TY - JOUR
T1 - CardiWall
T2 - A trusted firewall for the detection of malicious clinical programming of cardiac implantable electronic devices
AU - Kintzlinger, Matan
AU - Cohen, Aviad
AU - Nissim, Nir
AU - Rav-Acha, Moshe
AU - Khalameizer, Vladimir
AU - Elovici, Yuval
AU - Shahar, Yuval
AU - Katz, Amos
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - Today, cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs), play an increasingly important role in healthcare ecosystems as patient life support devices. Physicians control, program and configure CIEDs on a regular basis using a dedicated programmer device. The programmer device is open to external connections (e.g., USB, Bluetooth, etc.), and thus it is exposed to a variety of cyber-attacks by which an attacker can manipulate the programmer device's operations and consequently harm the patient. In this paper, we present CardiWall, a novel detection and prevention system designed to protect ICDs from cyber-attacks aimed at the programmer device. Our system has six different layers of protection, leveraging medical experts' knowledge, statistical methods, and machine learning algorithms. We evaluated the CardiWall system extensively in two comprehensive experiments. For the evaluation, we gathered data for a period of four years and used 775 benign clinical commands that are related to hundreds of different patients (obtained from different programmer devices located at Barzilai University Medical center) and 28 malicious clinical commands (created by two cardiology experts from different hospitals). The evaluation results show that only two out of the six layers proposed in CardiWall system provided a high detection capability associated with high rates of true positive, and low rates of false positive. With the configuration that provided the best harmonic mean of sensitivity and specificity (HMSS), CardiWall achieved a high true positive rate (TPR) of 91.4% and a very low false positive rate (FPR) of 1%, with an AUC of 94.7%.
AB - Today, cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs), play an increasingly important role in healthcare ecosystems as patient life support devices. Physicians control, program and configure CIEDs on a regular basis using a dedicated programmer device. The programmer device is open to external connections (e.g., USB, Bluetooth, etc.), and thus it is exposed to a variety of cyber-attacks by which an attacker can manipulate the programmer device's operations and consequently harm the patient. In this paper, we present CardiWall, a novel detection and prevention system designed to protect ICDs from cyber-attacks aimed at the programmer device. Our system has six different layers of protection, leveraging medical experts' knowledge, statistical methods, and machine learning algorithms. We evaluated the CardiWall system extensively in two comprehensive experiments. For the evaluation, we gathered data for a period of four years and used 775 benign clinical commands that are related to hundreds of different patients (obtained from different programmer devices located at Barzilai University Medical center) and 28 malicious clinical commands (created by two cardiology experts from different hospitals). The evaluation results show that only two out of the six layers proposed in CardiWall system provided a high detection capability associated with high rates of true positive, and low rates of false positive. With the configuration that provided the best harmonic mean of sensitivity and specificity (HMSS), CardiWall achieved a high true positive rate (TPR) of 91.4% and a very low false positive rate (FPR) of 1%, with an AUC of 94.7%.
KW - ICD
KW - detection
KW - machine learning
KW - malware
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85082174350&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2020.2978631
DO - 10.1109/ACCESS.2020.2978631
M3 - Article
AN - SCOPUS:85082174350
SN - 2169-3536
VL - 8
SP - 48123
EP - 48140
JO - IEEE Access
JF - IEEE Access
M1 - 9025056
ER -