DML-IDS: Distributed Multi-Layer Intrusion Detection System for Securing Healthcare Infrastructure
Downloads
In recent years, the number of cyberattacks targeting healthcare resources has rapidly increased. Conventional IDSs rely heavily on predefined rules and attack signatures. However, modern zero-day attacks with unpredictable behavior and multi-vector attack patterns can still breach healthcare networks. When a new type of cyberattack targets a specific server, an existing IDS may fail to detect it because it depends on static, predefined rules. To address these issues, we propose DML-IDS: Distributed Multi-Layer Intrusion Detection System, designed to operate across multiple nodes in a network to collaboratively detect suspicious activities. The proposed approach employs a multi-layer ensemble strategy to improve detection accuracy while reducing computational overhead on a single machine. All incoming network packets are first analyzed by the Distributed Threat Analysis Module (DTAM), which runs a Random Forest-based model as the base classifier to distinguish between benign and malicious traffic. Based on the nature and severity of the threat, malicious packets are flagged as highAlert (HA) in the Threat Prioritization Layer (TPL) and then forwarded to the respective Confirmatory Ensemble Model (CEM) for further, attack-specific analysis. These CEM models are designed to scale efficiently and detect zero-day as well as multi-vector attacks. The proposed model was trained on the CICIDS-2017 dataset. DTAM achieved an accuracy of 98.5%, while the CEM models for DDoS, Patator, and Web Attack achieved 99.01%, 98.87%, and 98.91% accuracy, respectively. Furthermore, the computational overhead of the DML-IDS architecture was evaluated and compared with an existing ensemble learning-based IDS.
Downloads
[1] Alder, S. (2025). Healthcare data breach statistics. The HIPAA Journal, Dallas, United States. Available online: https://www.hipaajournal.com/healthcare-data-breach-statistics/ (accessed on November 2025).
[2] Veriti. (2024). The State of Healthcare Cybersecurity 2025: A Veriti Research Report. Veriti, Tel Aviv, Israel. Available online: https://veriti.ai/wp-content/uploads/2024/12/The-State-of-Healthcare-Cybersecurity-2025-_-A-Veriti-Research-Report.pdf (accessed on November 2025).
[3] NSFOCUS. (2024). Over 300,000! GorillaBot: The new king of DDoS attacks. NSFOCUS, Beijing, China. Available online: https://nsfocusglobal.com/over-300000-gorillabot-the-new-king-of-ddos-attacks/ (accessed on November 2025).
[4] Bhati, B. S., & Rai, C. S. (2020). Analysis of Support Vector Machine-based Intrusion Detection Techniques. Arabian Journal for Science and Engineering, 45(4), 2371–2383. doi:10.1007/s13369-019-03970-z.
[5] Azam, Z., Islam, M. M., & Huda, M. N. (2023). Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree. IEEE Access, 11, 80348–80391. doi:10.1109/ACCESS.2023.3296444.
[6] Ahmed, U., Jiangbin, Z., Almogren, A., Khan, S., Sadiq, M. T., Altameem, A., & Rehman, A. U. (2024). Explainable AI-based innovative hybrid ensemble model for intrusion detection. Journal of Cloud Computing, 13(1), 150. doi:10.1186/s13677-024-00712-x.
[7] Alsolami, T., Alsharif, B., & Ilyas, M. (2024). Enhancing Cybersecurity in Healthcare: Evaluating Ensemble Learning Models for Intrusion Detection in the Internet of Medical Things. Sensors, 24(18), 5937. doi:10.3390/s24185937.
[8] doost, P. A., Moghadam, S. S., Khezri, E., Basem, A., & Trik, M. (2025). A new intrusion detection method using ensemble classification and feature selection. Scientific Reports, 15(1), 13642. doi:10.1038/s41598-025-98604-w.
[9] Fares, I. A., & Abd Elaziz, M. (2025). Explainable TabNet Transformer-based on Google Vizier Optimizer for Anomaly Intrusion Detection System. Knowledge-Based Systems, 316. doi:10.1016/j.knosys.2025.113351.
[10] Torre, D., Chennamaneni, A., Jo, J. Y., Vyas, G., & Sabrsula, B. (2025). Toward Enhancing Privacy Preservation of a Federated Learning CNN Intrusion Detection System in IoT: Method and Empirical Study. ACM Transactions on Software Engineering and Methodology, 34(2), 1–48. doi:10.1145/3695998.
[11] Nassreddine, G., Nassereddine, M., & Al-Khatib, O. (2025). Ensemble Learning for Network Intrusion Detection Based on Correlation and Embedded Feature Selection Techniques. Computers, 14(3), 82. doi:10.3390/computers14030082.
[12] Xu, Z., Wu, Y., Wang, S., Gao, J., Qiu, T., Wang, Z., ... & Zhao, X. (2025). Deep Learning-based Intrusion Detection Systems: A Survey. arXiv Preprint, arXiv:2504.07839. doi:10.48550/arXiv.2504.07839.
[13] Zhang, Y., Muniyandi, R. C., & Qamar, F. (2025). A Review of Deep Learning Applications in Intrusion Detection Systems: Overcoming Challenges in Spatiotemporal Feature Extraction and Data Imbalance. Applied Sciences (Switzerland), 15(3), 1552. doi:10.3390/app15031552.
[14] Mamatha, P., Balaji, S., & Anuraghav, S. S. (2025). Development of Hybrid Intrusion Detection System Leveraging Ensemble Stacked Feature Selectors and Learning Classifiers to Mitigate the DoS Attacks. International Journal of Computational Intelligence Systems, 18(1), 20. doi:10.1007/s44196-025-00750-6.
[15] Ataa, M. S., Sanad, E. E., & El-khoribi, R. A. (2024). Intrusion detection in software defined network using deep learning approaches. Scientific Reports, 14(1), 29159. doi:10.1038/s41598-024-79001-1.
[16] Amouri, A., Al Rahhal, M. M., Bazi, Y., Butun, I., & Mahgoub, I. (2024). Enhancing Intrusion Detection in IoT Environments: An Advanced Ensemble Approach Using Kolmogorov-Arnold Networks. 2024 International Symposium on Networks, Computers and Communications (ISNCC), 1–6. doi:10.1109/isncc62547.2024.10758956.
[17] Bibers, I., Arreche, O., & Abdallah, M. (2024). A comprehensive comparative study of individual ML models and ensemble strategies for network intrusion detection systems. arXiv Preprint, arXiv:2410.15597. doi:10.48550/arXiv.2410.15597.
[18] Liu, J., Simsek, M., Kantarci, B., Bagheri, M., & Djukic, P. (2022). Collaborative Feature Maps of Networks and Hosts for AI-driven Intrusion Detection. 2022 IEEE Global Communications Conference (GLOBECOM 2022), 2662–2667. doi:10.1109/globecom48099.2022.10000985.
[19] Lansky, J., Ali, S., Mohammadi, M., Majeed, M. K., Karim, S. H. T., Rashidi, S., Hosseinzadeh, M., & Rahmani, A. M. (2021). Deep Learning-Based Intrusion Detection Systems: A Systematic Review. IEEE Access, 9, 101574–101599. doi:10.1109/access.2021.3097247.
[20] Gao, X., Shan, C., Hu, C., Niu, Z., & Liu, Z. (2019). An Adaptive Ensemble Machine Learning Model for Intrusion Detection. IEEE Access, 7, 82512–82521. doi:10.1109/ACCESS.2019.2923640.
[21] Bringer, M. L., Chelmecki, C. A., & Fujinoki, H. (2012). A Survey: Recent Advances and Future Trends in Honeypot Research. International Journal of Computer Network and Information Security, 4(10), 63–75. doi:10.5815/ijcnis.2012.10.07.
[22] Titarmare, N., Hargule, N., & Gupta, A. (2019). An Overview of Honeypot Systems. International Journal of Computer Sciences and Engineering, 7(2), 394–397. doi:10.26438/ijcse/v7i2.394397.
[23] Verma, A. S., & Dubey, A. (2020). A Review on Honeypot Deployment. LJP London Journal of Research in Computer Science and Technology, 20(1), 1-10.
[24] Sharafaldin, I., Habibi Lashkari, A., & Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy, 108–116. doi:10.5220/0006639801080116.
[25] Abbas, A., Khan, M. A., Latif, S., Ajaz, M., Shah, A. A., & Ahmad, J. (2022). A New Ensemble-Based Intrusion Detection System for Internet of Things. Arabian Journal for Science and Engineering, 47(2), 1805–1819. doi:10.1007/s13369-021-06086-5.
[26] Zhou, Y., Cheng, G., Jiang, S., & Dai, M. (2020). Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks, 174, 107247. doi:10.1016/j.comnet.2020.107247.
[27] Das, S., Saha, S., Priyoti, A. T., Roy, E. K., Sheldon, F. T., Haque, A., & Shiva, S. (2022). Network Intrusion Detection and Comparative Analysis Using Ensemble Machine Learning and Feature Selection. IEEE Transactions on Network and Service Management, 19(4), 4821–4833. doi:10.1109/tnsm.2021.3138457.
[28] Thockchom, N., Singh, M. M., & Nandi, U. (2023). A novel ensemble learning-based model for network intrusion detection. Complex and Intelligent Systems, 9(5), 5693–5714. doi:10.1007/s40747-023-01013-7.
[29] Mhawi, D. N., Aldallal, A., & Hassan, S. (2022). Advanced Feature-Selection-Based Hybrid Ensemble Learning Algorithms for Network Intrusion Detection Systems. Symmetry, 14(7), 1461. doi:10.3390/sym14071461.
[30] Maseer, Z. K., Yusof, R., Bahaman, N., Mostafa, S. A., & Foozy, C. F. M. (2021). Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset. IEEE Access, 9, 22351–22370. doi:10.1109/access.2021.3056614.
- This work (including HTML and PDF Files) is licensed under a Creative Commons Attribution 4.0 International License.
