Hybrid CNN-LSTM Model for DDoS Attack Detection in Internet of Things-based Healthcare Industry 5.0
Ud Din, Ikram Almogren, Ahmad Han, Zhu Guizani, Mohsen
Ud Din, Ikram
Almogren, Ahmad
Han, Zhu
Guizani, Mohsen
Supervisor
Department
Machine Learning
Embargo End Date
Type
Journal article
Date
2025
License
Language
English
Collections
Research Projects
Organizational Units
Journal Issue
Abstract
The convergence of the Internet of Things (IoT) and Software-Defined Networking (SDN) has paved the way for a new technological paradigm in Healthcare Industry 5.0. This integration addresses the complexity, heterogeneity, and dynamic nature of smart IoT devices within healthcare systems. However, it also increases the risk of cyberattacks, particularly Distributed Denial of Service (DDoS) attacks, which pose significant threats to such critical infrastructure. While Deep Learning (DL)-based intrusion detection methods have demonstrated high accuracy in detecting these attacks, their opaque decision-making process often leads to their characterization as black-box models, limiting their practical use for security analysts. To overcome these challenges, this study proposes an explainable hybrid model for DDoS attack detection in SDN-IoT-based Healthcare Industry 5.0 environments. The model combines the strengths of Convolutional Neural Networks (CNNs) for spatial feature extraction and Long Short-Term Memory (LSTM) networks for capturing temporal dependencies in network traffic. Implemented using an SDN controller, the model accurately classifies DDoS and IoT attacks while providing transparency through the SHapley Additive exPlanation (SHAP) method, which identifies the most influential features in the model’s decision-making process. Simulation results on the CICDDoS2019 and IoT Healthcare Security datasets demonstrate the model’s effectiveness, achieving detection accuracy of 99.59% and 98.12%, respectively. These findings confirm the robustness of the proposed hybrid model compared to state-of-the-art methods for detecting potential attacks in Healthcare Industry 5.0 systems.
Citation
Z. Ullah et al., "Hybrid CNN-LSTM Model for DDoS Attack Detection in Internet of Things-based Healthcare Industry 5.0," in IEEE Internet of Things Journal, doi: 10.1109/JIOT.2025.3569610
Source
IEEE Internet of Things Journal
Conference
Keywords
Internet of Things, Healthcare Industry 5.0, Software Defined Network, Long Short Term Memory, Security
Subjects
Source
Publisher
IEEE