TY - JOUR
T1 - TCN-Based DDoS Detection and Mitigation in 5G Healthcare-IoT
T2 - A Frequency Monitoring and Dynamic Threshold Approach
AU - Akhi, Mirza
AU - Eising, Ciaran
AU - Luxmi Dhirani, Lubna
N1 - Publisher Copyright:
© 2025 The Authors.
PY - 2025
Y1 - 2025
N2 - The Internet of Things (IoT) revolutionizes precision healthcare by enhancing patient care and reducing costs. However, this technology poses challenges in securing Healthcare-IoT (H-IoT) devices, as low-latency packet transmission increases vulnerability to attacks (e.g., Distributed Denial of Service (DDoS)) in 5G networks. This research develops a monitoring frequency-based detection and dynamic threshold mitigation method using Temporal Convolutional Networks (TCNs) in 5G H-IoT environments. A monitoring frequency-based detection method calculates each H-IoT node's message count over the past five seconds as a percentage of total traffic. A dynamic threshold strategy also provides adaptive security by averaging detected malicious behavior messages across all nodes to determine the base threshold. This approach enhances classification accuracy, effectively mitigates actual DDoS attack nodes, and blacklists malicious nodes without false positives in H-IoT environments. Moreover, this research creates DDoS attack models, monitoring parameters using two simulators (Cooja and ns-3) on H-IoT devices. Data is collected over the Message Queuing Telemetry Transport (MQTT) and User Datagram Protocol (UDP) in a realistic 5G-based H-IoT environment, creating two datasets with malicious and benign data. The proposed TCN-based DDoS prediction and mitigation method achieves 99.98% and 95% accuracy on the MQTT dataset. This model also attains a slightly higher prediction accuracy of 99.99% and mitigation of 80% on the UDP dataset. This research evaluates the proposed model against prior methods, including Bidirectional Long Short-Term Memory (BiLSTM) and Convolutional Neural Networks (CNNs), demonstrating improved accuracy. Thus, the proposed TCN model is a versatile and resilient security solution for H-IoT environments.
AB - The Internet of Things (IoT) revolutionizes precision healthcare by enhancing patient care and reducing costs. However, this technology poses challenges in securing Healthcare-IoT (H-IoT) devices, as low-latency packet transmission increases vulnerability to attacks (e.g., Distributed Denial of Service (DDoS)) in 5G networks. This research develops a monitoring frequency-based detection and dynamic threshold mitigation method using Temporal Convolutional Networks (TCNs) in 5G H-IoT environments. A monitoring frequency-based detection method calculates each H-IoT node's message count over the past five seconds as a percentage of total traffic. A dynamic threshold strategy also provides adaptive security by averaging detected malicious behavior messages across all nodes to determine the base threshold. This approach enhances classification accuracy, effectively mitigates actual DDoS attack nodes, and blacklists malicious nodes without false positives in H-IoT environments. Moreover, this research creates DDoS attack models, monitoring parameters using two simulators (Cooja and ns-3) on H-IoT devices. Data is collected over the Message Queuing Telemetry Transport (MQTT) and User Datagram Protocol (UDP) in a realistic 5G-based H-IoT environment, creating two datasets with malicious and benign data. The proposed TCN-based DDoS prediction and mitigation method achieves 99.98% and 95% accuracy on the MQTT dataset. This model also attains a slightly higher prediction accuracy of 99.99% and mitigation of 80% on the UDP dataset. This research evaluates the proposed model against prior methods, including Bidirectional Long Short-Term Memory (BiLSTM) and Convolutional Neural Networks (CNNs), demonstrating improved accuracy. Thus, the proposed TCN model is a versatile and resilient security solution for H-IoT environments.
KW - 5G
KW - anomaly detection
KW - Cooja simulator
KW - DDoS attack
KW - dynamic thresholding
KW - frequency-based detection
KW - Healthcare-IoT (H-IoT)
KW - MQTT protocol
KW - ns-3 simulator
KW - security
KW - UDP protocol
UR - http://www.scopus.com/inward/record.url?scp=85216327719&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2025.3531659
DO - 10.1109/ACCESS.2025.3531659
M3 - Article
AN - SCOPUS:85216327719
SN - 2169-3536
VL - 13
SP - 12709
EP - 12733
JO - IEEE Access
JF - IEEE Access
ER -