocols. Implemented within a low-latency, high-throughput stream-processing pipeline, the framework meets the stringent clinical requirements for responsiveness and reliability. To simulate streaming conditions, we evaluated the model using the CICIoMT2024 dataset, presenting one instance at a time in random order to reflect dynamic, real-time traffic in IoMT networks. Experimental results demonstrate exceptional performance, achieving accuracies of 0.9963 for binary classification, 0.9949 for six-class detection, and 0.9860 for nineteen-class categorization. These results underscore the framework’s practical efficacy in protecting modern healthcare infrastructures from evolving cyber threats.
Makhmudov et al. (Mon,) studied this question.