The rapid development of the Internet of Medical Things (IoMT) has significantly expanded the cybersecurity attack perimeter of healthcare systems (HCS). Security measures for mitigating intrusions in HCS have direct patient safety benefits beyond the operational impacts evident in conventional information and communication technology (ICT) contexts. Feature selection (FS) is one of the primary and most important preliminary processing phases for accurate intrusion detection in the IoMT. This phase reduces the high-dimensional traffic feature space to a minimal filtering subset, which is beneficial for deployments with limited resources. Current methods have important limitations: while filter methods (FM) are fast, they don’t account for complex inter-feature dependencies; and wrapper methods (WM) account for these inter-feature dependencies, but the outcomes have a high computational cost, with standard processing times ranging from 1800 to 5300 s due to the requirement to retrain the machine learning (ML) model at each search iteration. To address this trade-off, the present research study provides a method that combines mutual information and deep learning binary dragonfly algorithm (MI + DL-BDA). The proposed model employs a BDA wrapper search guided by ProxyNet and MI filtering to achieve significantly lower dimensionality. A low-cost MLP (Multilevel Processing) proxy with efficient channel attention (ECA), ProxyNet implements frozen-weight inference at 10–50 ms per measurement to replace periodic classifier retraining. To account for the asymmetric risk profile in HCS, where missed detections are more significant than false alarms, the fitness function was developed with stringent safety limits, prioritizing recall at FPR ≤ 1%. Evaluated on CICIoMT2024 (43 features, 18 attack types, 40 medical devices), the proposed MI + DL-BDA achieves 65.1% dimensionality reduction while preserving 98.6–99.4% of full-feature detection performance, with Recall @ FPR ≤ 1% = 0.938 and PR-AUC = 0.956 in 502.6 s, representing a 9.2–10.6× speedup over conventional WM. Cross-dataset evaluation on IoMT-TrafficData (IP flow, 27 features, 8 attack types) independently confirms these findings, with a 55.6% reduction and 99.0–99.7% performance retention in 234.5 s across a distinct device ecosystem and attack classification. Subset stability is correctly measured as the average pairwise Jaccard similarity across 5 autonomous runs, and the statistical significance of performance advantages over 9 baseline methods is confirmed via Wilcoxon signed-rank testing. Ablation analysis quantifies the individual contributions of each network component, with BDA optimization and ECA attention ranking as the most consequential, at 2.24 pp and 0.79 pp, respectively.
PALANIAPPAN et al. (Fri,) studied this question.