Crypto Hash Based Malware Detection in IoMT Framework

The challenges in providing e-health services with the help of Internet of Medical Things (IoMT) is done by connecting to the smart medical devices. Through IoMT sensor devices/smart devices, physicians share the sensitive information of the patient. However, protecting the patient health care details from malware attack is necessary in this advanced digital scenario. Therefore, it is needed to implement cryptographic algorithm to enhance security, safety, reliability, preventing details from malware attacks and privacy of medical data. Nowadays blockchain has become a prominent technology for storing medical data securely and transmit through IoMT concept. The issues in the existing research works are in terms of insecurity, non-reliability, remote hijacking, hacking of password and Denial of Service (DoS) attacks. In order to overcome these issues, this work is focused on the double layer encryption model using PoW consensus with Crypto Hash algorithm (PoW-CHA). This proposed work concentrates on secured storage of medical data via IoMT transmission. It ensures transparency, decentralization, security, immutability and preserving privacy, and precisely detecting the malware attack. The accuracy of PoW-CHA is 98% compared to PoW and Crypto Hash algorithm. Moreover, it takes minimum computation time for PoW-CHA.


Introduction
The advancement of technology in the digital communication has changed the world faster and easier one. The digital communication through smart health care management data using smart wearable devices is referred as Internet of Medical Things (IoMT). It consists of smart medical related wearable devices In paper [10] the author surveyed carefully on the unique characteristics of block chain such as stability, non-modifiability, decentralization, security etc. Similarly, it uses the consensus algorithm and reviews its performance, characteristics and principles with various consensus algorithms. Hybrid security scheme is applied in the cryptographic techniques like symmetric and used in heterogeneous cryptosystems [11]. In the IoMT environment, the input data are accurately captured from the smart medical devices and instantly work in detecting the organized activities of the malicious node in the block. If it is noticed as malicious node, the IP address of malicious node is sent to the administrator for preventing it [12]. Blockchain based machine learning concepts are typically used for detecting the malware in the wearable IoT devices. This machine learning concepts are used automatically in the identification of malware information and extract it using clustering and classification algorithm. These extract information of malware is efficiently stored in the distributed malware database. Consequently, this will improve the performance of dynamic time detection of malware in an excessive speed [13].
To detect the anomaly detection in an accurate way, the misused detection is identified using Networkbased Intrusion Detection System (NIDS). Moreover, the system precisely detects the unwarrantable intrusion through the complex network. Another detection mode based on Host-based Intrusion Detection System (HIDS) is implemented to monitor and detects the intrusion which is occurred inside an operating system [14,15]. Tab. 1. shows the survey of the existing research work.

PoW-CHA Methodology in the Malware Protection
This paper proposes a proper protection of health care data from malware attacks in blockchain [30,31]. Typically, it consists of intelligent healthcare and monitoring tools such as smart watch, smart blood glucose meter, smart pacemaker, smart oximeter, etc. is shown in Tab. 2. The signals collected from these sensitive devices are stored securely in the fog server using PoW consensus and Crypto Hash algorithms. The smart  [16] Blockchain using ledger [17] Fog-based Blockchain [18] Light-weight authentication in IoMT [19] Malware analysis and detection using IoT [20] Fog based authenticated key management protocol [21] Cognitive edge framework of blockchain based IoT. [22] Four-layer iot frame perception for remote monitoring and diagnosis. [23] Malware detection mechanism for IoT devices [24] Malware detection using deep learning [25] Malware detection using multimodal deep learning method for android using various features [26] Biometrics-based privacy-preserving user authentication scheme for cloud-based environment. [27] Internet of medical things dealing with cyber-physical systems in medicine [28] Privacy-aware efficient fine-grained data access control in internet of medical things based fog computing [29] Cyber security problems are discussed using machine learning algorithms. medical devices are properly equipped with wireless network communications namely, Bluetooth and Wi-Fi. Fig. 1. shows the model of the proposed algorithm (PoW-CHA).

Wearable Devices in IoMT Layer
To adequately monitor the health status of the patient, smart wearable devices are used in the IoMT layer. Smart wearable devices generate signals, and it is transmitted to centralized fog server in the blockchain network through radio frequency with the help of IoMT. In the centralized fog server, it is securely stored.

Categories of Malware
Malware is software that transmits over a complex network. Normally, it performs some malicious operation, and gently steals the sensitive stored information which is undoubtedly required by the potential attacker. Types of malwares are given below.
Spyware: This specific type of malware will perform spying activities of the user without their extensive knowledge. The activities of spyware such as, monitoring keystrokes, modify the settings of the software and it acts as a traditional program.
Key logger: To track the keystrokes of the user, the key logger is used by the hacker. It is, moreover, a small segment of code. It is really an energetic attacker which tries to enter the system of the user through the link in the email and the system is trickily hacked. By allocating a strong password, the system can be secured. In such case, a multifactor authentication is critically needed.  The malicious program is attached with numerous programs and spread into other systems. While executing the program, it will automatically infect the programs. In addition to that, it can be used to steal sensitive information that harms the system.
Trojan Horse: This malware supports the hacker to obtain authorization for accessing the infected system, and it can steal the sensitive information from the infected system.
Worm: To identify the weaknesses in the OS, it tries to spread through a network and harms the host through consumption of bandwidth and webservers. This malware spreads through e-mail which contains infected attachments and steal the sensitive information to get rid of the files.
Rootkit: As it is remotely an accessible malicious file, this kit can hack the system remotely without the consent of the user and steal the sensitive information and modify the configuration of the system. Detection and prevention of this malware are difficult because it always conceals itself.
Ransomware: This type of malware restricts the user to access the machine by requesting money. Additionally, it encrypts the file and blocks the system. At that time, the message will be displayed and invite the user to pay the money forcefully. Once the money is received, the key is provided to decrypt the file. the process spreads through the downloaded file to the system.

Proposed Prevention of Malware Attack in Fog Nodes Using PoW-CHA
To prevent the malware attack in the IoMT environment, the data collected from the sensor devices are securely stored in the fog-based cloud server network. This paper proposes double layer encryption model using PoW consensus with efficient Crypto Hash algorithm (PoW-CHA). Similarly, it detects and prevents the malware in the blockchain network.

Generation and Exchange of Key
For transmitting the information from IoMT device to Fog-based cloud server network, it is required to have a secret key. This secret key contains the input signals received from various IoMT wearable devices along with Hash function of 256 bits. When IoMT device starts transmitting the data, a secret key is assigned. After exchanging of the key process is over, it starts the transmission in a secured way.

Authentication of User and IoMT Device
It is a process of identifying and verifying the specific details of the user and IoMT wearable devices are attached in the proposed system. There are five phases; They are registration phase, login phase, password phase, authentication, and generation of key phases, adding of IoMT wearable device phase.

Registration Phase
In the registration phase, a user (patient) can provide their valuable information such as name, patient details, IoMT wearable device details, password and store it in a protected way and submit it to the Certificate Authority (CA). After completing this standard procedure successfully, CA will provide a smart card to the user and register in a secured manner.

Login Phase
The registered user information for a specific IoMT device check whether the user data is valid or not by sending login request. If it is successfully logged in, only then it allows the user to access the data in the blockchain.

Password Updating Phase
For enhancing the high dimensionality of security, it is necessary to provide strong password. Therefore, for the purpose of authentication instantly updating the secure password is done very often. It typically prevents the system from malware attacks.

Authentication and Generation of Key Phase
After verifying the login credentials with password user (sender), the information is transmitted to the authorized receiver. While transmitting the information, a secret key is generated using crypto hash algorithm. This secret key is attached with the input data that forms a message. This message transmits in a secured way. That is from IoMT wearable devices to Fog-based cloud server. When a new IoMT device is installed for a new patient in the environment, it must be authenticated. Then it gives assurance and starts accessing the data or transmit the same. Exchanging information between doctor and patient and vice versa in a safer way. For exchanging the information, they shared the secret key.

Detection of Malware
The Malware Detection System (MDS) is used for monitoring and analyses of malicious activities inside the proposed system. It detects and prevents the malware attacks to the system. In case of any malicious activities, it sends the message to Certificate Authority (CA) to block that particular IP address or raise an alarm signal. Therefore, a secured way is needed for preventing the malware activities. This work has proposed PoW consensus with Crypto Hash algorithm (PoW-CHA). The architecture of PoW-CHA is given in Fig. 2.
These protocols provide security in IoMT in Fig. 2. It provides more security to the health care data in the blockchain network and prevents the attack from malwares. This paper describes the CHA as permission blockchain for providing security and preventing malware attacks. Step 1: While p i in FBC(patient)do // p i -Patient Step 2: Select p i Step 3: IF p i ∈ FBC(p list ) Step 4: For eachFBC(Health − data i ) in IoMT do Step 5: Ifdevice i select FBC(Health − data i ) then Step 6: Retrieve FBC (p i , FBC(Health − data i )) Step 7: Store in FBC À PoWðfog FBCÞ Step 8: global public key values (p, q, m) //Generate hash Key Step 9: Choose largest prime number (p) in 160-bit number Step 10: Evaluate m = p * q Step 11: Evaluate [ðmÞ ¼ ðp À 1Þ Ã ðq À 1Þ Step 12: Choose public key as e Step 13: gcdð[ðmÞ; eÞ ¼ 1; 1 , e , [ðmÞ Step 14: d ¼ e À1 mod [ðmÞ // d is a private key; public key is e, n Step 15: array½char FBC À PoWðfog FBC; d; eÞ // Select the Stored data split into array form as ASCII format.
Step 17: convert b in value in 8-bits long by adding zeros in front of each bit //Padding Step 18: Pad (bin) ←bin // Step 19: health − data patient ← Pad(bin) + Message(M) Step 20: Break the message health − data patient into chunks with 512 characters.
Step 21: Break the message health − data patient into chunks with subarray of sixteen 32-bit words.
Step 22: PoW − Cha ← health − data patient + (d, e)// Step 23: Else Step 24: Display "Unauthorized User" Step 25: End If; End If; End For; End The working flow of Algorithm 1 is given in Fig. 3.

Result and Discussions
This section performs an analysis of protection in the health care data from the malware attack in Fogbased cloud server network in IoMT and the performance metric measures of PoW-CHA are given below: If ordinary program is treated as ordinary program by Malware Detection System (MDS), it is termed as "True Negative" (TN). Similarly, if ordinary program is treated as malicious program by MDS, it is called as False Positive (FP). If a malicious program is treated as a malicious program by MDS, it is termed as "True Positive (TP)". If a malicious program is treated as an ordinary program by MDS, it is called as "False Negative (FN)". The simulation parameters used in the proposed systems are provided below.

Accuracy
It is used to measure all correctly identified cases.

Precision (PPV)
It is also called as positive predicted value. It is identified as intrusion cases correctly for all intrusion cases of predicted positive cases.

Recall
It is also called as detection rate or true positive rate. It is identified as intrusion cases correctly for all intrusion cases of real positive cases.

F1-score
This F1-measure can be used to compute the harmonic mean of "precision" and "recall.
From Tab. 3, it is clear that the precision rate PoW-CHA algorithm (96.2%) is better than PoW (75.6%) and Crypto Hash (89.4%). PoW-CHA outperforms the other algorithms with precision of 96.2%. For the recall value of the proposed work, PoW-CHA has better percentage of 80.3% in PoW and 85.2% in Crypto Hash. The PoW-CHA algorithm outperforms the other algorithms with an F-score of 99.10%. Fig. 4. shows the accuracy of PoW-CHA.

Throughput
In this performance parameter, it is the rate at which valid transactions of IoMT medical data are committed by the blockchain. transaction per node ¼ transcation per node Ã fraction of node per second This throughput parameter is compared with fog-based in IoMT, and PoW-CHA. Fig. 5. shows the throughput.  Tab. 4. shows that the proposed work has provided better performance in the aspects of accuracy and F1score values when it is compared with the existing algorithm for malware detection of fog-based network [36][37][38][39][40][41][42][43][44][45][46][47][48][49][50][51]. Tab. 5. shows the consumption of energy in terms of different architectures.
From Tab. 5, it is observed that the proposed work PW-CHA is implemented in Raspberry Pi 3-based platform. If number of nodes increases in the Raspberry Pi 3 platform, it needs more time and high energy consumption. The proposed work produces minimum consumption of energy when nodes get increased. Consequently, it gives the prominent result. Tab. 6. shows the number of malicious nodes in the fogbased network.   From the Tab. 6, it is understood that in the detection of malicious operations network, PoW-CHA is used in the Fog-based cloud server technology. While adding nodes in the network, the proposed PoW-CHA analysis identifies the malicious activities using Algorithm 1 and segregates the malicious nodes (20,40,80) as well as malicious miners. In the health care management system, whenever a physician gives a treatment detail to a patient and at the same time, it is sent to each miner in the network. In the network data generated from the wearable devices along with prescription and treatment details of the patient are authenticated and then only included in the network. Fig. 6. shows the average latency of the proposed algorithm with the existing algorithm.
The transmission of data with malicious node in the fog and miners in the cloud server has been implemented using PoW-CHA. Fig. 6. shows the proposed algorithm PoW-CHA that produces high average latency. When malicious operation occurs in the network, PoW-CHA algorithm detect and prevent the malicious node and retransmit the authenticated data to the next fog node. The proposed work PoW-CHA is accessed by statistical index values of: ðm À pÞ 2 (8) Hence, from various performance metric measures, it is shown that our proposed KNN-MLSC has high classification accuracy, minimum error, and reduced computational complexity. Fig. 8 calculates the correlation coefficient of the proposed work PoW-CHA that outperforms compared to the existing algorithm. Fig. 9. shows the computation time of the proposed work.

Conclusion
IoMT based applications have become important in our routine life. Protection of health care data from malware attack in fog based IoMT remains a difficult task. However, in accessing the data in a secured way from malware attack remains a major issue. To overcome these issues and to implement an effective and efficient way in the detection and prevention of malware attack using the proposed work of PoW-CHA algorithm. In this work, the authenticated data are stored in the fog-based cloud server and subsequently, the dynamic attacks of malware are monitored in the IoMT environment. The accuracy of PoW-CHA is 98% compared to PoW and Crypto Hash algorithm. It takes minimum computation time for PoW-CHA. Future work can be extended to the detection of malware using various meta heuristics algorithms with the help of IoMT wearable devices in edge computing.