The Internet of Medical Things (IoMT) is becoming a vital part of modern healthcare, enabling ongoing patient monitoring and remote diagnosis. However, as more devices connect to the internet, healthcare systems become more vulnerable to serious security issues such as unauthorized access, patient data manipulation, and Man-in-the-Middle attacks. Conventional Intrusion Detection Systems (IDSs) often struggle with the unclear and uncertain characteristics of IoMT traffic, which leads to reduced detection accuracy and increased false alarms. To address these challenges, this paper proposes ML-FSID-FIS, a multi-level feature selection-based Intrusion Detection System that employs a fuzzy inference system (FIS) for classification in IoMT networks. The model combines multiple feature selection techniques into a three-stage multi-level feature selection strategy to improve detection efficiency and strengthen the security of IoMT networks. In the first stage, four feature selection techniques—Random Forest, XGBoost, ReliefF, and Mutual Information—are applied to identify the most relevant features. In the second stage, a frequency-based consensus strategy is utilized to extract consistently selected features from the four top-ranked sets. In the third stage, an ensemble refinement using bagging-based ranking is employed to rank the remaining features, resulting in the selection of the top five features. From these, three candidate 3-feature groups are formed and evaluated, and the best-performing group is selected as the final input set for the fuzzy logic classifier. The FIS produces a continuous risk score that is mapped to a binary decision using a validation-selected threshold. When the proposed method was tested on the WUSTL-EHMS-2020 dataset and compared with other recent work using the same dataset, it showed strong detection performance while maintaining a very low false positive rate of 0.3%. This study is distinguished by its integrated design, which combines a three-stage multi-level feature selection strategy with fuzzy logic-based intrusion classification to improve feature efficiency and support interpretable intrusion detection in IoMT.
Balhareth et al. (Sat,) studied this question.