{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:34:49Z","timestamp":1773840889799,"version":"3.50.1"},"reference-count":26,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2023,12,17]],"date-time":"2023-12-17T00:00:00Z","timestamp":1702771200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>In recent years, the combination of wireless body sensor networks (WBSNs) and the Internet ofc Medical Things (IoMT) marked a transformative era in healthcare technology. This combination allowed for the smooth communication between medical devices that enabled the real-time monitoring of patient\u2019s vital signs and health parameters. However, the increased connectivity also introduced security challenges, particularly as they related to the presence of attack nodes. This paper proposed a unique solution, an enhanced random forest classifier with a K-means clustering (ERF-KMC) algorithm, in response to these challenges. The proposed ERF-KMC algorithm combined the accuracy of the enhanced random forest classifier for achieving the best execution time (ERF-ABE) with the clustering capabilities of K-means. This model played a dual role. Initially, the security in IoMT networks was enhanced through the detection of attack messages using ERF-ABE, followed by the classification of attack types, specifically distinguishing between man-in-the-middle (MITM) and distributed denial of service (DDoS) using K-means. This approach facilitated the precise categorization of attacks, enabling the ERF-KMC algorithm to employ appropriate methods for blocking these attack messages effectively. Subsequently, this approach contributed to the improvement of network performance metrics that significantly deteriorated during the attack, including the packet loss rate (PLR), end-to-end delay (E2ED), and throughput. This was achieved through the detection of attack nodes and the subsequent prevention of their entry into the IoMT networks, thereby mitigating potential disruptions and enhancing the overall network efficiency. This study conducted simulations using the Python programming language to assess the performance of the ERF-KMC algorithm in the realm of IoMT, specifically focusing on network performance metrics. In comparison with other algorithms, the ERF-KMC algorithm demonstrated superior efficacy, showcasing its heightened capability in terms of optimizing IoMT network performance as compared to other common algorithms in network security, such as AdaBoost, CatBoost, and random forest. The importance of the ERF-KMC algorithm lies in its security for IoMT networks, as it provides a high-security approach for identifying and preventing MITM and DDoS attacks. Furthermore, improving the network performance metrics to ensure transmitted medical data are accurate and efficient is vital for real-time patient monitoring. This study takes the next step towards enhancing the reliability and security of IoMT systems and advancing the future of connected healthcare technologies.<\/jats:p>","DOI":"10.3390\/computers12120262","type":"journal-article","created":{"date-parts":[[2023,12,18]],"date-time":"2023-12-18T05:41:35Z","timestamp":1702878095000},"page":"262","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-1239-0066","authenticated-orcid":false,"given":"Abdullah Ali Jawad","family":"Al-Abadi","sequence":"first","affiliation":[{"name":"Laboratory of Signals, Systems, Artificial Intelligence and Networks (SM@RTS), Digital Research Center of Sfax (CRNS), University of Sfax, National School of Engineers of Sfax (ENIS), Sfax 3038, Tunisia"}]},{"given":"Mbarka Belhaj","family":"Mohamed","sequence":"additional","affiliation":[{"name":"Laboratory of Signals, Systems, Artificial Intelligence and Networks (SM@RTS), Digital Research Center of Sfax (CRNS), University of Sfax, National School of Engineers of Gabes (ENIG), Gabes 6029, Tunisia"}]},{"given":"Ahmed","family":"Fakhfakh","sequence":"additional","affiliation":[{"name":"Laboratory of Signals, Systems, Artificial Intelligence and Networks (SM@RTS), Digital Research Center of Sfax (CRNS), University of Sfax, National School of Electronics and Telecommunications of Sfax (ENET\u2019com), Sfax 1163, Tunisia"}]}],"member":"1968","published-online":{"date-parts":[[2023,12,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1701","DOI":"10.1080\/09720529.2021.1880145","article-title":"L-RTAM: Logarithm based reliable trust assessment model for WBSNs","volume":"24","author":"Kumar","year":"2021","journal-title":"J. Discret. Math. Sci. Cryptogr."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"e4049","DOI":"10.1002\/ett.4049","article-title":"A survey on security threats and countermeasures in internet of medical things (IoMT)","volume":"33","author":"Papaioannou","year":"2022","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_3","first-page":"297","article-title":"DoS\/DDoS Detection for E-Healthcare in Internet of Things","volume":"9","author":"Sami","year":"2018","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"106576","DOI":"10.1109\/ACCESS.2020.3000421","article-title":"Intrusion detection system for healthcare systems using medical and network data: A comparison study","volume":"8","author":"Hady","year":"2020","journal-title":"IEEE Access"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Iwendi, C., Anajemba, J.H., Biamba, C., and Ngabo, D. (2021). Security of things intrusion detection system for smart healthcare. Electronics, 10.","DOI":"10.3390\/electronics10121375"},{"key":"ref_6","unstructured":"Kamble, P., and Gawade, A. (2020). Advanced Computing Technologies and Applications, Proceedings of the 2nd International Conference on Advanced Computing Technologies and Applications\u2014ICACTA, Mumbai, India, 28\u201329 February 2020, Springer."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Hussain, F., Abbas, S.G., Shah, G.A., Pires, I.M., Fayyaz, U.U., Shahzad, F., and Zdravevski, E. (2021). A framework for malicious traffic detection in IoT healthcare environment. Sensors, 21.","DOI":"10.3390\/s21093025"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Newaz, A.I., Haque, N.I., Sikder, A.K., Rahman, M.A., and Uluagac, A.S. (2020, January 7\u201311). Adversarial attacks to machine-learning-based smart healthcare systems. Proceedings of the GLOBECOM 2020\u20142020 IEEE Global Communications Conference, Taipei, Taiwan.","DOI":"10.1109\/GLOBECOM42002.2020.9322472"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"727","DOI":"10.1007\/s11277-020-07250-0","article-title":"IC-MADS: IoT enabled cross layer man-in-middle attack detection system for smart healthcare application","volume":"113","author":"Kore","year":"2020","journal-title":"Wirel. Pers. Commun."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Yaser, A.L., Mousa, H.M., and Hussein, M. (2022). Improved DDoS Detection Utilizing Deep Neural Networks and Feedforward Neural Networks as Autoencoder. Future Internet, 14.","DOI":"10.3390\/fi14080240"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Wang, Y., Li, Y., Wang, X., and Zhao, X. (2015, January 23\u201324). A novel traffic generator for switch testing. Proceedings of the 2015 International Conference on Environmental Engineering and Remote Sensing, Phuket, Thailand.","DOI":"10.2991\/eers-15.2015.17"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.comnet.2015.09.026","article-title":"User behavior based traffic emulator: A framework for generating test data for DPI tools","volume":"92","author":"Megyesi","year":"2015","journal-title":"Comput. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"196","DOI":"10.46300\/91011.2022.16.26","article-title":"Secure and Reliable ML-based Disease Detection for a Medical Wireless Body Sensor Networks","volume":"16","author":"Mohamed","year":"2022","journal-title":"Int. J. Biol. Biomed. Eng."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Lee, S.-H., Shiue, Y.-L., Cheng, C.-H., Li, Y.-H., and Huang, Y.-F. (2022). Detection and Prevention of DDoS Attacks on the IoT. Appl. Sci., 12.","DOI":"10.3390\/app122312407"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1401683","DOI":"10.1155\/2022\/1401683","article-title":"Detection of DDoS Attack within Industrial IoT Devices Based on Clustering and Graph Structure Features","volume":"2022","author":"Jing","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_16","unstructured":"Allouzi, M.A., and Khan, J.I. (2021). Identifying and modeling security threats for IoMT edge network using markov chain and common vulnerability scoring system (CVSS). arXiv."},{"key":"ref_17","first-page":"254","article-title":"Modern study on internet of medical things (IOMT) security","volume":"21","author":"Aljumaie","year":"2022","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"110227","DOI":"10.1016\/j.asoc.2023.110227","article-title":"Survey of Machine Learning based intrusion detection methods for Internet of Medical Things","volume":"140","author":"Boustia","year":"2023","journal-title":"Appl. Soft Comput."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1016\/j.comcom.2020.12.003","article-title":"An ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks","volume":"166","author":"Kumar","year":"2021","journal-title":"Comput. Commun."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"17403","DOI":"10.1007\/s11227-022-04568-3","article-title":"An investigation and comparison of machine-learning approaches for intrusion detection in IoMT network","volume":"78","author":"Binbusayyis","year":"2022","journal-title":"J. Supercomput."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"100887","DOI":"10.1016\/j.iot.2023.100887","article-title":"Artificial intelligence for IoMT security: A review of intrusion detection systems, attacks, datasets and Cloud-Fog-Edge architectures","volume":"23","year":"2023","journal-title":"Internet Things"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Faruqui, N., Yousuf, M.A., Whaiduzzaman, M., Azad, A., Alyami, S.A., Li\u00f2, P., Kabir, M.A., and Moni, M.A. (2023). SafetyMed: A Novel IoMT Intrusion Detection System Using CNN-LSTM Hybridization. Electronics, 12.","DOI":"10.3390\/electronics12173541"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"2053","DOI":"10.1109\/TII.2021.3089462","article-title":"Man-in-the-Middle attack mitigation in internet of medical things","volume":"18","author":"Salem","year":"2021","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1007\/s12525-021-00475-2","article-title":"Machine learning and deep learning","volume":"31","author":"Janiesch","year":"2021","journal-title":"Electron. Mark."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"239","DOI":"10.17762\/ijritcc.v11i6.7558","article-title":"Robust and Reliable Security Approach for IoMT: Detection of DoS and Delay Attacks through a High-Accuracy Machine Learning Model","volume":"11","author":"Mohamed","year":"2023","journal-title":"Int. J. Recent Innov. Trends Comput. Commun."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Al-Abadi, A.A.J., Mohamed, M.B., and Fakhfakh, A. (2023, January 19\u201323). Impact Of Availability Attacks On Enabling IoT Based Healthcare Applications. Proceedings of the 2023 International Wireless Communications and Mobile Computing (IWCMC), Marrakesh, Morocco.","DOI":"10.1109\/IWCMC58020.2023.10183010"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/12\/12\/262\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:40:18Z","timestamp":1760132418000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/12\/12\/262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,17]]},"references-count":26,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["computers12120262"],"URL":"https:\/\/doi.org\/10.3390\/computers12120262","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,12,17]]}}}