A Hybrid CNN-Transformer Approach for Predicting Attack Severity in Electronic Health Monitoring Systems to Strengthen Cybersecurity
Received: 3 March 2025 | Revised: 16 April 2025, 17 May 2025, 1 June 2025, and 6 June 2025 | Accepted: 9 June 2025 | Online: 2 August 2025
Corresponding author: Muzamil Basha Syed
Abstract
Electronic Health Monitoring Systems (EHMS) have revolutionized patient care through continuous, connected monitoring. However, their pervasive connectivity exposes them to evolving cyber threats. In this context, for a resilient, real‑time Intrusion Detection System (IDS), we propose a novel hybrid Convolutional Neural Network–Transformer (CNN–Transformer) architecture that integrates the spatial feature extraction and long‑range sequence modelling functionality. The framework is trained on the publicly available WUSTL-EHMS-2020 network traffic dataset. The model features a dual-output head that simultaneously: (i) classifies attack types and (ii) predicts attack severity on a continuous scale. To address the dataset's severe class imbalance, the Synthetic Minority Oversampling Technique (SMOTE) is employed. Experimental results show the model achieves a classification accuracy of 83.33%, macro F1-score of 0.93, and Receiver Operating Characteristic Area Under the Curve (ROC-AUC) of 0.96, and severity regression achieves a Mean Absolute Error (MAE) of 0.3337 and an R2 0.89. Shapley Additive Explanations (SHAP) provide model interpretability, revealing packet length and inter-arrival time as key predictive features. The proposed IDS outperforms state‑of‑the‑art CNN, Long Short-Term Memory (LSTM), and ensemble baselines in the precision on minority classes. It is also computationally efficient, requiring only a single NVIDIA RTX 3080 Graphics Processing Unit (GPU) with <2 GB VRAM per batch, and delivers inference latency below 150 ms, meeting clinical real-time requirements. These findings make the hybrid CNN–Transformer a viable and deployment-ready approach to protect EHMS against cyber-attacks, in a scalable and explainable manner.
Keywords:
cybersecurity, Electronic Health Monitoring Systems (EHMS), hybrid Convolutional Neural Network (CNN)-Transformer Model, intrusion detection system, severity prediction, explainable Artificial Intelligence (AI), Synthetic Minority Over-sampling Technique (SMOTE)Downloads
References
M. A. Lawal, R. A. Shaikh, and S. R. Hassan, "A DDoS Attack Mitigation Framework for IoT Networks using Fog Computing," Procedia Computer Science, vol. 182, pp. 13–20, 2021. DOI: https://doi.org/10.1016/j.procs.2021.02.003
H. Jmila, G. Blanc, M. R. Shahid, and M. Lazrag, "A Survey of Smart Home IoT Device Classification Using Machine Learning-Based Network Traffic Analysis," IEEE Access, vol. 10, pp. 97117–97141, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3205023
N. Tatipatri and S. L. Arun, "A Comprehensive Review on Cyber-Attacks in Power Systems: Impact Analysis, Detection, and Cyber Security," IEEE Access, vol. 12, pp. 18147–18167, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3361039
C. Wu et al., "WAFBooster: Automatic Boosting of WAF Security Against Mutated Malicious Payloads," IEEE Transactions on Dependable and Secure Computing, vol. 22, no. 2, pp. 1118–1131, Mar. 2025. DOI: https://doi.org/10.1109/TDSC.2024.3429271
F. Khan et al., "Development of a Model for Spoofing Attacks in Internet of Things," Mathematics, vol. 10, no. 19, Oct. 2022, Art. no. 3686. DOI: https://doi.org/10.3390/math10193686
W. Aldosari, "Deep Learning-Based Location Spoofing Attack Detection and Time-of-Arrival Estimation through Power Received in IoT Networks," Sensors, vol. 23, no. 23, Dec. 2023, Art. no. 9606. DOI: https://doi.org/10.3390/s23239606
M. Mittal, K. Kumar, and S. Behal, "Deep learning approaches for detecting DDoS attacks: a systematic review," Soft Computing, vol. 27, no. 18, pp. 13039–13075, Sep. 2023. DOI: https://doi.org/10.1007/s00500-021-06608-1
Z. Mahdi, N. Abdalhussien, N. Mahmood, and R. Zaki, "Detection of Real-Time Distributed Denial-of-Service (DDoS) Attacks on Internet of Things (IoT) Networks Using Machine Learning Algorithms," Computers, Materials & Continua, vol. 80, no. 2, pp. 2139–2159, 2024. DOI: https://doi.org/10.32604/cmc.2024.053542
E. C. P. Neto et al., "CICIoV2024: Advancing realistic IDS approaches against DoS and spoofing attack in IoV CAN bus," Internet of Things, vol. 26, Jul. 2024, Art. no. 101209. DOI: https://doi.org/10.1016/j.iot.2024.101209
S. A. Khanday, H. Fatima, and N. Rakesh, "A Novel Data Preprocessing Model for Lightweight Sensory IoT Intrusion Detection," International Journal of Mathematical, Engineering and Management Sciences, vol. 9, no. 1, pp. 188–204, Feb. 2024. DOI: https://doi.org/10.33889/IJMEMS.2024.9.1.010
S. Baruah, D. J. Borah, and V. Deka, "Reviewing various feature selection techniques in machine learning‐based botnet detection," Concurrency and Computation: Practice and Experience, vol. 36, no. 12, May 2024. DOI: https://doi.org/10.1002/cpe.8076
J. Jiang, X. Zhang, and Z. Yuan, "Feature selection for classification with Spearman’s rank correlation coefficient-based self-information in divergence-based fuzzy rough sets," Expert Systems with Applications, vol. 249, Sep. 2024, Art. no. 123633. DOI: https://doi.org/10.1016/j.eswa.2024.123633
Y. Hu et al., "Performance Degradation Prediction Using LSTM with Optimized Parameters," Sensors, vol. 22, no. 6, Mar. 2022, Art. no. 2407. DOI: https://doi.org/10.3390/s22062407
M. N. Akhter et al., "An Hour-Ahead PV Power Forecasting Method Based on an RNN-LSTM Model for Three Different PV Plants," Energies, vol. 15, no. 6, Mar. 2022, Art. no. 2243. DOI: https://doi.org/10.3390/en15062243
M. V. Ferro, Y. D. Mosquera, F. J. R. Pena, and V. M. D. Bilbao, "Early stopping by correlating online indicators in neural networks," Neural Networks, vol. 159, pp. 109–124, Feb. 2023. DOI: https://doi.org/10.1016/j.neunet.2022.11.035
M. Douiba, S. Benkirane, A. Guezzaz, and M. Azrour, "An improved anomaly detection model for IoT security using decision tree and gradient boosting," The Journal of Supercomputing, vol. 79, no. 3, pp. 3392–3411, Feb. 2023. DOI: https://doi.org/10.1007/s11227-022-04783-y
T. A. Al-Amiedy et al., "A systematic literature review on attacks defense mechanisms in RPL-based 6LoWPAN of Internet of Things," Internet of Things, vol. 22, Jul. 2023, Art. no. 100741. DOI: https://doi.org/10.1016/j.iot.2023.100741
M. Ghiasi, T. Niknam, Z. Wang, M. Mehrandezh, M. Dehghani, and N. Ghadimi, "A comprehensive review of cyber-attacks and defense mechanisms for improving security in smart grid energy systems: Past, present and future," Electric Power Systems Research, vol. 215, Feb. 2023, Art. no. 108975. DOI: https://doi.org/10.1016/j.epsr.2022.108975
Y. Fan et al., "Heterogeneous Temporal Graph Transformer: An Intelligent System for Evolving Android Malware Detection," in Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining, Virtual Event Singapore, Aug. 2021, pp. 2831–2839. DOI: https://doi.org/10.1145/3447548.3467168
A. Ghourabi, "A Security Model Based on LightGBM and Transformer to Protect Healthcare Systems From Cyberattacks," IEEE Access, vol. 10, pp. 48890–48903, 2022. DOI: https://doi.org/10.1109/ACCESS.2022.3172432
I. Ahmad, F. Al Qurashi, E. Abozinadah, and R. Mehmood, "A Novel Deep Learning-based Online Proctoring System using Face Recognition, Eye Blinking, and Object Detection Techniques," International Journal of Advanced Computer Science and Applications, vol. 12, no. 10, 2021. DOI: https://doi.org/10.14569/IJACSA.2021.0121094
I. B. A. Ouahab, L. Elaachak, and M. Bouhorma, "Enhancing Malware Classification with Vision Transformers: A Comparative Study with Traditional CNN Models," in Proceedings of the 6th International Conference on Networking, Intelligent Systems & Security, Larache Morocco, May 2023, pp. 1–5. DOI: https://doi.org/10.1145/3607720.3607781
K. Steverson, C. Carlin, J. Mullin, and M. Ahiskali, "Cyber Intrusion Detection using Natural Language Processing on Windows Event Logs," in 2021 International Conference on Military Communication and Information Systems (ICMCIS), The Hague, Netherlands, May 2021, pp. 1–7. DOI: https://doi.org/10.1109/ICMCIS52405.2021.9486307
A. Rahali and M. A. Akhloufi, "MalBERTv2: Code Aware BERT-Based Model for Malware Identification," Big Data and Cognitive Computing, vol. 7, no. 2, Mar. 2023, Art. no. 60. DOI: https://doi.org/10.3390/bdcc7020060
J. Dobreva, A. P. Mitrovikj, and V. Dimitrova, "MalDeWe: New Malware Website Detector Model based on Natural Language Processing using Balanced Dataset," in 2021 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, Dec. 2021, pp. 766–770. DOI: https://doi.org/10.1109/CSCI54926.2021.00043
O. Aslan and R. Samet, "A Comprehensive Review on Malware Detection Approaches," IEEE Access, vol. 8, pp. 6249–6271, 2020. DOI: https://doi.org/10.1109/ACCESS.2019.2963724
A. Bensaoud, J. Kalita, and M. Bensaoud, "A survey of malware detection using deep learning," Machine Learning with Applications, vol. 16, Jun. 2024, Art. no. 100546. DOI: https://doi.org/10.1016/j.mlwa.2024.100546
R. Alsulami, B. Alqarni, R. Alshomrani, F. Mashat, and T. Gazdar, "IoT Protocol-Enabled IDS based on Machine Learning," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12373–12380, Dec. 2023. DOI: https://doi.org/10.48084/etasr.6421
A. Sanmorino, L. Marnisah, and H. D. Kesuma, "Detection of DDoS Attacks using Fine-Tuned Multi-Layer Perceptron Models," Engineering, Technology & Applied Science Research, vol. 14, no. 5, pp. 16444–16449, Oct. 2024. DOI: https://doi.org/10.48084/etasr.8362
R. A. Yunmar, S. S. Kusumawardani, Widyawan, and F. Mohsen, "Hybrid Android Malware Detection: A Review of Heuristic-Based Approach," IEEE Access, vol. 12, pp. 41255–41286, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3377658
M. G. Gaber, M. Ahmed, and H. Janicke, "Malware Detection with Artificial Intelligence: A Systematic Literature Review," ACM Computing Surveys, vol. 56, no. 6, pp. 1–33, Jun. 2024. DOI: https://doi.org/10.1145/3638552
T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui, "A Survey on Malware Detection with Graph Representation Learning," ACM Computing Surveys, vol. 56, no. 11, pp. 1–36, Nov. 2024. DOI: https://doi.org/10.1145/3664649
C. P. Chenet, A. Savino, and S. Di Carlo, "A Survey on Hardware-Based Malware Detection Approaches," IEEE Access, vol. 12, pp. 54115–54128, 2024. DOI: https://doi.org/10.1109/ACCESS.2024.3388716
S. K. Smmarwar, G. P. Gupta, and S. Kumar, "Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review," Telematics and Informatics Reports, vol. 14, Jun. 2024, Art. no. 100130. DOI: https://doi.org/10.1016/j.teler.2024.100130
S. Wang, R. K. L. Ko, G. Bai, N. Dong, T. Choi, and Y. Zhang, "Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A Survey," IEEE Communications Surveys & Tutorials, vol. 26, no. 2, pp. 930–966, 2024. DOI: https://doi.org/10.1109/COMST.2023.3344808
D. O. Otieno, F. Abri, A. S. Namin, and K. S. Jones, "Detecting Phishing URLs using the BERT Transformer Model," in 2023 IEEE International Conference on Big Data (BigData), Sorrento, Italy, Dec. 2023, pp. 2483–2492. DOI: https://doi.org/10.1109/BigData59044.2023.10386782
A. Senthilkumar, S. Joshika, L. Santhi, S. K S, and P. Charanarur, "Pearson Correlation Coefficient based Improved Least Square - Support Vector Machine for Cyber-Attack Detection in Internet of Things," in 2024 Third International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE), Ballari, India, Apr. 2024, pp. 1–4. DOI: https://doi.org/10.1109/ICDCECE60827.2024.10549411
J. P. Maurya, M. Manoria, and S. Joshi, "Cardiac Arrhythmia Classification Using Cascaded Deep Learning Approach (LSTM & RNN)," in Communications in Computer and Information Science, Cham: Springer Nature Switzerland, 2022, pp. 3–13. DOI: https://doi.org/10.1007/978-3-031-24352-3_1
A. A. Hady, A. Ghubaish, T. Salman, D. Unal, and R. Jain, "Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study," IEEE Access, vol. 8, pp. 106576–106584, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.3000421
WUSTL EHMS 2020 Dataset. (2020), A. A. Hady, A. Ghubaish, T. Salman, D. Unal, and R. Jain. [Online]. Available: https://www.cse.wustl.edu//~jain/ehms/index.html.
Malware-Traffic-Analysis.net. (2023), Open Threat Intel Repository. [Online]. Available: https://www.malware-traffic-analysis.net.
Downloads
How to Cite
License
Copyright (c) 2025 Bindyashree C. A., Muzamil Basha Syed
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
