Collabo: A Collaborative Machine Learning Model and Its Application to the Security of Heterogeneous Medical Data in an IoT Network

With the increase in globalization, the degree of electronic communication increases. Such an increase is also experienced by many sectors including the medical sector, which communicates and generates large amounts of data related to the spread of diseases as observed in the case of the COVID-19 pandemic. This has led to the deployment of Internet of Things (IoT) networks in many medical centers. However, one main challenge is how to maintain the security of the data and devices in the network. In this study, we discuss the cybersecurity risk associated with IoT networks used for medical services and provide a solution for protecting medical data and devices using an agent-based approach. Unlike most conventional cybersecurity models that use agents based on deterministic logic or independent learning agents to detect and prevent cybersecurity attacks, we propose a cybersecurity model using a collaborative network of learning agents, called Collabo, that share both mutual and causal values regarding their actions on a common security target. Our experimental results demonstrate the significance of our model over conventional models.


I. INTRODUCTION
The amount of medical data generated from medical devices has surged in recent years owing to the increase in medical attention and digital requirements imposed by the COVID-19 pandemic [1].Coupled with the increase in electronic communication due to globalization, this increase in digital requirements also increases the risk of security threats to medical devices as well as their generated data.
Several techniques have been used to implement security solutions for medical devices and data [2].Generally, the conventional approach uses a deterministic process based on a set of logical rules.This approach is used in conventional information and cybersecurity software, particularly for The associate editor coordinating the review of this manuscript and approving it for publication was Chien-Ming Chen .
signature-based detection.Another approach is the use of a stochastic process, such as a machine learning process.
With the improvement of learning algorithms in recent years, the latter has gained much attention from research and industry, especially in behavioral detection.In some cases, a hybrid approach consisting of both deterministic and stochastic processes is employed.
One problem with medical data is that they are generated by devices with different properties, whose values may have little or no correlation with each other; that is, they are highly heterogeneous.Observation from a thermometer and from an Electrocardiogram (ECG), for example, may have little or no correlation with each other, and using one to interpret the other may lead to incorrect medical decisions.Managing such unrelated types of data is conventionally performed using non-relational databases such as big data [3].
In medical big data, data sources mostly originate from medical devices.Once collected from these sources, the data can be processed in batches or streamed.Analytics can be performed on the data to enable decision-making.For remote medical devices, there is a high requirement for their data to be collected and transferred to a centralized server that hosts the big data database, where most of the analytics is performed.
To support the high requirement for the transfer of medical data from one location to another, there is a need for an efficient communication network to interconnect the devices that generate the data.This requirement to interconnect medical devices has led to the use of Internet of Things (IoT) technology in most medical institutions.The IoT is a communication technology that enables the interconnectivity of all types of devices.A simple architecture of an IoT network for medical devices is shown in Figure 1 where body sensors, a gateway (e.g mobile phone), cloud, local servers, and personal computers are interconnected.Similar to any other communication technology, IoT technology relies on different communication protocols organized in layers to maintain interconnectivity between devices.These protocols include Extensible Messaging and Presence Protocol (XMPP) and Message Queuing Telemetry Transport (MQTT).A comprehensive list of IoT protocols for medical device networks is provided in [4].
Using network technology such as IoT to connect and transfer data from different devices implies that the security requirement of the data depends not only on the devices but also on the network technology.A vulnerability to network protocols and devices puts the generated data in a vulnerable state, and a threat to the network protocols is a threat to the devices and data.In Table 1, a list of common threat profiles for Medical IoT networks is presented.
Developing a solution to detect and prevent medical IoT attacks is important in medical cybersecurity, and different approaches have been described in the literature [2].These approaches can be classified as signature-based, behaviorbased, or hybrid.Moreover, the solution logic can be deterministic, stochastic, or both.
From the list of security attacks presented in Table 1, we focus on the detection of a Distributed Denial of Service (DDoS) attack on medical IoT devices and networks.
DDoS is a security attack on data availability and integrity.It involves an attacker who uses a command and control system to recruit remote devices in a network by inflicting them with malware and later uses these recruited (or zombie) devices to launch an attack simultaneously on a target device, as illustrated in Figure 1.

A. RELATED WORKS
A DDoS attack on a medical IoT network is an attack on unauthorized access during DDoS malware propagation to recruit zombie devices, and also on availability, during DDoS traffic to the target device using the zombie devices.Thus, it poses a threat to both data and device security.Therefore, an unauthorized access prevention technique for an IoT device is required to achieve device security, whereas an availability-protection technique is required for data security.
In general, most techniques for medical IoT and big data security focus on approaches based on machine learning, statistics, software-defined networks (SDN), and fog computing.This study focuses on the machine learning approach.
Ilhan et al. [5] proposed a detection model of cybersecurity attacks in healthcare systems using recursive feature elimination (RFE) and multilayer perception (MLP).Their model uses logistic regression and extreme gradient boosting models for optimal feature selection.Their proposed model has high performance on different IoT and medical IoT datasets as compared to other models in their work.
Hussain et al.  shows that the DT, RF, and KNN models are more suitable for their proposed solution.
Kaur and Gupta [9] proposed a DDoS detection model for IoT-based healthcare systems.Their solution, which involves the use of the density peak-based covariance matrix KNN (DPTCM-KNN), is based on the combination of a statistical approach and the KNN machine learning technique.This solution was tested on the Beut and NSL KDD datasets and proved to outperform the SVM in the same process.
Awan et al. [10] proposed a real-time DDoS detection using RF and multi-layer perceptron (MLP) machine learning models.Their solution was implemented with and without big data, but the big-data solution outperformed the non-big-data solution.
Mona et al. [11] proposed a solution based on mutual information and random forest feature importance.They used these methods for feature selection to reduce the DDoS misclassification of different machine learning models.Their results showed that such feature selection methods lead to a higher detection accuracy of DDoS using machine learning models.Maslan et al. [12] proposed a similar feature selection technique that uses a regression model called maxdependency.
Neto et al. [13] proposed a collaborative DDoS detection solution for a general IoT system, including e-health, by using federated learning.They used different deep-learning instances for each pool of data sources to generate the local parameters.To obtain a global result for the overall system, all local parameters were combined and optimized using federated learning techniques.A similar approach was proposed by Popoola et al. [14] for botnet attacks, such as DDoS, on data privacy.Federated learning approaches are on the rise in collaborative IoT security because of their distributed framework; however, the risk of such an approach is enormous, as explained in [15] and [16].
Furthermore, Ferrag et al. [17] present a comprehensive survey with an experimental analysis of federated deep learning approaches for cybersecurity in IoT networks.The main experimental finding in the paper is that federated learning models, specifically federated deep learning models, provide higher IoT device and data privacy than centralized models, and do so with higher detection accuracy on the Bot-IoT, MQTTset, and the TON_IoT dataset.
Finally, Bhayo et al. [18] presented a machine learningbased framework for DDoS attack detection in softwaredefined IoT (SD-IoT) networks.They built a machine learning framework based on NB, SVM, and DT into the SDN-WISE controller to detect DDoS attacks.Their framework proved to be superior in detection performance than other DDoS detection models used in SDN-WISE controllers.
For a general understanding of the related literature, a number of qualitative properties were used to categorize and compare the different related works in their significance on DDoS attack detection in medical IoT using machine learning.These properties include the use of DDoS attacks, machine learning models, medical datasets, and IoT datasets.This categorical comparison is presented in Table 2.
In this paper, we focus on both data and IoT device security in medical information technology (IT) infrastructure, using a machine learning approach based on collaborative agents that use heterogeneous data sources, defined using different input features.The importance of a collaborative approach to cybersecurity was presented in [19].
Literally, collaboration is the process where two or more entities work together, with the same or different purpose, to complete a common action (e.g., mission or task) or achieve a common target (e.g., vision, goal, objective, outcome, or output).Thus, agents can collaborate on a target or on an action, but since target and action are linked by a purpose, the collaboration on an action entails a collaboration on a target, and vice-versa.In this way, a collaborative action on a target may be divided into multiple partial actions defined by the nature of the target perceived by the agent.In this study, we use classification as the partial action on the target, to achieve a collaborative prediction on the target.However, partial regression and classification can also be used collectively.
The proposed model in this study distinguishes itself from the others in that it considers the environmental diversity and value exchange process of interactive logical agents.The model can be easily scaled for various applications.

B. CONTRIBUTIONS
The contributions of this paper are listed as follows: • We propose a collaborative learning model based on causal and mutual value exchanges between agents with different input properties (i.e., distributed environments).These values are generated and learned by the agents.This is different from other collaborative learning approaches such as ensemble learning where there is no value exchange between the agents during learning, and federated learning where the exchange value between agents during learning is an accumulation of their parameters by a central agent.Our proposed approach uses a peer-to-peer value exchange mechanism between the agents in distributed environments.
• We propose a specific algorithm to implement the model.The algorithm is based on collaborative prediction and the learning of causal and mutual values.This is completely different from conventional methods because conventional methods are based on the optimization of causal values.

C. ORGANIZATION
The rest of the paper is organized as follows: Section II presents the conventional approach based on deep neural network (DNN).Section III focuses on modeling the proposed approach.These include feature segmentation, agent design, and detection processes.Section IV presents experimental results.This study is concluded in Section V.

II. CONVENTIONAL APPROACH
In this section, we present an approach to solving the medical IoT security problem using deep neural networks.
A deep neural network requires a vector of input properties (or features) to make predictions and training about an output (or target) property.
Consider a dataset denoted by Q, with each element (i.e., instance) {Q 1 , Q 2 , . ..} in the set Q consisting of two tuples of input and output, expressed as Q i = (X i , y i ), where X i and y i represent the ith input instance and the corresponding output instance.
Generally, the prediction operation of such a model is mathematically defined for each instance where ŷi is the predicted output value corresponding to the input X i .Note that f (X ; θ) is a fixed function that represents the prediction operation of the model, where X is an input vector and θ is a set of parameters that define the function.
Next, a learning mechanism is defined for the model to optimize a set of parameters θ such that the output value ŷi approaches the true output value y i .Let θ (0) denote the initial set of the parameters.The training proceeds from k = 0 as follows: ) where y is the true output value, θ is the optimized parameter, L(Z ) is an abstraction of the learning operation of the model, Z is the learning value (i.e., the cost value), (y, ŷ) is the function (i.e., the cost function) defining the learning value, and the superscript k in each variable represents the learning epoch.
As a specific example, based on the five input properties in the ECU-IoHT medical dataset [20], a deep neural network model with input property X defined by five input vectors (x 1 , x 2 , x 3 , x 4 , x 5 ) is described as follows: where y is the true security state of the medical device with respect to a DDoS attack and can take a binary value representing DDoS or Bagnin traffic, x 1 is the time stamp of the packet, x 2 is the source IP address, x 3 is the destination IP address, x 4 is the protocol type, x 5 is the length of the packet frame in bytes, and θ is a vector of parameters.
Figure 2 illustrates the structure of a deep neural network with four layers operating in the medical IoT environment defined by the ECU-IoHT medical dataset.
Different predictive functions can be used for each layer of a deep neural network.This includes the sigmoid function, softmax function, and ReLU function.In addition, the main learning mechanism of a deep neural network is backpropagation, and the learning values (i.e., the cost value) include cross entropy and mean square error.
Conventional deep neural networks are not capable of handling single or multiple output properties collaboratively, which is a limitation on their role as collaborative agents.In this regard, we propose a model that considers a collaborative mechanism, which can lead to more accurate prediction results than the conventional model.

III. PROPOSED METHOD
In this study, we focused on the use of collaborative learning agents to detect security attacks.Unlike the conventional learning model that uses independent learning agents, we introduce a mutual value exchange between agents to enhance their collaboration regarding the security target.This approach is intuitive as it is analogous to how humans collaborate on a target; they share knowledge about each other's experiences on the target as they work independently on the target.The problem is defined below.
Consider a medical IoT traffic dataset denoted by Q, with each element (i.e., instance) {Q 1 , Q 2 , . ..} in the set Q consisting of two tuples of input and output, expressed as Q i = (X i , y i ), where X i and y i represent the ith input and the corresponding output instance.The output instance can be Bagnin or DDoS, but not both at the same input instance.
All input instances corresponding to Bagnin output are considered legitimate while those corresponding to DDoS are considered illegitimate.The research problem is to build an agent that can learn to detect if an instance is Bagnin or DDoS.Our proposed solution is depicted in Figure 3.The proposed solution involves the following four steps: 1) feature extraction and segmentation of incoming network traffic, 2) agent design, 3) intrusion detection, and 4) intrusion prevention.These steps are illustrated in Figure 3.In this study, we focus only on the first three steps.The proposed solution can be installed on a front-end server as a network-based security system for medical IoT edge (i.e., fog) networks.

A. FEATURE EXTRACTION AND SEGMENTATION
In the feature extraction and segmentation step, each instance of the input properties from traffic data X is extracted and segmented into two (or multiple) sub-vectors X a and X b , creating a data subset Q a = (X a , y) and Q b = (X b , y), respectively.Each sub-vector is considered as the input property of the security target y for a given agent.
If the extracted data are those provided in the ECU-IoHT medical dataset [20] described in Section II, we arbitrarily segment the five properties into two groups, as follows: The output property y defines the state of the target; in this case, it corresponds to the security state of a medical IoT device.This can include the state of DDoS or other related attacks on the same or different devices.
In the case of the ECU-IoHT medical dataset, we consider y as the true security state of the medical device with regard to a DDoS attack and can take a binary value representing DDoS or Bagnin traffic.Therefore, this output property is dedicated to each agent during the collaborative process.

B. AGENT DESIGN
We consider an agent as an entity that seeks a target.It takes actions (or beliefs) on the target.The actions taken by the agent can be causal or non-causal.In this study, causal action is considered as a conditional action [21], [22] while non-causal action is considered as a mutual action [23].
Consider a causal and mutual action defined using probabilistic functions.Given a vector of input property X l,i and an output y i in a dataset Q l,i , where l ∈ {a, b} represents the index of a data subset or the agent, we can define the causal and mutual action instances of agent l in a collaborative network as follows: where y i is an instance of the target (or output) property, X l,i is an instance of the vector of input properties of agent l, ŷc,l,i is an instance of the causal action of agent l on the target, ŷm,l,i is an instance of the mutual action of agent l on the target, θ c,l is the parameter of agent l that enables the causal action, θ m,l is the parameter of agent l that enables the mutual action, and P(.) denotes a probability function.Consider Figure 4, which represents a collaborative network of two neural network agents, a and b.Each agent takes a sequence of causal and mutual action pairs arranged in layers.Each causal action of an agent depends on those in the agent's previous layer, and each mutual action depends on those in the agent's previous layer.
Layers 1, 2, 3, and 4 represent pairs of causal and mutual actions for each agent.Layer 1 is the input layer, layers 2 and 3 are the hidden layers, and layer 4 is the output layer.The outputs of each layer are the causal and mutual values that propagate in the collaborative network in a particular order.
The relationship that defines the collaborative action of the two agents on the target y, and their causal and mutual actions as shown in Figure 4  = ŷm,a and = ŷm,b are mutual actions of agents a and b, and P(y) = ŷ is a prior collaborative action of the agents.
For mutual collaboration to exist between the agents, we defined a mutual equivalence property given as Using this collaborative framework, it is easy to observe that if the causal action of one agent (i.e., partial causal action) is independent of the causal action of the other agent, this will lead to an ensemble learning model [24] when they share segmented input instances rather than input properties.In addition, the same situation leads to a federated learning model [25] when they share their parameters on a vertically or horizontally decentralized dataset.

1) PREDICTION ACTION
According to (III.4), the joint causal action ŷc,ab of the collaborative agents defines the collaborative prediction of the agents and is a combination of their respective causal and mutual actions.This can be expressed as The collaborative action ŷc,ab is optimized by simultaneously optimizing the causal and mutual actions of each agent as described in Section III-B2, and implemented using Algorithm 1.In addition, ŷ and ŷm,b are respectively used as the regularizer and normalizer of the partial causal predictions.
Furthermore, ŷ can also be used to define the global cost of the collaboration during learning.This may not be necessary because our approach is based on partial learning to achieve a joint value rather than directly learning the joint value.
In fact, ŷ can be omitted and ŷc,ab can be predicted and learned using the following approximation of (III.where n corresponds to the number of agents in collaboration and n = 2 in our example model.
The value of n influences the complexity, flexibility, and uncertainty in the collaborative network.The analysis of these properties is reserved as future work.

2) LEARNING ACTION DEFINITION
The learning process of agents in the collaborative network presented in Figure 4 involves the simultaneous optimization of their causal and mutual values about the target y by learning the parameters θ c,l and θ m,l of each agent l ∈ {a, b}.If the learning process is closed in each agent, it follows that ŷ(k c ) c,l,i = P(y (III.12) where L c (Z c,l ) and L m (Z m,l ) are the abstractions of the causal and mutual learning models, Z c,l and Z m,l are the causal and mutual learning values, c (y, ŷc,l ) and m (y, ŷm,l ) are the functions of the causal and mutual learning values, and k c and k m are the causal and mutual learning epochs, respectively.
Considering a backpropagation learning mechanism based on gradient descent optimization of the learning value, the learning process for each agent is defined as (mutual learning) (III.14) where η c,l and η m,l are the causal and mutual learning rates.

C. DETECTION PROCESS
The cyber attack detection process entails both causal and mutual actions in the learning and prediction processes.The algorithm for the detection process is as follows: Algorithm 1 Collaborative Batch Learning and prediction Require: where ⊙ represents element-wise multiplication of two vectors, k c is the causal learning epoch, k m is the mutual learning epoch, and τ is the collaborative learning epoch.
Different learning techniques can be used for causal and mutual learning.In addition, apart from the minmin synchronized optimization used in Algorithm 1, the optimization can also be a maxmax, maxmin or minmax optimization depending on the target and learning value of the agents.
It should be noted that this learning technique can also be used to explain other multi-agent machine learning models such as the Generative Adversarial Networks (GAN) model [26], which consists of a set of sequentially synchronized learning agents.

D. PERFORMANCE EVALUATION
We present different types of performance metrics that can be used to evaluate the proposed model.We group these into three categories: predictive performance, learning performance, and system performance.

1) PREDICTIVE PERFORMANCE
We consider the predictive performance to be the performance of the agents in taking a prediction action on the target compared to that of the correct action on the target, for single or multiple observation instances.Prediction performance measures can be distinguished for both discrete and continuous target output.These are mostly statistical measures.
For a discrete target output, the measures include accuracy, precision, recall, F1-score, and Area under the receiver operating characteristic curve (AUC ROC), which can all be evaluated using the confusion matrix.For a continuous target output, the performance measures include the mean square error, mean absolute error, root mean square error, and R 2 coefficient of determination.The prediction performance measures are discussed in more detail in [27].

2) LEARNING PERFORMANCE
We consider the learning performance as the predictive value with respect to the true value that the collaborative agents have optimized over the learning epoch.This value can be measured using any learning value (i.e., the cost value), such as root mean square error, cross-entropy, and Kullback-Liebler (KL) divergence over a learning epoch.This enables us to capture the generalization error of the model, which is a combination of the bias and variance errors.
In this study, we used cross entropy as the learning value for both causal and mutual actions.
where n is the number of classes, y is the true label, ŷ is the predicted label, and P(.) is the probability of a label.

3) SYSTEM PERFORMANCE
We consider the system performance as the implementation performance of the model as a system.This is related to the computational complexity performance of the model.In this category are measures such as the Big O notation, floating-point operations (FLOPs), floating-point operations per second (FLOPS), multiply-accumulate operations (MACs), latency, throughput, response time, robustness, stability, memory operations, and energy usage of the model as a system.Apart from performance evaluation measures, other evaluation measures such as statistical significance, confidence interval, sensitivity analysis, and model comparison measures can also be used to evaluate the model.Some of these evaluation measures used in this study are the Akaike Information Criterion (AIC) for model comparison and the 2σ uncertainty measure for sensitivity analysis.

IV. EXPERIMENT AND RESULT
The aim of the experiment is to demonstrate the performance of our proposed collaborative learning model in detecting DDoS attacks in medical IoT networks and compare the performance results with conventional models.To validate the generalization of our proposed model in different environments, we perform a simulation on different datasets and compare the results with those of other models.

A. EXPERIMENTAL SETUP
The dataset for the experiment is based on the ECU-IoHT dataset [20], which has been used for analyzing cyberattacks on the Internet of Health Things [28].The Intensive Care Unit (ICU) dataset [6] created using the IoT-Flock tool [29] and the ToN_IoT dataset [30] were used to validate the generalization of our model in different environments.

1) DATASET AND FEATURE PRESENTATION
The ECU-IoHT dataset [20] has eight fields: time stamp of packet, source address of packet, destination address of packet, network protocol of packet, length of packet frame in bytes, information of packet, network status, and attack type.
The type (or network status) field and type of attack field represent the attack labels of the dataset.The network status field was used as the label.Regarding the input features, we excluded the packet information field because it contains packet information reports that may not be helpful in attack detection.Therefore, we used five input features to train the model.Table 3 presents statistics of the dataset.

TABLE 3. List of attacks and input fields used in the ECU-IoHT dataset.
A DDoS attack constitutes both a DoS attack and a port scanning attack.In addition, a Smurf attack is a type of attack that uses DDoS.smurf malware to render network 142670 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
service inoperable by flooding Internet Control Message Protocol (ICMP) packets to targeted network devices.In this regard, we used DoS, Nmap port scanning, and Smurf attack instances in this experiment.
Therefore, 85395 attack instances and 23454 no-attack instances were used during this experiment, resulting in a total of 108849 attack instances.
Related to the ICU [6] and ToN_IoT [30] datasets, their contents are described in Tables 4 and 5, respectively.

2) DATASET PRE-PROCESSING
The first in pre-processing is to encode categorical information in the dataset.The label encoding technique was used to encode the target output y, whereas One-Hot encoding was used to encode the source IP, destination IP, and network protocol fields.
Next, normalization operations were performed on the dataset using minmax scaling.
where X is a field in the dataset.
The 108849 attack instances of the dataset were split into training and testing instances, as shown in Table 6.The five input fields are divided into two groups.One group consists of the time stamp and the length of the packet fields, whereas the other group consists of the remaining fields.Each collaborative agent was assigned one group of input fields.
We also split the ICU and ToN_IoT datasets into 70% training instances and 30% test instances.One-Hot encoding was used to encode categorical data, while label encoding was used to encode the labels.
3) AGENT MODELS AND PARAMETERS  These parameter settings are for the ECU-IoHT dataset.For the other datasets, only the number of input nodes was changed with respect to their number of features whereas the remaining parameters and hyperparameters were unchanged.
Also, the hyperparameters such as the learning rate, learning cycle (i.e., epoch), the number of layers per network, and the number of nodes per layer, were selected without rigorous hyperparameter turning (optimization) technique.We will investigate hyperparameter training in future work.

B. RESULTS AND DISCUSSION 1) ECU-IOHT DATASET RESULTS
The learning and the receiver operating characteristic (ROC) curves for the ECU-IoHT datasets for each model in Table 7 are presented in Figures 5, 6 and 7.
Figure 5 illustrates the learning curves of our collaborative agent model compared with the conventional models.From the learning curve, the proposed model reduces the normalized cost value to a lower point of stability than the others.The corresponding accuracies during learning are shown in Figure 6.The proposed model turns out to learn more accurately than the other models on the dataset.
However, to confirm the degree of generalization on the dataset, we also performed a prediction performance   measurement using the ROC function.The results are presented in Figure 7, where we observe that our model has a higher AUC ROC than the conventional models and hence can distinguish between target classes more accurately than the other models.

2) ICU AND TON_IOT DATASETS RESULTS
The learning and ROC curves obtained by the ICU datasets are shown in Figures 8, 9 and 10, whereas those by the ToN_IoT datasets are shown in Figures 11,12 and 13, all evaluated for each model in Table 7.For both datasets, we observe that our model has a higher AUC, accuracy, and a lower normalized cost value than the conventional models and generalizes on the dataset better than the other models.

3) NUMERICAL COMPARISONS
Table 8 compares the models in terms of their accuracy, precision, recall, F-score, and AIC delta score (△AIC) on the prediction of the test datasets.It demonstrates that our model performs well under most of the prediction metrics on all the datasets.Due to its large number of parameters, it turns out to have a higher △AIC value than the other models.However, such a large number of parameters is due to the collaborative framework, which is more of a merit than a demerit as explained in Section III.
Apart from these predictive performance results, we also evaluated the computational performance on the prediction actions of the models based on the FLOPs, FLOPS, and MACs computational measures.The experiments were   performed on a quadcore 4GHz processor with 16 doubleprecision (DP) FLOPs per cycle (i.e., 256 GFLOPS DP), but the required FLOPS of the models were estimated using the latency (execution time) and FLOPs of their predictions.
Furthermore, the uncertainties (epistemic) of the models for each dataset were also evaluated using the ensemble method with 25 ensembles for each model.
As shown in Table 9, the FLOPs, latency, FLOPS, and MACs values of our model are higher than the other models.This is due to its collaborative framework consisting of many computing agents.However, the generalization (i.e., error) and generalization uncertainty (i.e., error variability) of our model are better than those the other models on all the datasets because of its lower median and 2σ uncertainty values, respectively.This can also be confirmed by the graphs of the normalized cost values in Section IV-B1-IV-B2.
Also, the fact that the required FLOPS of the models are less than the 256 GFLOPS can be due to many factors such as computational overload, memory operations, and latency degradations of the computing platform.
Lastly, in Table 10 we compare the statistical performance results of our model with those of other studies using the same datasets in medical IoT security.
From the prediction results in Table 10, our model outperforms most of the other models on the ICU and ToN_IoT datasets under most of the metrics, but the model proposed by Ilhan et al. [5] has a better recall and F-score on the ECU-IoHT dataset and a better recall on the ICU dataset.In addition, the DT and KNN models proposed by Zachos et al. [8] have better precision and recall.These are some of the few instances in which the other models outperformed the proposed model.

V. CONCLUSION
This study aimed to detect DDoS attacks on medical IoT systems using a collaborative machine learning approach.We defined the agents for this purpose and established a mutual value exchange mechanism among the agents on their separate causal actions on the target.
The drawback of the proposed model is that it requires higher design complexity than conventional feedforward neural networks, making it more computationally expensive.
Nevertheless, apart from having a better generalization on a given dataset, joining two networks to collaborate synchronously or asynchronously on a target is an important feature of our model.This is because such a collaborative technique is a type of multi-task learning that can be used to solve spatial and temporal identical multi-label problems in machine learning by attributing each agent in the collaborative network an instance of the same target, in a temporal and/or spatial domain, and letting them share mutual values with other agents during learning to enhance their performance on the target.Insofar as they exchange mutual value between themselves, their collaborative action on the target, given in Proposition 3.1, will be their partial actions on their respective target instances irrespective of space and time.
Furthermore, related to the security and privacy of medical IoT data, devices, and networks, one of the advantages of this model is the use of information from distributed (segmented) environments.Similar to federated learning, this provides high data and device privacy that enhances data and device security properties such as integrity and confidentiality.This is because one of the major cyber security vulnerabilities for medical IoT networks is the heterogeneity of their data sources.If any data source is compromised, the whole system is at risk of an attack.The challenge with conventional models is that they involve the building of different independent solutions for a common attack based on the data sources.The Collabo approach provides a single model that takes into account all the different segments of the data sources used by any given medical IoT network.
In both the collabo and federated model, the prediction of a security attack such as DDoS further provides security related to the availability and integrity of the data, device, and network.But unlike federated learning which approaches the security problem by exchanging learning parameters via a central server, the collabo approach uses a mutual value, which is exchanged between the agents without the use of any central agent.This explains its low latency as compared to federated learning in Table 9.
Finally, the proposed collaborative machine learning model, where multiple learning agents are used to learn and predict a target in a heterogeneous environment, may be deployed in different applications where heterogeneity is present such as in signal processing, natural language processing, and autonomous driving.

FIGURE 1 .
FIGURE 1. Medical IoT network with benign and malicious traffic.

[ 6 ]
developed a framework for malicious traffic detection in IoT healthcare environments.They first created a framework for IoT data generation called IoT-Flock and then used the framework to generate medical IoT data for machine learning applications in medical environments.The models include Naive Bayes (NB), K-Nearest Neighbors (KNN), Random Forest (RF), Adaboost (AB), Logistic Regression (LR), and Decision Tree (DT) classifiers.Their results validate the use of the models and generated data in IoT healthcare environments.Khan et al. [7] proposed a model named XSRU-IoMT, for the effective and timely detection of sophisticated attack vectors such as DDoS in internet of medical things (IoMT) networks.The model uses bidirectional simple recurrent units (SRU) to achieve a fast training process in recurrent networks.The proposed model has a higher performance on the TON_IoT dataset as compared to other models.Zachos et al. [8] proposed an anomaly-based intrusion detection system (IDS) for (IoMT) networks.Their model is focused on both host-based and network-based techniques to collect log files from the IoMT devices and the gateway.They used DT, NB, LR, RF, KNN, and support vector machines (SVM) models in the central detection (CD) component of their proposed anomaly-based IDS.The result

FIGURE 2 .
FIGURE 2. DDoS attack detection in an IoT network using deep neural network model.

FIGURE 3 .
FIGURE 3. Detection and prevention of DDoS attack in network traffic.

FIGURE 4 .
FIGURE 4. A causal and mutual relationship flow in the proposed multi-agent collaborative learning model.(a) Transversal view (b) Lateral view.
are represented as the joint causal actions ŷc,ab of the two agents on the target y based on their partial causal action ŷc,a and ŷc,b , while interchanging their mutual actions ŷm,b and ŷm,b .The following axiom and proposition (proven in Appendix A) define the collaborative action: Axiom 3.1: (Conditional Independence of Input Properties) P(X a |y, X b ) = P(X a |y) and P(X b |y, X a ) = P(X b |y) Proposition 3.1: ŷc,ab = P(y|X a , X b ; θ c,a , θ c,b , θ m,a , θ m,b ) = P(y|X a ; θ a )P(y|X b ; θ c,b ) P(X a |X b ; θ ′ b ) P(X a ) y|X a ; θ a ) = ŷc,a and P(y|X b ; θ b ) = ŷc,b are partial causal actions of agents a and b, P(X b |X a ;θ ′ a ) P(X b ) 6): ŷc,ab = ŷc,a ŷc,b n ŷm,b (III.7)

FIGURE 5 .
FIGURE 5. Cost-based learning curve of our model on DDoS attack detection compared to other models using ECU-IoHT training dataset.

FIGURE 6 .
FIGURE 6. Accuracy-based learning curve of our model on DDoS attack detection compared to other models using ECU-IoHT training dataset.

FIGURE 7 .
FIGURE 7. ROC curve of our model on DDoS attack detection compared to other models using ECU-IoHT test dataset.

FIGURE 8 .
FIGURE 8. Cost-based learning curve of our model on DDoS attack detection compared to other models using ICU training dataset.

FIGURE 9 .
FIGURE 9. Accuracy-based learning curve of our model on DDoS attack detection compared to other models using ICU training dataset.

FIGURE 10 .
FIGURE 10.ROC curve of our model on DDoS attack detection compared to other models using ICU test dataset.

FIGURE 11 .
FIGURE 11.Cost-based learning curve of our model on DDoS attack detection compared to other models using ToN_IoT training dataset.

FIGURE 12 .
FIGURE 12. Accuracy-based earning curve of our model on DDoS attack detection compared to other models using ToN_IoT training dataset.

FIGURE 13 .
FIGURE 13.ROC curve of our model on DDoS attack detection compared to other models using ToN_IoT test dataset.

TABLE 1 .
Common cybersecurity threat profile for medical IoT networks.

TABLE 2 .
Comparison of existing literature on machine learning approaches to DDoS attack in Medical IoT Networks.

TABLE 4 .
List of classes and input fields used in the ICU dataset.

TABLE 5 .
List of attacks and input fields used in ToN_IoT (Network) dataset.

TABLE 6 .
Partition of attack instances into training and test instances.

Table 7
presents the simulation parameters of the models used in this experiment.

TABLE 7 .
Simulation parameters of our model and conventional models.

TABLE 8 .
Predictive performance and comparison of the models.

TABLE 9 .
Computational performance and uncertainty of the models.

TABLE 10 .
Comparison of our model with models from other research works.