Page 23 - AIH-1-4
P. 23
Artificial Intelligence in Health Optimized clustering in medical app detection
related data, as well as the overall well-being of individuals detection methods, hindering the ability to inspect packet
relying on these apps. The increasing prevalence and contents effectively.
importance of medical health-care apps in contemporary To overcome the limitations of traditional detection
health-care systems is the driving force behind this study. methods, a more nuanced and multifaceted approach
While these apps offer significant benefits by improving is required. Combining port-based, payload-based, and
health-care quality while remaining cost-effective, the rapid potentially heuristic methods can enhance the accuracy and
proliferation of new apps presents a challenge in accurately reliability of detecting medical apps within the dynamic realm
detecting and classifying them, particularly zero-day apps of network security. By continuously adapting detection
that are new and unseen. Conventional machine learning strategies to emerging threats, we can better safeguard the
techniques exhibit high accuracy in detecting known integrity and security of health-care systems that rely on
apps but struggle with unknown ones. Hence, there is a medical apps. Flow-based approaches for measuring traffic
pressing need to develop novel approaches capable of statistics have been explored in existing literature to overcome
effectively identifying both known and unknown medical common challenges encountered in conventional approaches.
health-care apps. We aim to bridge this gap through an However, a significant challenge that is still unaddressed is the
optimized clustering approach that leverages artificial poor detection rate of new or zero-day apps.
neural networks (ANNs) to enhance detection accuracy,
thereby improving the overall efficiency and reliability of Zero-day apps, which are previously unknown and
health-care app detection systems. emerging apps, pose a challenge for supervised machine
learning algorithms that rely on training data from known
Accurate detection of medical apps is crucial to apps. To address this issue, the proposed scheme introduces
maintaining the quality and continuity of systems, a semi-supervised method for categorizing novel apps into
particularly in environments prioritizing bandwidth a distinct class that receives labels after analysis. The scheme
allocation for health-care purposes. App detection plays comprises three key modules: known app detection, novel
a pivotal role in enforcing network security policies. app segregation, and model updating with a new app class.
However, traditional methods that rely on port-based or The approach utilizes a hybrid detector that combines an
payload-based techniques face challenges due to emerging ANN as a universal classifier with the K-means algorithm
obfuscation techniques such as port spoofing and for enhanced detection.
encrypted traffic.
The objective of this research is to enhance the accuracy
Identifying medical apps often involves well-known of detecting medical health-care apps, with a particular
port-addressing techniques, such as matching traffic focus on identifying zero-day apps. By integrating a novel
with ports registered by the Internet Assigned Numbers approach that optimizes the K-means clustering algorithm
Authority (IANA). However, the growing prevalence of with a perceptron feed-forward neural network, this study
port spoofing poses a novel challenge, where attackers aims to improve the detection capabilities for both known
attempt to evade detection by utilizing exceptional port and unknown medical health-care apps.
numbers for malicious network traffic. Relying solely on
port values for app identification is insufficient. Therefore, a The innovation lies in optimizing K-means clustering
deeper examination of packet content using payload-based using a neural network to fix centroids, facilitated by
methods becomes necessary to understand the unique correlation-based feature selection to identify relevant
characteristics that define specific applications for effective clustering features. The proposed approach ensures
detection. The conventional approach to app detection superior results by determining the optimal value for K
using well-known ports has limitations, especially when in K-means clustering and selecting appropriate choices
faced with sophisticated evasion techniques. Port spoofing, for the number of input and output nodes in ANNs.
for instance, involves various tactics where attackers aim Furthermore, the model includes a method to update the
to bypass perimeter defenses using unconventional port detector through retraining with a new class.
numbers. Consequently, adopting a comprehensive The experimental results demonstrate the superior
approach that extends beyond port values becomes performance of the proposed approach in detecting medical
imperative. apps overall and specifically in identifying novel apps. This
Payload-based methods offer a deeper insight into methodology offers an effective solution to the evolving
packet content to identify the unique features that define landscape of app detection, particularly addressing the
a particular application. However, even this approach continuous emergence of previously unknown apps.
encounters challenges when dealing with encrypted The subsequent sections of the paper are organized as
packets. Encryption poses a hurdle to payload-based follows: Section 2 delves into a comprehensive literature
Volume 1 Issue 4 (2024) 17 doi: 10.36922/aih.2585
