key: cord-0490766-vqxyamjh authors: Si-Ahmed, Ayoub; Al-Garadi, Mohammed Ali; Boustia, Narhimene title: Survey of Machine Learning Based Intrusion Detection Methods for Internet of Medical Things date: 2022-02-19 journal: nan DOI: nan sha: 55f236af62f6180ef46c5af11bd7d7952973109e doc_id: 490766 cord_uid: vqxyamjh Internet of Medical Things (IoMT) represents an application of the Internet of Things, where health professionals perform remote analysis of physiological data collected using sensors that are associated with patients, allowing real-time and permanent monitoring of the patient's health condition and the detection of possible diseases at an early stage. However, the use of wireless communication for data transfer exposes this data to cyberattacks, and the sensitive and private nature of this data may represent a prime interest for attackers. The use of traditional security methods on equipment that is limited in terms of storage and computing capacity is ineffective. In this context, we have performed a comprehensive survey to investigate the use of the intrusion detection system based on machine learning (ML) for IoMT security. We presented the generic three-layer architecture of IoMT, the security requirement of IoMT security. We review the various threats that can affect IoMT security and identify the advantage, disadvantages, methods, and datasets used in each solution based on ML. Then we provide some challenges and limitations of applying ML on each layer of IoMT, which can serve as direction for future study. The Internet of Things (IoT) represents the fourth revolution of human life, in which everything is connected to everyone in any place at any time. It comes after revolutions 1, 2, and 3, respectively, concerning agriculture, industry, and information technology. Kevin Ashton was the first to use the term IoT [1] , and he defines it as "the network of physical objects embedded with electronics, software, sensors, and network connectivity enable these objects to collect and exchange data, often using the Internet" [2] . By using sensors connected with objects, communication between objects without human intervention is made possible, and it is known as machine-to-machine communication. IoT is experiencing considerable development, and it is estimated that IoT will reach more than 24 billion devices in the world, representing about four devices per person [3] . IoT offers many possible applications, such as the Internet of Medical Things (IoMT), explaining its rapid development. The IoMT uses sensors that are either wearable or implemented in the human body to collect health data, and then these data will be sent to a remote server to be analyzed using Artificial Intelligence (AI) assisted by the medical professional. Healthcare has experienced many evolutions in the digitalization of health data, as explained in [4] and summarized in this paragraph. The first evolution started in 1990 and is called healthcare 1.0, which consists of introducing notes in a computer written by a doctor; these data are then stored and si_ahmed.ayoub@etu.univ-blida.dz, ayoub.siahmed@proxylan.dz (A. Si-Ahmed); m.a.al-garadi@emory.edu (M.A. Al-Garadi); nboustia@gmail.com, nboustia@univ-blida.dz (N. Boustia) managed by a system like Picture Archiving and Communication System and Radiology Information System. Then there was healthcare 2.0, where the hospitals adopt a system that integrates and manages the digital data stored on doctors' PCs. Then there was healthcare 3.0, which consists of compiling, and grouping all patient data into an Electronic Health Record (EHR); this allows the patient and the individual to have complete access to their health data and health history. We are currently experiencing the fourth revolution in healthcare, named healthcare 4.0; this is enabled by artificial intelligence, data provided by doctors and imaging centers, and equipment and sensors implemented or worn by patients. This evolution allows doctors and medical staff to make more accurate diagnoses and better treatment decisions; it also allows hospital managers to have control over costs. The IoMT can be used in various health-related applications due to its real-time and continuous patient health monitoring. These applications result in the ability to monitor the health of patients suffering from chronic disease and administer the appropriate treatment; for example, patients suffering from diabetes use insulin pumps to automatically inject insulin if the glucose level exceeds its normal value. Another example is the use of the pacemaker by patients suffering from heart disease; this device sends an electric shock to patients' hearts when it detects an abnormality in their heartbeat. Another example is the use of Deep Brain Stimulators (DBSs) for electrical stimulation of the human brain. This medical device treats neurological disorders such as Parkinson's disease. The IoMT can be used for older adults to detect a fall. Athletes can use it to measure their performance. The IoMT can also bring health care to rural areas that suffer from a lack of medical infrastructure. The IoMT also provides a large amount of detailed and accurate medical data, increasing the efficiency of treatment and reducing medical errors. It can also detect diseases at early stages, treat them quickly, and offer more chances to the patient for recovery. With this technological advancement, health care will be transformed from curative to preventive, and this improvement in the quality of care for patients will also benefit stakeholders, including insurance companies and pharmacies. Another advantage of the IoMT is the ability to access patient medical data remotely by nurses and the patient's family, which will avoid patients going to the hospital each time for regular controls and thus save hospital resources, reduce costs and prevent the Covid-19 spread. It also allows patients to receive care while staying in their comfort zone. However, the security and privacy risk is a real barrier to the large-scale adoption of this technology. The use of wireless communication to send data from the sensors to remote servers poses security risks as the data can be intercepted to be read or modified. Thus affecting the availability, integrity, and confidentiality of the data, this can result in the wrong administration of medication, leading to the patient's death. It has been shown in the studies of [5, 6, 7] that the Implantable Cardioverter-Defibrillator (ICD), Deep Brain Implants as well as an insulin pump, can be hacked. In addition, the nature of the data is highly sensitive as it deals with patients' medical data. Any potential disclosure of this data to unauthorized persons may violate the patients' privacy; this was observed in the data breach at Singapore's health service, where 1.5 million patients were affected [3] . A ransomware attack was also conducted by disabling the system in a French hospital [3] . Therefore, the privacy of the patients must be protected. More importantly, the application of traditional security methods is ineffective due to sensors' low computational and storage capacity. In addition, emergencies must be considered when designing a secure system for IoMT by facilitating access to the caregivers for a quick response that can potentially save lives. In addition, some IoMT equipment can be controlled and upgraded by a third-party device, which increases the possible attack surface against the IoMT. However, lightweight solutions are proposed in the literature, but when it comes to the fact that the attack vectors are continually changing, the proposed solutions need to be constantly revised. Additionally, these solutions are ineffective against zero-day and new attacks in most cases. The following advantages motivated our choice to investigate the use of ML for IoMT intrusion detection: I Machine Learning can give intelligence to the system and be more suitable to the security requirements of IoMT. Therefore, these methods can be more effective in emergencies than the traditional access control methods. II IoMT systems and IoT systems generate a large amount of data that can be considered big data due to the velocity, variety, and volume of data produced by such devices. This data is a valuable source for security be-cause it can be used to learn normal behavior and detect abnormal behavior at an early stage and therefore limit the damage of the attack. III Deep Learning (DL) algorithms can extract the relevant attributes to perform the classification automatically, which eliminates the necessary extraction process required in traditional ML methods and therefore offer an end-to-end security model [8] . IV ML methods can detect zero-day attacks as well as new vulnerabilities, which methods based on threat signatures cannot. In light of these different advantages that can offer the use of ML in a security application, we investigated its application for the IoMT by answering the following questions: A What is the generic architecture of an IoMT system, its security requirements, and the security threats that can affect it? B What are the different ML-based solutions proposed at the different layers of the IoMT? C What are the advantages and disadvantages of these different solutions? D What are the datasets used to train and test the ML model at the different layers of IoMT? Figure 1 is a taxonomy showing the various components we will explore in this review paper. We found many review papers that discussed different aspects of security in an IoMT system and included ML as a method to ensure security in these systems. To the best of our knowledge, most of them do not focus on the use of ML as a method to ensure security in IoMT, but just mentioned it briefly. Table 2 presents the different review papers that have discussed security in the IoMT, mentioning our main contribution compared with them. H. Rathore, et al. in [9] discussed challenges, security threats related to the safety and privacy of medical equipment, and solutions, including anomaly detection based on ML. M. Hussain, et al. in [10] reviewed different authentication schemes and classified them according to their type. They give the advantages, disadvantages, and ability to resist different attacks. They also categorized authentication mechanisms based on advanced methodologies, such as game theory and ML. The work of M. Wazid, et al. in [11] has covered a variety of malware attacks against IoMT systems, targeting security criteria, namely confidentiality, integrity, authenticity, and availability of data. In general, the current security approach strategy has emphasized key management, intrusion detection by using different methods such as ML, authentication, and access control. In work conducted by A.I.Newaz, et al. in [12] , they discussed security and privacy in healthcare by presenting a detailed survey of possible attacks and their impact, and they B.Narwal and A.K.Mohapatra in [13] present a systematic survey on security and authentication in Wireless Body Area Networks (WBANs) to cover the main research elements. In particular, an in-depth classification of protection mechanisms in WBANs is provided along with a thorough analysis of security basics, threats to security, the intruder and their attack strategies, and current mitigation that include ML. Among the review papers conducted on security in IoMT, only a few survey papers reported the use of the ML as a method for security purposes have been carried out in the literature, and they describe it briefly and not in a holistic manner. However, we found a study similar to the current study conducted by S.S.Hameed, et al. in [14] discussing security and privacy in IoMT. They presented the different solutions based on ML proposed in the literature to solve the security challenge of IoMT, giving their advantage, disadvantage, approach, tools, and datasets used. However, the authors focused on network and device-level security in their study. They did not discuss the security of electronic medical data when it resides at the medical server level. In our survey paper, we have discussed the various solutions used for anomaly detection based on ML at the medical device level, at transit, and during the resets by identifying the benefit, drawback, and dataset used; this allows us to discuss the ML method used to ensure security and privacy of IoMT globally. The remainder of the paper is organized as follows: section 3 describes the different layers of IoMT architecture. Section 4 gives the different requirements of IoMT security. Section 5 presents diverse threats that can affect IoMT security by providing the different possible attacks that can affect each layer of the IoMT, the different types of attacks, the attack environment, and the adversary's motivation to conduct such attack. Section 6 describes the Intrusion Detection System (IDS). Section 7 gives an overview of the ML technique. Section 8 discusses the state of the art of different approaches that use the IDS based on ML in a different layer of IoMT by providing benefits, drawbacks, and the dataset used in each solution. Section 9 presents the challenge and future direc- tion of using IDS based on ML for each layer of the IoMT system. Section 10 concludes the paper. Many architectures were presented in the literature. Some research proposes to use 3-layer architectures [15, 16] . Other research proposes using an architecture that contains more than three layers [17] . Different technologies are proposed to manage medical data, such as fog/cloud computing [18] , software-defined networking (SDN) [19] or Blockchain [20] . This review paper assumes that a three-layered architecture is suitable for logically divided IoMT architecture. These layers are data acquisition, personal server, and medical server, and they are explained as follow and illustrated in figure 2. The use of sensors devices serves as a bridge between the human body and the digital world. We have four types of devices [16, 17] : • The implemented device: these devices are placed inside the human body, e.g. deep brain implants. • The wearable device: these devices are on the human body e.g. Smartwatch, Pulse Generator (PG), or Electroencephalogram (EEG). • The ambient device: these devices allow capturing data from the environment around the patient, e.g. room temperature sensors. • The stationary device: these sensors are located in the hospital, e.g. imaging devices. These devices are equipped with physiological sensors and low-power computing, connectivity, and storage modules, which are used to gather the biomedical and context signal [21] . The data collected are used to manage the treatment and diagnosis of the medical conditions of patients. These medical devices have other constraints at the internal and communication levels. Internally, the medical implants inside the human body can be rejected by the patient's immune system, resulting in inflammation and pain. The battery of these medical devices is limited and must be changed after a number of years. Traditional security methods such as cryptography can quickly shorten the implant's lifespan, which requires surgery to replace the battery and can be dangerous for the patient. The memory space of the medical equipment being reduced does not allow keeping track of the exchanges made via log files. In terms of communication, medical equipment can only support short-range communications due to their energy limitations [9] . Due to scale, computing capacities, and energy constraints, most wearable devices can only preprocess the sensed data. Alternatively, the embedded low-power computing modules compress the sensed data before sending it to personal devices (i.e., smartphones or desktops) through low and ultra-low power wireless communication like Near Field Communication (NFC) and Bluetooth Low Energy (BLE) [22] . They discussed only attacks and proposed solutions for the first layer of IoMT, while in our review we mentioned security and proposed solutions for the three layers that compose IoMT system 2019 [10] Authentication in the wireless body area network We included in our review architecture, the attacks that can occur on each layer that compose the IoMT, the environment, and the attackers' motivations. Finally, we have discussed different ML-based solutions proposed for the layers composing the IoMT system 2019 [11] Detection and prevention of malware in IoMT We have mentioned the attacks that can occur in each layer that composes IoMT and not only the malware, and we added the types and environment of attacks and the motivations of the attackers. We discussed the IDS-based ML solutions proposed for the three layers that constitute the IoMT system, while for this review, they only covered the security of the communications 2020 [12] Security and privacy in the healthcare system We have reported IDS-based ML solutions for the three layers of the IoMT system 2021 [13] Authentication in the wireless body area network We have listed the different attacks occurring at the three layers that compose the IoMT system. We have discussed the different solutions that use an IDS based on ML and proposed for the three layers of the IoMT system 2021 [14] The role of ML in solving the security and privacy issue in IoMT systems We discussed the different attacks that can impact the three layers of the IoMT, and we also considered the IDS based on ML solutions proposed for layer three of the IoMT system Medical equipment can send physiological data to personal servers, which may be personal devices like smartphones and laptops, or standards devices like gateways [23] . Personal servers are used to process and save patient data remotely until it is sent to centralized medical servers. The medical data received at the personal server are saved and processed; for example, by adding contextual information such as place and time to detect unusual behavior, these data also can be encrypted or compressed. Then the processed data are sent in a medical standard format like Health Level-7 to the remote medical server using long-range wireless like Wireless Fidelity (Wi-Fi) and Global System for Mobile Communications (GSM) or wired communication [10] . This layer is intended to support heterogeneous communication and node mobility and permit the resending of medical data when the network link to the medical servers is interrupted [11, 24] . It consists of a high-performance data center that allows for centralized patient control, complex and long-term behavior analysis, and the correlation of patient data. It also includes a cloud server that makes intelligent decisions. It is used for data aggregation and provides extra storage for the patient's medical data. The doctor, patients, and the pharmacy department (for summary or billing purposes) can access these data. Patients may use an online interface or smartphone to display their past and current health records/bills. Data from various sources is incorporated into EHR or Elec-tronic Medical Records (EMR) or prescription websites. As a result, doctors and patients can access the information whenever they need it. It provides a notification service for when any patient uploads or receives health data [25] . IoMT uses wireless communication and the internet to transmit data collected from the human body to the medical server; therefore, the data in the different layers of the IoMT system, as shown in 2, are exposed to cyberattacks, which can impact the privacy of the patients and put their lives in danger. Security requirements must be met to prevent, detect and respond to these attacks in real time. This section presents the main security requirements of IoMT (illustrated in figure 3 ): This requirement ensures that the information regarding the patient's health condition or treatment and information that identifies them is not accessible by unauthorized third parties during data storage and data communication; this ensures that the patient's privacy is protected from the disclosure of sensitive information to persons with malicious intent who may cause considerable harm to the patient [11, 26] . We can imagine a scenario in which an adversary, who has access to the medical history of a famous person, discloses it in public to impact his/her image. The aim of the data integrity provision for IoMT healthcare systems is to ensure that the data arriving at the intended destination has not in any way been corrupted during wireless transmission. For instance, even a minor change to the medication or test results of the patient may have catastrophic implications for the patient's life. By preserving the integrity of information, we provide a way to ensure that someone other than the person involved (i.e., doctors or nurses) does not change the medical data and, as a result, prohibits the giving of incorrect treatment [23] . Despite the implementation of healthcare, clinical records of patients must be available to the doctor at all times, anywhere, without any interruption. In addition, it is crucial to respond immediately to the emergency so that the doctor can give the patient treatment or precautions. Switching from the attacked node to another node in the network may be an alternative, and this redundancy can be allowed by the network and system design [23, 24] . This layer ensures that the health information is recent and that an attacker cannot replay old medical data. Two kinds of freshness are present; weak and strong freshness. Weak freshness gives the partial ordering of the health freshness message, but no delay information is provided, while strong gives the complete ordering of the medical data and allows the calculation of delay [10, 27] . For illustration, a physician must be aware of the present patient's vital signs, such as his oxygen saturation, in order for the physician to make a correct diagnosis of the patient's health condition and provide the appropriate treatment. Scalability is the ability of the IoMT network to function properly; as the number of devices that compose the IoMT network turn to be larger, insufficient scalability could cause security flaws. Therefore, it is essential to manage overhead computing and storage, especially in an emergency where response time is vital for the patient [28, 29] . Non-repudiation ensures that any entity involved in the healthcare application cannot deny the sending and receiving health-related patient information [13] . There are two kinds of authentication in healthcare systems: data and persons. Data authentication is the process by which the initial data source is confirmed. Person authentication in communications between patients and related servers should be checked through accurate identity authentication. Therefore, before they communicate or exchange any details, all parties need to know each other. Before doing some form of sharing, the healthcare system has to recognize each participant in order to ensure that the user is authorized to receive the stored data or not. It is, therefore, essential to know the privilege level given to the user in order to know the kind of data he/she may access [12, 23] . Authorization is an access control used to specify permission levels for users (patients, physicians, or nurses) to enter the database of medical data. The healthcare organization must approve the patient and define the type of data that a single user can use [13, 26] . The audit is the inspection of changes in the system and access to the patient's medical data via the verification of log files, which are historical records of the hardware and software operating status. The audit allows the detection of abnormal activities and possible breaches. However, the management and exploitation of this type of information are delicate in practice due to the large quantity and heterogeneity of logs generated by the various medical and network equipment. • Backward secrecy: Medical sensors who enter a network after a certain amount of time must not decode messages received before entering them [29] . • Forward secrecy: Medical sensors that have left the network are unable to read messages received after their exit [29] . The integration of wireless communication in the IoMT system and external equipment to control and upgrade sensors makes the IoMT vulnerable to different forms of attacks. Moreover, two types of architecture are proposed in the literature for the IoMT: the single-hope and the multi-hope. For the single-hope, the sensors perform data collection and data transfer only; however, this architecture suffers from the vulnerability of a single point of failure, which occurs when one equipment of the personal server layer fails, the whole IoMT system is compromised. The other type of architecture proposed is the multi-hope, whose sensors, in addition to collecting and transmitting data, also provide data routing, which allows node mobility and maintains low energy consumption during data transfer like Codeblue [30] and MIDiSN [31] . Therefore, relevant vulnerabilities of the wireless sensors network that concern routing may apply to this type of architecture [32] . Besides, attacks can also target devices in the personal server layer to reach patient data indirectly. The lack of data storage security in the personal and medical servers and the insecure transmission of data between these different devices can result in various security issues [33] . It is imperative to keep these different forms of attacks in mind when designing a secure architecture for IoMT. The different threat related to each level of IoMT is summarized in table 3. The most common type of network and systems attack are listed below: During data perception and delivery over a wireless channel and the ability of medical equipment to be remotely configured by external devices led the IoMT sensors vulnerable to different attacks. Here, potential security threats take place in the following manner: An attacker modifies the medical data of patients [34] to manipulate the medical diagnosis and lead to the administration of inappropriate medication, which can be dangerous for the patient. Process that leads to additional battery consumption of a medical device, which leads to battery failure [9] . An attacker can try to modify the software of the medical equipment by introducing a virus that modifies its behavior to conduct malicious actions [35] , such as instructing the pacemaker to send an electrical charge to the patient's heart. This attack interferes with the radio frequencies that the network's nodes use. A jamming source can interrupt the whole network or part of it. It may be deliberately or unintentionally made [32, 34] . In the case where an attacker has physical access to the IoMT nodes, he can gain access to the sensitive information on the node, for example, retrieve the encryption keys and then use them to decrypt the communications in transit. The attacker can even modify the node or replace it with a different node that the attacker controls [24, 36] . When two nodes of IoMT system transmit on the same frequency simultaneously, a collision may occur, which implies a modification of the transmitted data. Therefore, the receiving node of the packet will reject it due to the checksum mismatch [32] . The collision implies that the packet lost is retransmitted; this retransmission consumes energy at the medical equipment level. The intruder could exploit the repeated collision to create resource exhaustion [27, 32] . Collision and exhaustion attack can be used by the intruder to create unfairness in the network, Therefore, when incoming patient data packets enter the application's processing device, they are either missed or produce multiple errors [37] . There is a high risk of threat at the transmission level because wireless communication allows an attacker to intercept, modify, or block the messages sent and exchange valuable information related to the patient's condition. Some risks include: Due to the communication over wireless networks, all traffic is vulnerable to detection and eavesdropping by attackers. These threats may result in the loss of personal information such as physiological data and may obtain information about the medical device, such as the type of medical equipment associated with the patient. They can also contribute to other kinds of attacks. There are two types of eavesdropping: • Passive eavesdropping: By listening to the network's message transmission, a hacker will intercept the content. • Active eavesdropping: By pretending to be a friendly entity and sending requests to emitters, a hacker actively obtains information [38, 39] . This attack happens when an intruder gets in between a patient and a server's communications and sniffs the data. He can capture all messages received between the two parties and insert new ones [39] . This attack keeps the radio frequency channel for wireless communication occupied for a brief period; this causes patients' personal devices to be interrupted to block data transfer, resulting in vulnerabilities of network availability [24, 40] . In this threat, the attacker will try to disrupt the signaling operation that takes place before the establishment of a communication between two entities and involves key management, authentication, link creation, and registration by sending an additional signal, which will put a heavy load on the base station and thus interrupt its service. As a result, health data cannot be forwarded to their destination [41] . By capturing patient wireless channels, the attacker can extract health data from patients, which can then be partially or fully altered before being delivered back to the initial recipient [42, 43] . An attacker can capture a patient's health data when it is transmitted between two connected healthcare devices over a local area network [40] . In this attack, a duplicate of a patient's data packet from one location is replayed at a different location with no modifications to the data. This attack usually requires two rogue nodes relaying packets over an out-of-bound channel that is only accessible by the attacker [32, 41] . In this attack, the intruder tries to interrupt, shut down, or stop a service from a system, machine, or network. A distributed DoS (DDoS) attack, on the other hand, is a kind of DoS attack that originates from several distributed sources [33, 39] . The attacker must persuade all nodes to choose him/her as the patient's medical data routing node. A malicious node accomplishes this by sending a HELLO packet over a strong radio transmission to the network. When a node receives a message like this, it will presume that the source is within normal radio range. Such an assumption could be wrong, since the machine of the intruder with high transmission capability could mislead the target into assuming that it is his neighbor [41, 44, 45] . The sinkhole attack occurs when a malicious node attempts to attract all data packets in IoMT system by pretending that it is the most appropriate routing algorithm. This attack is performed to prevent data packets from reaching their destination [44, 46] . In a replay attack, an attacker listens in on communications received between valid entities in IoMT system, intercepts them, and then sends them again to an initial recipient to alter the overall result [13, 47] . A scan is performed in the continuous data traffic to find the key manager or the cluster head that can stop the whole network of IoMT system [48] . This attack occurs when an attacker sends many connection requests to a target node in the IoMT network. As a result, the server exhausts its capabilities and cannot establish any other connections, even legitimate ones [36, 49] . The intruder repeatedly resends an incomplete message to one or both node that participates in communication within IoMT system, which requests the retransmission of the missing data. As consequences, valuable information is prevented from being exchanged between the endpoint [50] . The attacker manipulates the routing information to compromise the network of IoMT system [51] . In this attack, the attacker will target a node in the IoMT network to compromise it and make it malicious, transmit some messages and block the rest. The number of messages lost will be more important if the compromised node is closer to the base station; therefore, many vital data will be wasted [24, 52] . A Sybil attack occurs when a given node in the IoMT network claims several identities to act (modify) geographical routing protocols [53] . In this form of attack, the intruder produces a significant volume of traffic to the base station [50] . In this threat, the intruder caused the network capacity dilapidation and node resource exhaustion by overwhelming the network node with sensor stimuli, causing the network to send a large amount of traffic to the base station [27] . TinyOS' Deluge network-programming framework, for example, enables nodes in deployed networks to be remotely reprogrammed. The majority of these systems, like Deluge, are meant for use in a protected environment. A hacker will hijack the reprogramming mechanism and take possession of a vast network area if it is not secure [27] . All information related to the patient's health condition, treatment, and identity is stored at this level, which constitutes a valuable target for adversaries to access these data. Some of the possible attacks that can occur are: Intruders try to recover medical records such as information about patient health, maladies, and medications by combining Information that the attacker is authorized to access with other pertinent information [41] . If the patient data is not protected, the attacker will attempt to access health data to conduct malicious action such as damage it or retrieve it; therefore, it is important to secure the data against unauthorized access [54] . Malware (short for "malicious software") is a code or program usually spread over the network. It extracts, infects, or executes other malicious operations directed by the attacker. The types of malware include viruses, spyware, Keylogger, worm, rootkit, ransomware, and Trojan horses [11] . Phishing, spear-phishing, baiting, and quid quo pro are examples of techniques to gain sensitive information from victims. These techniques are used to dupe the user into supplying the attacker with sensitive patient information that the user assumes to be supplied to someone or something else [40, 55] . Most medical devices are equipped with a location component that allows the caregivers to have a quick response in an emergency. If this type of information is not well protected, adversaries can access it and directly invade a person's privacy [42, 56, 57 ]. Some medical devices are equipped with an alert system that notifies the medical staff of an abnormality concerning the patient's health or a device's malfunction, such as a necessary battery change. However, this feature can be abused by an attacker to create false alarms; therefore, wrong treatment can be prescribed, unnecessary visits to the hospital can be made by the patient, genuine alerts can be ignored, and the patient can even disable this notification functionality which has the effect of missing important notifications [33] . This type of attack consists of blocking access to medical data by an attacker and then asking for a ransom to unlock this data. It can also involve stealing influential people's personal medical history, such as a politician or star, and then threatening to disclose it publicly if the person concerned does not pay the amount of money requested [58] . Attack strategies are continually changing, but they can be divided into passive and active attacks. In a passive attack, the adversaries will only listen to the traffic and thus will have the possibility to read messages exchanged between the wearable device and the remote system. By simply accessing the content of the messages, a passive attacker will directly affect the confidentiality of communication. He will have access to sensitive information such as the model, the serial number of the medical device, and capture telemetry data. He can also capture the patient's private data such as health record, name, age, and conditions. In all these cases, the result is a severe violation of the patient's privacy [33] . The attacker will intercept network messages and give instructions to the wearable device, alter messages transmitted before they reach the remote system, or prevent them from reaching their intended destination. A successful intruder has a wide range of objectives. He might, for example, indiscriminately request information from the medical device to deplete its energy. He may even try to change the device's settings, bypass treatments, or even put the patient in a state of shock [33] . Threats to the system can be classified according to the adversary's position, i.e., internal attack and external attack. Internal attackers require that the attacker is close to the vulnerable device or nearby and has some right to enter the network infrastructure. It may be a legitimate user, like a nurse who accesses a celebrity patient's medical data without justification. The attacker near the medical equipment can then cause physical damage or collect some information and use it to launch remote attacks later [13, 59] . In this case, the attacker does not need to be close to the medical device and does not have administrative access to the system. Instead, he will try to exploit bugs or vulnerabilities of the system remotely [13, 59] . This section discusses various attackers' motivations for targeting IoMT systems [60] . Medical equipment could be compromised and used to harm someone. Malicious organizations can threaten patients, whether politically or criminally motivated, or in some cases by terrorist groups. These attacks can be effective tools for various criminal practices, such as extortion or coercion. It has been reported that the vice president of America, Dick Cheney, during his mandate, had the wireless communication functionality of his pacemaker deactivated to prevent hacking [61] . Economic and financial profit are important motivators for attackers or rivals of Implementable Medical Device (IMD) vendors to conduct such threats. The ability of an attacker to access to medical data may be used to sell it or blackmail the patient. Medical equipment collects vital information about a patient's body based on various criteria. This information may be necessary for the patient's diagnosis, care, and operational or surgical procedures. Medical data divulge information about the patient's behaviors. Analysis of the data obtained from a pacemaker, for example, will reveal the patient's physical activity history. Such data can be used to distinguish general and unique patterns in the well-being of individuals/groups if collected in a large enough sample across different device types and marks. This type of information can lead to unauthorized and unethical use of sensitive data. Messages from the Medical equipment are sent wirelessly to the system controller. These exchanges typically provide health data and position information about the patients. Attackers can intercept these communications to track or locate a patient. An intrusion is an attempt to compromise the availability, integrity, confidentiality or to defeat the security mechanisms of an end device or network. The IoMT represents an information system that handles sensitive and private data related to the health data of patients, which constitutes a valuable target for an attacker to perform an intrusion. This intrusion can be performed by a remote attacker using the Internet or by a legitimate internal user who abuses his privileges, such as members of the medical team who are motivated by curiosity to access private data or an error in the handling of medical data, which could have severe repercussions on the patient's life. An IDS is a hardware or software product that automates surveillance and analysis of events that occur in an end device like implantable medical device or network to detect signs of intrusion. An IDS consists of 3 parts: information source, analysis, and response. An IDS can use several information sources to perform a pre-configured analysis on them. When an attack is detected, the IDS generates a response that can be passive or active. A passive response implies issuing a notification. An active response does an action such as interrupting communication. The purpose of an IDS is not to know who conducted the attack but to interrupt it as the attacker's identity can be hidden, which can make identification difficult. An IDS differs from other security mechanisms such as a firewall or an antivirus by monitoring traffic and deciding based on observed events. However, each security mechanism has its advantages and disadvantages, and combining them can provide in-depth security that can protect an information system against a variety of security threats. We have several types of IDS categorized according to their monitoring approach, the source of information, the type of analysis performed, and the response time. We have the network-based IDS for the monitoring approach and the host-based IDS. The network-based IDS monitors the network packet by listing on network segments. The host-based IDS monitors the events in the end device such as operating system, audit trails, and system logs, and it can also be medical data. We also have application-based IDS, a subdomain of the host-based IDS, which monitors the application transaction log file generated by the applications to carry out the attack detection. There are two types of analysis methods used by the IDS: misuse detection and anomaly detection. The misuse detection contains a set of predefined patterns that allows identifying an attack in case of a match with the analyzed event; this method has the advantage of being accurate. However, it does not allow the detection of new and zero-day attacks. In addition, the patterns of new attack signatures must be added continuously to predefined patterns to detect them. An anomaly detection system studies the normal behaviour of the system by constructing the profile of normal operation using historical data. Any deviation from this normal behaviour is classified as suspicious; this method has the advantage of detecting new vulnerabilities and zero-day attacks; however, it can return many false positives and require a large training set to construct the normal profile. The response time of IDS can be real-time or intervalbased. There are several possible architectures for IDS, which are centralized, fully distributed, and partially distributed. In a centralized architecture, monitoring, detection, and reporting are performed in a central node. In a fully distributed architecture, the response to an intrusion is carried out in the part of the network where monitoring is conducted. In a partially distributed architecture, the reporting is executed hierarchically. This review paper will focus on the IDS, which uses anomaly detection based on ML, since the network that composes the IoMT is heterogeneous and diverse. ML is a subfield of AI that gives a machine the ability to learn from data without explicitly programming it [63] . ML has proven to be efficient for problems that require a long list of rules and complex problems where traditional approaches are inefficient. Also, the ML shows a great capacity of adaptation for new data, especially in a changing and evolving environment such the IoT system. He has also shown a great ability to obtain insights from large volumes of data, especially in big data [64] . These ML capacities can be used to enforce security in the IoMT or at least improve it. It has been found in some studies that the use of AI in IDS has been effective in detecting zero-day attacks as well as new vulnerabilities, while IDS that rely on rules and signatures can only detect known attacks. ML can also be used to learn the behavior of a person or an object by using the data generated to create a so-called normal profile, so any behavior that deviates from the normal profile will be considered abnormal and consequently will be detected, this is what is done in the field of anomaly detection. Three types of ML can be used to solve security problems in the IoMT: supervised learning, unsupervised learning, and semi-supervised learning. For supervised learning, the training data are labeled. The relationship between inputs and their appropriate output is captured. For this, we need to train a model with labeled inputs, which are used to predict or classify new data [65] . We have two types of supervised algorithms, which are regression and classification. The regression predicts continuous variables and predicts the next value based on the previous ones. On the other hand, classification is used to predict discrete variables and separates the data into different categories. Examples of the techniques that can be used for regression and classification are Support Vector Machine (SVM), Decision Tree (DT), Random Forest (RF), Naive Bayes (NB), and artificial neural network (ANN). The training data for unsupervised learning are unlabeled, since labeling the data is performed manually through human intervention. Labeling the data is not always easy. This method divides the data into distinct clusters by examining how similar they are. K-means, k-Nearest Neighbor (KNN), and Self-Organizing Map (SOM) are examples of these techniques, to name a few [64] . Unlabeled data are easy to obtain. However, there are very few ways to use them. Semi-supervised learning has provided a solution by combining labeled data with unlabeled data to build a model that can classify with better accuracy. Because it requires less manual intervention and provides greater accuracy, semi-supervised learning has a special place in theory and practice [66] . DL is a subdomain of ML, and it is inspired by the functioning of the human brain to process the signal. DL enables computational models with several layers of processing to learn data representation with several levels of abstraction [67] . DL differs from the classical ML in its ability to capture the relevant feature that was previously done manually and required human intervention. Another advantage of DL compared to traditional ML is its performance on a large dataset. Therefore, this method is perfectly adapted to IoT systems and their applications, such as IoMT, which generate a huge volume of medical data. We have three types of DL, which are supervised example Convolutional Neural Network (CNN), unsupervised example the Deep Autoencoder, and we finally have the combination of these two types, which is the hybrid DL, example ensemble of learning networks. Health data is sensitive and can attract the attention of attackers for various reasons mentioned in section 5.6. It is important to protect medical data from any threat by adopting a solution that ensures the security of this data during collection, transfer, storage, and processing. It is also necessary to protect patients' privacy from unauthorized access to avoid the disclosure of sensitive information to malicious entities. In addition, security solutions must consider the computational, storage, and energy limitations of medical devices and the heterogeneity, dynamics, and quantity of medical data generated within the IoMT system. In light of these constraints, ML has the potential to provide a solution for intrusion detection. This section will review the papers that have proposed a security solution based on ML for the different IoMT layers, specifying their objectives, the method employed, the dataset used, and the results obtained. Tables 4, 5 and 6 summarize the different papers we have explored in this review, mentioning their advantages and disadvantages. Sensors associated with patients allow constant monitoring of their health status and automatic medication for people suffering from chronic diseases. This technology, despite its advantages, must be protected against security threats due to the wireless transmission of medical data to a personal server and the possibility of configuring the medical equipment via a programmer device, which increases the surface of the attack. These security threats can be either intentionally caused by hackers or unintentionally caused by the environment due to interference. Patients need to have a security solution that allows the detection of such threats, differentiates them from emergency cases, and avoids lethal medication administration. Among the different medical devices that researchers have investigated to provide a security solution, there are cardiac implants that provide electrical impulses to stimulate the cardiac muscles in case of abnormalities in the heart rhythm. A well-placed attacker can cause an electrical impulse that can be fatal for the patient. To avoid this kind of situation, the researchers (Kintzlinger et al., 2020) in [7] have proposed a system that detects and prevents cyberattacks against ICD. It is implemented at the level of programmer device. The Cardiwell is a decision aid for doctors that in case of detection of anomaly generates an alert with the necessary details that will allow the doctors to decide then if he passes the programmer commands or not. The Cardiwell is a multi-layer Security scheme, it consists of six layers of security, the first five layers use rules and statistics, while the sixth layer uses the method of one class SVM which is based on ML. To validate their solution, tests were performed on a dataset collected from volunteer patients from different hospitals and clinics over four years. This dataset consists only of benign programmer commands sent from a programmer device to an ICD and which represent a total of 775 samples, while experts generate malicious programmer commands and represent a total of 28 samples. After performing the different tests, the best results obtained are True Positive Rate (TPR) = 0.914, False Positive Rate (FPR) = 0.101, and Area Under the Curve (AUC) = 0.947. However, layers three to six are inefficient and do not participate in improving the results, which according to the authors is due to the poor datasets that need to be enriched. In another work made by (Khan et al., 2017) in [68] , they propose a centralized solution for detecting abnormalities in Electrocardiogram (ECG) data due to either disease or attack. For this purpose, the authors used a simplified Markov model-based detection mechanism due to the changing nature of ECG data over time. The attributes are extracted from the ECG data, and then the discrete wavelet transform is used to reduce the dimension of the dataset; then, these data are divided into sequences. The probability of each sequence is calculated. Finally, the system determines if a change has occurred based on this probability. If an abnormality is detected, an abnormal tag is associated with the data and sent to the server located in the hospital. Then the nursing staff decides whether the received data is normal or not. To test and evaluate their system, the authors used a dataset obtained from MIT-PHYSIOBANK [69] and added 5% and 10% of attacks composed of forgery, unauthorized insertion, and ECG data modification. After performing the different tests, the authors obtained a high detection rate, reduced training time, and a high TPR. Other researchers have studied the security of the insulin pump system. This system allows the administration of insulin according to the amount of glucose present in the patient's blood. However, if the device is hacked, an intruder can cause a lethal administration of insulin. In this perspective, the researcher (Hei et al., 2014) in [35] address the security gap between the Carelink and the insulin pump, two components of the insulin pump system where the attacker can carry out two types of attacks, which are the bolus dose where the attacker delivers a large amount of insulin in a short period. The second possible attack is the basal dose, where the attacker delivers an insignificant amount of insulin in the long period, which can threaten the patient's life. To address this issue, the authors propose to use a supervised machine-learning algorithm using SVM with a regression method to learn the normal insulin dosage of each patient at different moments of the day. The authors collected insulin pump log files from four patients over six months to generate and test their model. Each log entry is composed of infusion rate, dosage, blood glucose level, patient ID, and time of day for each infusion. After performing different tests, the authors obtained better results with the non-linear SVM than the linear SVM by getting a score of 98% of success rate in detecting a single overdose attack and a high success rate in chronic overdose attack detection. The authors propose deploying the insulin pump model with an update every 90 days. In the case of anomaly detection, an alert message will be generated, and the insulin dosage will not be administered. The authors have also defined a value of insulin that, in case it is exceeded, indicates that the patient is in an emergency and, therefore, the system will be deactivated. In another study made by in [70] , The authors propose to secure the insulin pump against attacks that aim to alter the functioning of its system to deliver a lethal dosage of insulin to the patient. To address this issue, the authors propose using Long short-term memory (LSTM), a DL algorithm, to define a threshold value for the insulin dosage delivered to the patient. If the insulin dosage value exceeds the threshold value, the system generates a call to the patient to perform a gesture by raising the thumb or spanking it down, which will be captured by a gesture sensor. The authors propose to use a gesture sensor because they assume that the patient can feel and judge the significant change or not of insulin in their body through symptoms like nervousness, trembling, and weakness. So, depending on these symptoms and the dose of insulin administered, the patient can accept the insulin dose by raising the thumb or refusing it by lowering the thumb. To test their solution, the authors used a dataset containing log files generated by the insulin pumps system over the last three months to train and test the LSTM and determine a threshold value. Other researchers made by in [6] propose to detect fake glucose measurements in the whole Framework that uses the insulin pump, which is composed of a Continuous Glucose Monitoring System, a sensor and Transmitter, an insulin Pump, Remote Control and One Touch Meter. For this purpose, the authors used the Multi-Layer Perceptron (MLP), a DL algorithm, to classify glucose measurements in Blood as genuine or fake. The authors used Pima Indians Diabetes dataset [71] . After performing the different tests, the authors obtained 93.98% of accuracy. The authors also studied the reliability of their system using naive Bayes, and they obtained the result of 90% success rate because the whole insulin pump framework is secured against erroneous blood glucose measurements due to the deployment of their model on a chip using Field Programmable Gate Arrays that can be integrated on any equipment deployed on the insulin pump framework. In a pioneer work carried out by (Rathore et al., 2019) in [5] , the authors propose a solution based on ML to secure the Deep Brain Implants DBS. A DBS is composed of three entities: the quadripolar electrode implemented inside the human brain, an Implementable Pulse Generation (IPG) and a controller that allows switching on or off the medical equipment. However, some IPG are customized to allow changing the voltage. The function of the DBS is to regulate the Rest Tremor Velocity (RTV) by maintaining its value at zero, and this through electrical charges because if the RTV moves away from zero, it will cause a disorder in the movements, which is the cause of chronic disease like Parkinson. An attacker who has access to the DBS can try to modify the value of the RTV, which will impact the patient's live dangerously. In this paper, the RTV value is modified to simulate different attacks. To prevent the attacks modifying the RTV, the authors used the LSTM, a DL algorithm, to predict the value of RTV at the moment T, and therefore any deviation will be detected and classified according to the different simulated attacks. To create a model and test it, the authors used a dataset obtained from Physionet [72] , containing 173,398 samples with ten features. However, the authors focused on one attribute, which is the RTV that the authors consider as the most important one and that an adversary can exploit it by modifying it to harm the patient. After carrying out the different tests, they were able to classify the different attack strategies with a minimal loss value and training time. The solutions explored so far have been focused on securing a single medical device. Here we move on to more general solutions that include multiple medical devices. In this regard, (Hei et al., 2010) in [73] suggested adding a security layer for IMD in addition to the authentication required for each access request to the implant. This solution prevents authentication requests from illegitimate programmers or readers and saves energy and counter the attacks that drain the IMD energy resources. If the IMD's battery power is depleted, surgery is required to replace the battery, which can be life-threatening. The additional security layer will implement a ML-based cell phone model using SVM that will classify authentication requests from readers. Depending on the response of the cell-phone three situations are considered: 1) in case the request is classified as benign, then the IMD can perform the authentication with readers, 2) in case the request is classified as malicious, then the IMD will put itself on standby to not waste more energy. 3) If the model fails to classify the request, the decision will be left to the patient, who can authorize or deny the authentication request. For the emergency, the author proposes to define a value to the cardiac implants that, in case it is reached, will indicate that the patient is in a critical situation. In case of emergency, the author proposes two solutions, either to disable the classification or to use a backdoor accessible via a key shared between the IMD and the authorized persons to guarantee access to the implant. The dataset used to create the model consists of 3000 entries, of which 2500 are used to train the model and 500 to test it. The dataset is composed of five attributes, which are the reader action type which determines the type of action that the reader wants to perform on the IMD, a time interval of some reader's action, location (home, hospital, pharmacy), time, and day (weekend, weekday). After performing the different tests, they obtained an average accuracy of 90% for the linear SVM and 97% for the non-linear SVM. Other researcher (Newaz et al., 2019) in [74] presents a secure framework to detect malicious activities in the Smart Healthcare System (SHS). The proposed framework uses different ML: ANN, DT, RF, and KNN to detect malicious activity in the SHS. The data used to evaluate their framework are collected from eight different databases. The dataset obtained contain 20,000 samples, of which 17,000 samples represent data from healthy people as well as people suffering from diseases, and 3,000 samples represent attacks that simulate three different threats, which are compromised medical devices, denial of service and false data injection. After performing the tests, they obtained 91% accuracy and 90% f1-score. In another work carried out by (Salem et al., 2021) in [75] , they propose a centralized Markov chain-based solution for the detection of anomalies from the data collected by biosensors in WBAN composed of sensors and a Local Processing Unit (LPU). In the proposed system, only the measurements captured at the sensors that deviate from the expected values are communicated to the LPU, which reduces the energy consumption due to the transmission of routing data. The proposed method is based on a Markov Model (MM) constructed based on the Root Mean Square Error (RMSE) between the forecasted and measured value for complete attributes. The method is intended to work with LPU to detect any abnormal deviations in the gathered data and reject any erroneous or added measurements discovered. After detecting physiology-related changes and removing erroneous or inserted measures, the system alerts the healthcare staff. In order to test and evaluate their system, the authors used a public dataset containing real data obtained from Physionet [76] . After performing the different tests, the authors obtained 100% of TPR while maintaining a low False Alarm Rate (FAR) of 5.2%. They also compared their approach with other existing methods that use the Markov chain for ECG anomaly detection and other supervised ML algorithms: SVM, KNN, J48, and distance-based method. The system proposed in this paper exceeds the MM-based ECG abnormality detection system by a small margin and outperforms the ML methods in terms of accuracy. After reviewing the different solutions of security based on ML for data collection level, we notice that the majority of these researches are focused on the security of cardiac implants [7, 68] and insulin pump injection system [6, 35, 70] . There is just one study that is based on the security of deep brain implants [5] . However, other medical implants use wireless communication and are not yet investigated, such as the Gastricelectrical stimulator; this medical stimulates the smooth muscles of the lower stomach equipment to helps control chronic nausea and vomiting associated with Gastroparesis. This equipment uses wireless communication that suffers from a lack of encryption, authentication and validation mechanisms, and Hardware/Software error [77] . this makes it vulnerable to different types of attack including eavesdropping, Information Disclosure, Tampering, Jamming, and Resource depletion [9] . This represents a good research perspective and must be considered when the researcher designs an IDS for multiple medical devices. The transmission of medical data between the different devices composing the IoMT and the server enables the remote healthcare system to continuously monitor and treat patients in real-time. However, the sensitive nature of the data exchanged represents a high interest for cyber-attackers, who, in case of a successful attack, can cause severe repercussions for the patient, ranging from violation of privacy to death. In addition, the heterogeneous nature of the devices used increases the surface of attack, which requires the design of a secure architecture for the IoMT. In this context, (Gao and Thamilarasu, 2017) in [78] propose a solution to detect attacks that target connected medical devices based on the ML methods. Learning the normal behaviour of the connected medical device allows the detection of any deviation from this behaviour and generates a warning notification that is sent to the patient. The ML model is deployed in an external device that will monitor the network and perform an analysis to detect an anomaly. To test their solution, the authors used three datasets of different sizes generated by a Castilia simulator [79] to test and evaluate the performance of the DT compared to SVM and kmeans. After performing the different tests, they found that the DT has higher accuracy, generates fewer false positives and is faster in training and prediction. In work performed by (Al-Shaher and al., 2017) in [80] , they propose to protect the private healthcare system from known viruses, worms, spyware, and denial-of-service attacks by designing and implementing an Intelligent Healthcare Security System (IHSS). The IHSS integrates the firewall, network intrusion detection subsystem, and web filter. The IHSS is intended to enhance the capabilities of these network protection systems using artificial intelligence approaches. The authors use MLP activated by wavelet transform to classify network traffic. The intrusion detection subsystem uses wavelet neural network (WANN) to determine which type of attacks are occurring by solving the multiclass problem. In web filters, they use WANN to detect malware. They obtain 93% accuracy with two hidden layers and 90% accuracy with one hidden layer after evaluating their method. Furthermore, in a study reported by (Begli and al., 2019) in [81] , the authors propose a framework to secure a remote healthcare system. Considering the distributed nature of the remote healthcare system, the authors have used multiple agents. These agents are categorized according to their energy consumption and information sensitivity in terms of security benefits. As a result of this categorization, they obtained three classes (sensors, smartphone, and database), each with distinct detection methods. The first class, which is made up of sensors, uses anomaly detection based on ML using non-linear SVM since sensors are restricted in terms of energy and anomaly detection does not consume much energy. In addition, the data is limited in this class, and therefore it is rarely attacked alone. For the second class of agents, composed of equipment with more energy autonomy than the sensors, for example, smartphones, the authors used the misuse IDS since this system consumes more energy than the anomaly detection system. For the last class, which uses databases, the information collected is stored here, including the alert that the nurses and physicians generated. This class represents an important part of the Framework, and its security requirements are higher than those of the other classes. To meet this need, the authors used a hybrid system to detect attacks composed of anomaly detection and misuse detection systems because these two methods complement each other, which increases the efficiency of detection at this level. The tests were performed using the NSL-KDD dataset [82] to extract two types of attacks: the DOS and the user-to-root and added other types of attacks to finally obtain a dataset consisting of 10 types of attacks. The evaluation of their Framework is based on the calculation of the execution time, energy consumption, accuracy, and the number of false positives. After performing the various tests, the authors concluded that their Framework is efficient. Other research groups (He et al., 2019) in [83] propose an IDS based on a stacked Autoencoder for anomaly detection in the Connected Healthcare System. The proposed method consists of data processing by mapping discretization and normalization operations. Then this data is fed to the stacked Autoencoder to extract the relevant feature; after that, the extracted feature is fed to the ML models to perform detection and decide whether the data tested represent an attack or not. To evaluate and test their solution, the authors used a real dataset collected from patients and simulated attacks including DoS, counterfeit attack, temper attack, and replay attack and compared the performance of different ML models: SVM, NB, KNN, and XGBoost. The following metrics: ac- Detection of an abnormal dosage of insulin in insulin pumps -Real time -High success rate in detecting single and chronic overdose attacks -The data are real, since they have been collected through patients with diabetes -Need software modification of insulin pumps -Overhead is not calculated well. Possibly saturate the memory of the insulin pumps since they need to collect three months of logs -This solution ensures the safety of a part of the insulin pump system and not the whole system -The model must be adapted for each patient, and a collection of 6 months of log files is necessary to create it, which means the patient is exposed to attacks during this period. what if the patient becomes very sick and can't perform gestures -The gesture sensor is also equipped with a wireless transmission module, which makes it vulnerable and must be secure -Their solution also requires a modification of the protocol adopted by the insulin pump -Their solution will start after three months of log file collection, which makes the system vulnerable during this period -The authors do not present details of their model, neither the results obtained, neither the analysis of their solutions (Rathore, et al., 2017) [6] MLP, a DL approach Detection of fake glucose measurements and/or command on wireless insulin pump -High accuracy -High reliability -Real time -Implemented on the chip, so it can be deployed on any device of the system using insulin pumps. These are the reason why the solution is reliable -Better recall compared with linear-SVM -The authors propose to implement their solution on a chip that can be integrated in the IMD, which requires a modification of the device at the hardware and software level -They do not specify what is the margin to follow or what is the action to take when a false measurement of glucose is detected -High space and time complexity compared with SVM -Non comparison is made with the non-linear SVM -Dataset obtained from the public repository "UCI machine learning repository" [71] [76] curacy, FPR, and FNR, measured the system's performance. After performing the different tests, the authors found that the XGBoost obtained the best result with 97.83% accuracy, 2.35% FPR, and 1.65% FNR. Researchers (Newaz et al., 2020) in [84] present HEKA an IDS for personal medical device (PMD) based on ML. The traffic generated between the PMD and the smartphone is analyzed with a sniffer to detect possible attacks using ML. The n-gram is used to extract features sent to the IDS composed of four ML (KNN, DT, RF, SVM). The HEKA is tested against four types of attacks, including a Man-In-The-Middle (MITM), false data injection, Replay, and DoS individually, then combining MITM and False data injection finally MITM and Replay. This uses eight devices composed of 4 types of PMDs (iHealth Air Wireless Pulse Oximeter, blood pressure monitor, QuardioArm blood pressure mon-itor, and wireless weight scale). The final dataset is composed of 731 benign instances and 308 malicious instances. After the realization of the different tests, they obtained a score of 98.4% of accuracy and 98% of F1-score. In another work made by (Odesile and Thamilarasu, 2017) in [85] , they propose to use mobile agents to perform penetration tests to secure the medical equipment network. The proposed system is hierarchical, autonomous, and distributed. The intrusion detection is performed at the medical equipment level by applying a regression algorithm and at the network level by using ML. Mobile agents follow well-defined paths from one node to another or within a cluster. The mobile agent collects network activities or device data depending on its role, which is a network or device intrusion detection agent, then it performs an intrusion test at the end of which three classifications are possible: voluntary, ma-licious, or suspicious. If the IDS classify the samples as voluntary, the mobile agent migrates to another node. If the IDS classifies the samples as malicious, it generates an alarm and sends it with data collected to the cluster head. If the IDS classify the samples as suspicious, a request for intervention is sent to the cluster head. Once the cluster head receives an intervention request, a special agent is instantiated and launched to collect data from the network or medical equipment of the whole cluster. Then this data is sent to the cluster head. After the cluster head receives the data, it performs an intrusion test to determine whether it is benign or malicious. A security mechanism is also incorporated to detect intrusion at the cluster head level, using the cluster head agent that traverses the cluster head network and performs anomaly detection. The authors used a simulator called OMNeT Castalia 3.2 simulator [79] . They tested five ML algorithms, which are SVM, DT, NB, KNN, and RF, for the detection of an anomaly at the network level, the DT produced better results than the other algorithms, based on the following metrics: accuracy, Cost Ratio, Feedback Reliability, training time, Total Rank Score and Energy Overhead. For polynomial regression used to detect anomalies in the device, they choose a cubic model representing the best trade-off between overfitting, accuracy, and computational resource. Finally, they tested their IDS in a simulated hospital network topology and obtained high accuracy, low overhead, and a scalable system. In another study made by (RM et al., 2020) in [86] , they propose to use IDS based on DL by employing the deep neural network (DNN) to predict and classify cyberattacks in the IoMT utilizing a unique IP address. The proposed methodology helps to reduce the number of features and instances used in the classification process. First, the categorical data is transformed into numerical data using one-hot encoding, and then the transformed data is normalized to take a value between 1 and 0. Then the normalized data is reduced using principal component analysis (PCA) at the first level and Grey Wolf Optimization (GWO) at the second level, which allows extracting only the features with high impact. The reduced dataset is then classified with a DL algorithm using the DNN. In order to test their solution, the authors used a dataset obtained from Kaggle with data collected from the wireless sensors network, then they applied on this dataset their methodology and compared the result with other ML algorithms (KNN, NB, RF, and SVM) using the following metrics which are accuracy, specification, and sensitivity. After performing the different tests, they found that their methodology increases the accuracy of the IDS by 15% and reduces the learning time by 32%, which allows generating alerts quickly in case of detection of intrusion in healthcare systems. A study was performed by in [18] where they present an IDS based on ensemble learning using fog-cloud architecture to detect cyber-attack in IoMT networks. The proposed system consists of preprocessing of Traffic data by transforming the categorical values into numerical values, replacing the missing value by the mean of the values of that particular features, then selecting the features that will participate in the intrusion detection by applying the correlation coefficient method, then normalize the numerical values by using the min-max technique so that it is represented in a specific range of value. Once the data have been preprocessed, they use a learning set consisting of NB, DT, and RF that produces three predictions output, then these outputs are fed to XGBoot to produce the final output using the majority voting. In the case of intrusion detection, the administrator is alerted. The deployment of this Framework is based on a fog-cloud architecture using Software as a Service at fog level and Infrastructure as a Service at cloud level. To evaluate their Framework, the authors used the Ton-IoT dataset [87] representing data collected from heterogeneous and large-scale IoT networks. They used the following metrics: accuracy, detection rate, precession, FAR and F1-score. After performing the different tests, the authors obtained a 99.98% detection rate, 96.35% accuracy, and a reduction of up to 5.59% of false alarm rate, surpassing some studies that use IDS. In another work carried out by (Lee et al., 2021) in [88] , they propose an IDS using ML and multi-class classification for the healthcare IoT within the smart city. The authors used CNN as an ML method to classify the network events generated by different medical devices into four classes, namely (critical, informal, major, and minor). Before the data is fed to the model, the data is preprocessed by transforming the categorical data into numerical data, then normalizing the data to take values within the same range.To evaluate their model, the authors generated a dataset by collecting data from six medical devices and then used it to compare their model results with other ML models in terms of AUC, F1score, Precision and Recall. After performing the different tests, the authors found that their CNN model produces the best result than other ML methods. In a recent work performed by (Salemi et al., 2021) in [89] , the authors predict rather than detect DDoS attacks in the healthcare system. For this purpose, the authors proved that a DDoS attack in the traffic makes the time series data chaotic, which allows applying the method of Lyapunov Expansions Analysis and the Echo State Network to predict DDoS attacks. To do this, the author represents the network traffic as time-series data, and then a simple exponential smoothing method is used to predict the future network traffic. After that, the time series of prediction error is calculated by subtracting the predicted and actual time series, and this is used as the basis for DDoS attack analysis. Then the recurrent neural echo state network method is used to predict the time series, and finally, the LEA-MA method proposed by the author is used to detect the DDoS attack. To test their method, the authors applied it to the DARPA 98 dataset [90] , and they evaluated it using the following metrics: precision, recall, and F1-score. After performing the different tests, the authors found that their methods can effectively predict DDoS attacks. The datasets used to evaluate the ML models in the different solutions we have seen use network data only. Re-search performed by (Hady et al., 2020) in [91] , proposes an IDS for healthcare that uses medical and network data. For this purpose, the authors developed an architecture that allows the creation of a dataset containing medical and network data and simulated MITM attacks to perform two types of attacks: spoofing and data alteration. The generated dataset [92] is used to test and evaluate different ML methods: SVM, KNN, RF, and ANN, with the following metrics accuracy, AUC, and time of execution for training and testing. After performing the different tests, the authors found that their system, which combines medical and network data increased the effectiveness of ML methods by 7 to 25% for the detection of threats in health monitoring systems in real-time. We have seen several solutions that allow improving the security of the IoMT network by proposing IDS; however, none of these solutions proposed a measure to protect the privacy of the patients. In this perspective, the research realized by (Schneble and Thamilarasu, 2019) in [93] proposes to use an IDS based on ML by using the concept of federated learning to secure medical cyber-physical systems composed of sensors, mobile devices, and servers, which make the system distributed and scalable. The mobile device first registers with the server and is then assigned to a cluster based on its health history for the faster convergence of the model and a better accuracy rate. Each cluster is associated with a federated model stored on the server, then each mobile device downloads the federated model, trains it, and updates it using patient data. Then the server selects some or all of the mobile devices that compose the cluster and asks them to send their updated model. The server then calculates the average of weights and biases of received models to update its federated model so that mobile devices can download it. This process is repeated until the model converges. The mobile device can be in two different modes: testing and learning modes. If the mobile device is in learning mode, it can predict and send its updated model to the server. If the mobile device is in testing mode, it can only predict the new data and does not send the model to the server, saving the communication cost. The proposed system allows detecting anomalies, such as a value of an attribute that exceeds its usual value range or has an unexpected correlation with other attributes. In these cases, an alert will be generated on the mobile devices, allowing the nursing staff to react. To test their system, the authors used the MIMIC dataset obtained from Physione [94] . This dataset is composed of six attributes, which are elapsed time, arterial blood pressure, heart rate, pulse, respiratory rate, and blood oxygen concentration. This system is tested to detect simulated attacks, which are DoS, data modification, and data injection. The metrics used to evaluate their system are detection accuracy, false-positive rate, recall, F1-score, training time, and communication overhead. After performing the different tests, they obtained a high detection rate and low false positives. The training time is equivalent to or better than using a single ML. Increasing the number of patients does not affect the training time, which improves the accuracy and decreases the FPR by getting more data. In more recent studies, researchers explore other architectures that can be used in the context of the IoMT. In this regard, the work carried out by (Alrashdi et al., 2019) in [95] presents a framework for detecting attacks in the fog node. For this purpose, the authors used the Online Sequential Extreme Learning Machine (OS-ELM) for the detection of an anomaly due to its learning speed; however, because of the inconsistent results of OS-ELM, the authors used a set of OS-ELM and used the majority voting to decide on the presence of anomaly or not. Before applying the ensemble of Online Sequential Extreme Learning Machine (EOS-ELM), the authors proceeded to preprocess the data by converting the discrete values into numerical, then selecting the features was done by using Information Gain with vote algorithm. The selected attributes are normalized so that the values are represented between 0 and 1. To evaluate and test their Framework, the authors used the NSL-KDD [82] , a famous dataset, which the authors claim that the attacks contained in this dataset are matched as an attack in the IoT environment. After performing the various tests, they found that EOS-ELM outperforms extreme learning machine, OS-ELM, and ML in terms of accuracy, detection rate and FPR. A recent work performed by (Khan and Akhunzada, 2021) in [19] , proposes a hybrid model based on DL for malware detection in IoMT deployed at the software-defined networking SDN plane application level. The system proposed by the authors consists of feature extraction using CNN, then LSTM is used to classify the data as malware or not. The authors used the current state-of-the-art IoT malware publicly available dataset to evaluate their model. In addition, they compared their model with the constructed hybrid DLdriven. After performing various tests, the authors found that the proposed model outperformed the other methods in terms of detection accuracy and speed efficiency. The different proposed architectures that combine IDS based on ML and IoMT investigated only a centralized architecture; there is no proposal solution for using IDS and Blockchain, a decentralized architecture in IoMT, which can be a good research direction for future work. Medical data received from sensors is centralized in a medical server, which the medical staff can access for analysis. This stored data is of two types, which are the EMR and the EHR. EMR stores a patient's medical and treatment history in a single place and makes it accessible at a single hospital. While EHR focuses on the patient's general health, it can store and transmit patient health data, such as patient history, medication, test results, and demographics [96, 97] . It is necessary to secure access to this data to preserve patients' privacy, protect the confidentiality of medical data, and guarantee their availability and integrity to make an accurate diagnosis. In this perspective, (Boxwala et al., 2011) in [98] propose to use statistics and ML to identify suspicious access in EHR access logs. The authors used Logistic Regression (LR) and SVM to classify new access as suspicious with ranking. The high-scoring event is investigated first by the privacy officers. To create the model based on LR and SVM, the authors used the privacy agent to label selected events as suspicious or appropriate using an iterative refinement process, and then they trained the model using 10-fold crossvalidation. The authors used sensitivity, RUC and compared their model with the rule-based technique to evaluate their model. After performing several tests, the authors obtained > 0.90 of AUC and > 0.75 of sensitivity. They find that using a method based on statistics and ML to detect suspicious access in EHR is possible and is more effective than a rulebased technique. For the same purpose, a different approach has been proposed by (Menon et al., 2014) in [99] for detecting privacy violations resulting from inappropriate access to EHR. The authors use an approach inspired by collaborative filtering for inappropriate access detection, where the objective is to predict a label for a pair of entities interactions. Their solution incorporates explicit and latent features for staff and patients, allowing for the generation of a fingerprint customizer for users based on previous access history. To evaluate the model, the authors used two datasets named "hospital" and "amazon" [100] using the following metrics: RMSE, the area under curves and precision-recall curves, then they compared the results obtained with three ML algorithms: linear regression, LR, and SVM. After performing the different tests, the authors improved the performance considerably over the other approaches and detect inappropriate access. Furthermore, the work performed by (Malin and Bradley, 2014) in [101] research, the authors proposed an unsupervised learning model for insider threat detection in a collaborative environment using access logs called a communitybased anomaly detection system. The approach proposed by the authors is hybrid; they use singular value decomposition, a special case of PCA, to infer communities from relational networks of users, and then they use KNN to create a set of nearest neighbors. The created model detects anomalous users by identifying users who have diverged from typical communication behaviours. In order to evaluate their model, the authors used two datasets: a six-month collection of access logs from an actual EMR and another dataset that reports the editorial board composition for a set of journals over five years. After running the different tests, the results showed that their model could detect the simulated user with high accuracy, outperforming other anomaly detection models. Another work carried out by (Marwan and al., 2018) in [102] , presents a new approach to secure image data processing in a cloud environment based on ML. Their method consists of segmenting the image into four distinct parts depending on the intensity level of pixel using a combination of Fuzzy C-Means Clustering (FCM) and SVM. The FCM is utilized for extracting color features at the pixel level. These features are fed to the SVM to be classified into different regions, allowing storage of the image in the cloud in a segmented format. The authors have also proposed a 3-layer architecture instead of the traditional 2-layer architecture by introducing a CloudSec module that allows the encryption of data in transit using HTTPS/Secure Socket Layer. The CloudSec module also allows restricting the access to the data and detect the misuse of cloud resources by using an access control mechanism. In a recent work performed by (Sicuranza and Paragliola, 2020) in [103] , they propose an hybrid IDS for cyber-attack detection against EHR. The proposed system uses agents deployed within the monitored IT infrastructure. They are responsible for collecting, normalizing, and performing security analysis on the logs collected from the local level. Then these agents generate events that are sent to the IDS for analysis. The IDS comprise a misuse detection module and an anomaly detection module. The misuse detection module is rule-based, effectively detecting the well-known attack signature. The anomaly detection module allows the detection of zero-day attacks. Anomaly detection uses three classifiers, namely DT, Neural Network, and k-means. The results of these classifiers are sent to the voting system to improve the accuracy of each classifier. In addition, an expert system module is designed to resolve any potential conflict between the presence/absence of attacks as determined by the abuse detection module and the anomaly detection voting system. A dataset was generated by monitoring the Italian EHR system to test the proposed model. Three separate attacks on the EHR systems were used to test the misuse and anomaly detection modules. The results demonstrate the efficiency of the proposed solution. In addition, in a study reported by (McGlade and Scott-Hayward, 2019) in [58] , they propose a framework for detecting privacy and availability issues in EMR systems. The Framework is based on ML and uses the SVM to detect privacyrelated incidents and the Exponential Moving Average (EMA) to detect anomalies in message flow that may cause a denial of service. In order to test the Framework, the authors have used synthetic data generated by the Synthea tool [104] , a synthetic patient population simulator. They have tested three ML algorithms on the dataset, namely SVM, KNN, and multinomial NB, to detect anomaly-related to the confidentiality of the EMR system and EMA for the detection of anomaly-related to the availability of the EMR system. After performing different tests, the authors found that SVM exhibits the best performance in terms of accuracy and recall than the two other methods. They also find that EMA can successfully detect message surges, leading to a denial of services. From the various papers reviewed, we noticed that the majority of the works focused on the detection of unauthorized access to medical data of type EHR [98, 99, 101] . Only one paper focused on the confidentiality and availability of medical data type EMR [58] . However, no solution has been proposed using ML to ensure medical data integrity for both types of EMR and EHR, which can be a good research direction. The exploration of the different solutions proposed in the literature using IDS based on ML for IoMT, led us to identify the limitations and challenges of this approach at the different layers that compose IoMT as follows: The deployment of an ML model is a challenge. We have seen through the different solutions proposed three methods of deployment, which are the deployment of the ML model at the medical equipment [7] , the deployment on a third device [73] or the deployment on a chip and then integrate it into the medical equipment [6] . The deployment of a ML model on a medical device, which is already limited in terms of energy, can shorten the battery life, which implies surgical intervention to change the battery that can be risky for the patient. The deployment of a ML model on a third-party device requires communication between these devices and the medical equipment, which implies a modification at the software level of the medical device; however, manufacturers do not permit changes to their products. In addition, these thirdparty devices must be protected against possible attacks. The deploying of ML model on a chip and then integrating it on the medical device implies a modification of the medical device at the software and hardware levels. Deploying ML models on resource-limited medical devices is a challenge, and lightweight ML models to satisfy sensor limitations may be a good direction for research. In addition, the ML model must be protected because in case an attacker with some understanding of how the ML model [104] works with the data can compromise the model by manipulating the data during the learning or testing phase to bias the results [14, 105] . Anomalies in medical data can result from various factors, which are poor communication quality due to interference or due to faulty sensors, an emergency when the patient gets very sick, or due to injection or modification attacks by an intruder. It is essential to distinguish between these different factors because if the patient is in an emergency, it is important to administer the necessary treatment as soon as possible. Ensuring that the patient is really in an emergency and is not an attack can consume time that might be vital for the patient. We have also determined a limitation concerning the availability of public datasets containing medical data and used existing medical datasets collected for medical purposes such as PHYSIONET [94] ; they modified some of these values with the assistance of healthcare professionals to simulate attacks; this raises the challenge of determining its effectiveness when deployed on a patient. Other studies have used real medical equipment worn by volunteers to collect health data; however, these volunteers are not necessarily suffering from disease and may produce different results when used in a real environment. Other studies have used simulators such as CASTILIA [79] to generate medical data and attacks, which leads to such solutions encountering unexpected prob-lems during their deployment on patients. Another limitation is that the various IDS proposed focus on a limited number of medical devices to generate a medical dataset, but when patients wear multiple medical devices. We need a holistic solution to detect intrusions in these different medical devices. Some solution involves patients deciding the presence of an attack or not ; however, they did not consider the fact that the patient is a child or when the patient is in an emergency and cannot decide. Consider that the rule-based solution for anomaly detection on medical data can achieve better results than the anomaly detection system, as demonstrated in the study [7] ; this can be explained by the fact that some medical attributes have values that cannot be reached and can easily be detected with clearly defined rules. However, ML-based anomaly detection can identify an anomaly from multiple medical values, e.g., by finding a false correlation between multiple attributes. There is also a limit to the extent to which an ML model built from a particular patient's medical dataset can be generalized to other patients, since what constitutes abnormal medical values for one patient may be considered normal for another patient [75] . When designing Network-based IDS for IoMT security, it is necessary to consider the distributed, mobile and dynamic nature of the IoMT system and the constraints of heterogeneous communication. The ability to pre-process the different formats of data generated by different medical equipment represents a challenge. The metrics that allow us to evaluate a ML model are important, especially if we face an imbalanced dataset. If the number of instances representing attacks is much smaller than the other normal instances, some metrics become insignificant. The purpose of an IDS in an important information system such as the IoMT is to protect it against any security threat. For this reason, the use of metrics that give more importance to the minority classes and therefore reflect the ability of the ML model to detect attacks correctly becomes a necessity. The capacity of an ML model to detect attacks is only effective if the detection system is performed in real-time, which allows differentiation between an attack and an emergency, and therefore the medical staff and security team can make a decision quickly, which can be life-saving for the patients. We also found a lack of datasets containing traffic generated within an IoMT system. Most research uses datasets that are not specific to the IoMT system. It is important to use a dataset that represents the IoMT system and includes a variety of attacks to increase the effectiveness of an ML model in detecting attacks when deployed in a real environment. We also noted that most of the proposed solutions do not consider the protection of patients' privacy, except for the work conducted by [93] , which proposed using federated learning, which consists of sending an ML model instead of sending the medical data to the server. However, this approach must be accompanied by a measure to protect the ML model during its transit against adversarial attacks. The conception of IDS in the medical server has some challenges and limitations. The structure and nature of the data used when training an ML model within a medical server is not the same for other servers; this is why it is difficult to generalize an ML model to other medical institutions. The amount of data stored at these medical servers is considerable, making healthcare professionals' labeling process fastidious. This labeling process also requires an interview with the patient to ensure the correct labeling of the data; this implies that intrusion detection at the medical server level is not fully automated. An attacker may have to make a single change of value to a feature in an EMR for a single patient, which makes it difficult to detect by an ML-based model that is based on patterns learned from a large amount of medical data [58] . ML is a black-box model, and according to some regulations such as "general data protection regulation", they should not be allowed to make automated decisions in crit-ical sectors such as healthcare, which may slow down their wide adoption in the health care domain. However, for patient privacy reasons, obtaining public medical data in the form of an EMR or EHR type is difficult given the sensitive nature of the data. A state of the art review on the internet of things (iot) history, technology and fields of deployment Security in smart healthcare must make a fast recovery A novel deep learning strategy for classifying different attack patterns for deep brain implants Dlrt: Deep learning approach for reliable diabetic treatment Cardiwall: a trusted firewall for the detection of malicious clinical programming of cardiac implantable electronic devices Deep android malware detection A review of security challenges, attacks and resolutions for wireless medical devices Authentication techniques and methodologies used in wireless body area networks Iomt malware detection approaches: analysis and research challenges A survey on security and privacy issues in modern healthcare systems: Attacks and defenses A survey on security and authentication in wireless body area networks A systematic review of security and privacy issues in the internet of medical things; the role of machine learning approaches Exploiting smart e-health gateways at the edge of healthcare internet-of-things: A fog computing approach Internet of medical things: Architectural model, motivational factors and impediments Future internet: the internet of things architecture, possible applications and key challenges An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for iomt networks A hybrid dl-driven intelligent sdn-enabled malware detection framework for internet of medical things (iomt) A secure healthcare system design framework using blockchain technology Sea: a secure and efficient authentication and authorization architecture for iot-based healthcare using smart gateways Security and privacy for mobile healthcare networks: from a quality of protection perspective Security and privacy for the internet of medical things enabled healthcare systems: A survey In Intelligent Data Security Solutions for e-Health Applications An exhaustive survey on security and privacy issues in healthcare 4.0. Computer Communications New secure healthcare system using cloud of things Security and privacy issues in wireless sensor and body area networks A joint resource-aware and medical data security framework for wearable healthcare systems Survey on security in intra-body area network communication Codeblue: An ad hoc sensor network infrastructure for emergency medical care Medisn: Medical emergency detection in sensor networks Analysis of the applicability of wireless sensor networks attacks to body area networks Keep an eye on your personal belongings! the security of personal medical devices and their ecosystems Security issues and challenges in wireless sensor networks: A survey Patient infusion pattern based access control schemes for wireless insulin pump system Future Network Systems and Security: First International Conference, FNSS 2015 A survey of security in wireless sensor networks A data privacy protective mechanism for wireless body area networks. wireless communications and mobile computing Quality of Service, Security, and Privacy for Wearable Sensor Data. Body Sensor Networking, Design and Algorithms Security analysis of a patient monitoring system for the internet of things in ehealth Body area network challenges and solutions Security issues in healthcare applications using wireless medical sensor networks: A survey. sensors Security issues in wireless body area network Handbook of information and communication security Routing security in sensor network: Hello flood attack and defense Detecting sinkhole attack and selective forwarding attack in wireless sensor networks Survey of Machine Learning Based Intrusion Detection Methods for Internet of Medical Things Sekeban (secure and efficient key exchange for wireless body Advances in Communications and Media Research Security challenges and solutions for wireless body area networks Handbook of computer networks and cyber security Comprehensive analysis of the authentication methods in wireless body area networks. Security and communication networks Wireless body area networks: attacks and countermeasures The sybil attack in sensor networks: analysis & defenses. In Third international symposium on information processing in sensor networks Privacy issues in pervasive healthcare monitoring system: A review Security threats against the transmission chain of a medical health monitoring system Smart-an integrated wireless system for monitoring unattended patients Laura-localization and ubiquitous monitoring of patients for health care support Ml-based cyber incident detection for electronic medical record (emr) systems Security and privacy in the internet of medical things: taxonomy and risk assessment Security issues in implantable medical devices: Fact or fiction? Docs shielded Cheney defibrillator from hacks -CNN Nist special publication on intrusion detection systems Some studies in machine learning using the game of checkers Hands-on machine learning with scikit-learn and tensorflow: Concepts. Tools, and Techniques to build intelligent systems The elements of statistical learning: data mining, inference and prediction A survey of semi-supervised learning methods Deep learning. nature A continuous change detection mechanism to identify anomalies in ecg signals for wban-based healthcare environments Securing insulin pump system using deep learning and gesture recognition Pima Indians Diabetes Database Effect of Deep Brain Stimulation on Parkinsonian Tremor Defending resource depletion attacks on implantable medical devices Healthguard: A machine learningbased security framework for smart healthcare systems Markov models for anomaly detection in wireless body area networks for secure health monitoring Security vulnerabilities, attacks, countermeasures, and regulations of networked medical devices-a review Machine-learning classifiers for security in connected medical devices Castalia: An OMNeT-based simulator for low-power wireless networks such as Wireless Sensor Networks and Body Area Networks Protect healthcare system based on intelligent techniques A layered intrusion detection system for critical infrastructure using machine learning Detailed Analysis of the KDD CUP 99 Data Set Intrusion detection based on stacked autoencoder for connected healthcare systems Heka: A novel intrusion detection system for attacks to personal medical devices Distributed intrusion detection using mobile agents in wireless body area networks An effective feature engineering for dnn using hybrid pca-gwo for intrusion detection in iomt architecture TON_IoT Datasets for cybersecurity applications based artificial intelligence M-idm: A multi-classification based intrusion detection model in healthcare iot Leaesn: Predicting ddos attack in healthcare systems based on lyapunov exponent analysis and echo state neural networks DARPA Intrusion Detection Evaluation Dataset | MIT Lincoln Laboratory Intrusion detection system for healthcare systems using medical and network data: A comparison study WUSTL EHMS 2020 Dataset for Internet of Medical Things (IoMT) Cybersecurity Research Attack detection using federated learning in medical cyber-physical systems MIMIC-III, a freely accessible critical care database Fbad: Fog-based attack detection for iot healthcare in smart cities EMR vs EHR -What is the Difference? -Health IT Buzz Teresa. electronic health record | Description, Implementation, & Issues | Britannica Using statistical and machine learning to help institutions detect suspicious access to electronic health records Detecting inappropriate access to electronic health records using collaborative filtering Amazon Access Data Competition Detection of Anomalous Insiders in Collaborative Environments via Relational Analysis of Access Logs Security enhancement in healthcare cloud using machine learning Ensuring electronic health record cyber-security through an hybrid intrusion detection system Synthetichealth/synthea: Synthetic patient population simulator Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems We have conducted a comprehensive survey on how to use an IDS-based ML to secure the IoMT. For this purpose, we presented the generic architecture of IoMT, which is divided into three layers (data acquisition layer, personal server layer, and medical server layer). Then we provided the requirements and possible threats that can affect the security of IoMT. Next, we reviewed the ML-based solutions for IoMT security and categorized them into three levels: data collection level, transmission level, and storage level, giving the advantages, disadvantages, and datasets used. Finally, we give the different challenges and limitations of using ML in these different categories. This survey aims at highlighting the ability of ML to bring security to complex infrastructures such as IoMT and the capacity to comply with the particular constraints of IoMT.