Zero-Day Exploits in Healthcare IoT Networks

  • Authors

    https://doi.org/10.14419/m4mkbn36

    Received date: September 15, 2025

    Accepted date: October 18, 2025

    Published date: October 27, 2025

  • Healthcare IoT (HIoT), Zero-Day Exploits, Anomaly Detection, Extreme Value Theory (EVT), Blockchain Security, Intrusion Detection Systems (IDS).

  • Abstract

    The rapid adoption of Healthcare Internet of Things (HIoT) systems has enhanced patient care. Still, it has also exposed hospitals to sophis-ticated zero-day exploits that can bypass traditional intrusion detection systems. These threats pose a significant risk to patient safety and compromise clinical operations, necessitating detection mechanisms that are both accurate and efficient, and aligned with the specific re-quirements of healthcare.

    This paper introduces a multi-layer security framework that integrates hybrid anomaly detection, Extreme Value Theory (EVT)-based thresholding, blockchain-assisted forensic logging, and severity-aware mitigation. The detection ensemble combines autoencoder recon-struction, LSTM-based predictive modeling, and statistical distribution monitoring, while EVT establishes statistically principled thresholds to reduce false alarms. Blockchain ensures tamper-proof accountability, and mitigation actions are prioritized based on device criticality and clinical risk.

    Extensive evaluation using CIC-IDS2017, TON_IoT, and N-BaIoT datasets demonstrates the effectiveness of the framework. The system achieved a detection rate of 96.4%, a false positive rate of 1.1%, and an average latency of 6.8 ms, outperforming baseline solutions includ-ing Snort, Suricata, Kitsune, and LSTM-based IDS. Additional experiments confirmed scalability under large device populations, resilience against adversarial evasion, and negligible blockchain overhead.

    By combining statistical rigor with clinical feasibility, the proposed framework provides a trustworthy and deployable solution for zero-day exploit defense in HIoT, advancing the development of secure and resilient innovative healthcare ecosystems.

  • References

    1. S. R. Islam, D. Kwak, M. H. Kabir, M. Hossain, and K.-S. Kwak, “The Internet of Things for Health Care: A Comprehensive Survey,” IEEE Ac-cess, vol. 3, pp. 678–708, 2015, doi: 10.1109/ACCESS.2015.2437951.
    2. F. Alsubaei, A. Abuhussein, and S. Shiva, “Security and Privacy in the Internet of Medical Things: Taxonomy and Risk Assessment,” in Proc. IEEE 42nd Conf. Local Computer Networks Workshops (LCN Workshops), Singapore, Oct. 2017, pp. 112–120, doi: 10.1109/LCN.Workshops.2017.72.
    3. Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection,” in Proc. 25th NDSS Symp., San Diego, CA, USA, Feb. 2018, doi: 10.14722/ndss. 2018.23204.
    4. A. Siffer, P.-A. Fouque, A. Termier, and C. Largouet, “Anomaly Detection in Streams with Extreme Value Theory,” in Proc. 23rd ACM SIGKDD Int. Conf. Knowledge Discovery & Data Mining, 2017, pp. 1067–1075, doi: 10.1145/3097983.3098144.
    5. J. Pickands III, “Statistical Inference Using Extreme Order Statistics,” Ann. Statist., vol. 3, no. 1, pp. 119–131, 1975, doi: 10.1214/aos/1176343003.
    6. A. A. Balkema and L. de Haan, “Residual Life Time at Great Age,” Ann. Probability, vol. 2, no. 5, pp. 792–804, 1974, doi: 10.1214/aop/1176996548.
    7. H. T. Neprash, L. Chernew, and A. S. Sinaiko, “Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care De-livery Organi-zations, 2016–2021,” JAMA Health Forum, vol. 3, no. 12, e224873, Dec. 2022, doi: 10.1001/jamahealthforum. 2022.4873.
    8. M. Castro and B. Liskov, “Practical Byzantine Fault Tolerance and Proactive Recovery,” ACM Trans. Comput. Syst., vol. 20, no. 4, pp. 398–461, Nov. 2002, doi: 10.1145/571637.571640.
    9. L. Xu, C. Xu, and L. Li, “Embedding Blockchain Technology into IoT for Security: A Survey,” IEEE Internet Things J., vol. 8, no. 13, pp. 10452–10473, Jul. 2021, doi: 10.1109/JIOT.2021.3060508.
    10. V. K. Prasad, P. Agarwal, and S. R. Sahoo, “Federated Learning for the Internet-of-Medical-Things: A Survey,” Mathematics, vol. 11, no. 1, p. 151, Jan. 2023, doi: 10.3390/math11010151.
    11. J. Sengupta, S. Ruj, and S. Das Bit, “A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT,” J. Netw. Comput. Appl., vol. 149, p. 102481, Jan. 2020, doi: 10.1016/j.jnca.2019.102481.
    12. V. Mavroeidis and S. Bromander, “Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontolo-gies within Cyber Threat Intelligence,” in Proc. Eur. Intell. Security Informatics Conf. (EISIC), Athens, Greece, Sep. 2017, pp. 91–98, doi: 10.1109/EISIC.2017.20.
    13. J. Han, K. Kim, and H. Kim, “Hierarchical LSTM-Based Network Intrusion Detection System,” Appl. Sci., vol. 13, no. 5, p. 3089, 2023, doi: 10.3390/app13053089.
    14. H. C. Altunay, S. B. Yalcin, and H. Ekiz, “A Hybrid CNN+LSTM-Based Intrusion Detection System for IIoT Networks,” Sustain. Comput. In-form. Syst., vol. 38, p. 100892, Sep. 2023, doi: 10.1016/j.suscom.2023.100892.
    15. M. Roesch, “Snort – Lightweight Intrusion Detection for Networks,” in Proc. 13th USENIX Conf. Syst. Admin. (LISA), Seattle, WA, USA, 1999, pp. 229–238.
    16. A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood, and A. Anwar, “ToN_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Da-ta-Driven Intrusion Detection Systems,” IEEE Access, vol. 8, pp. 165130–165150, 2020, doi: 10.1109/ACCESS.2020.3022862.
    17. Y. Meidan, M. Bohadana, A. Shabtai, J. Guarnizo, M. Ochoa, N. O. Tippenhauer, and Y. Elovici, “N-BaIoT: Network-Based Detec-tion of IoT Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Comput., vol. 17, no. 3, pp. 12–22, Jul.–Sep. 2018, doi: 10.1109/MPRV.2018.03367731.
    18. A. Enaya and A. Aljaaf, “Survey of Blockchain-Based Applications for IoT,” Appl. Sci., vol. 15, no. 8, p. 4562, 2025, doi: 10.3390/app15084562.
    19. K. Albulayhi, M. Anbar, I. M. Alarood, M. A. Almomani, and A. Alshamrani, “IoT Intrusion Detection: Taxonomy, Reference Archi-tecture, Da-tasets, and Open Issues,” Sensors, vol. 21, no. 17, p. 5877, 2021, doi: 10.3390/s21175877.
    20. T. Dumitraş and D. Shou, “Trading Exploits Online: A Longitudinal Study of the Emerging Exploit-as-a-Service Economy,” in Proc. 28th USE-NIX Security Symp., Santa Clara, CA, USA, Aug. 2019, pp. 1963–1980.
    21. J. Cvach, “Monitor Alarm Fatigue: An Integrative Review,” Biomed. Instrum. Technol., vol. 46, no. 4, pp. 268–277, Jul.–Aug. 2012, doi: 10.2345/0899-8205-46.4.268.
    22. M. N. Aman and B. Sikdar, “IoMT Security: Integration of 5G, Edge, and Blockchain for Scalable Healthcare IoT,” IEEE Internet Things J., vol. 9, no. 15, pp. 13345–13358, Aug. 2022, doi: 10.1109/JIOT.2022.3141467.

  • Downloads

  • How to Cite

    Al-Balasmeh, H. (2025). Zero-Day Exploits in Healthcare IoT Networks. International Journal of Basic and Applied Sciences, 14(6), 554-569. https://doi.org/10.14419/m4mkbn36