SMDAps: A Specification-based Misbehavior Detection System for Implantable Devices in Artificial Pancreas System

Implantable medical devices are playing a key role in the paradigm shift of providing healthcare services. Particularly, this paper highlights the role of artificial pancreas system (APS) in the management of blood sugar level, especially to patients that are diagnosed with Diabetes Mellitus (DM). APS provides convenience in the self-management of blood sugar level. However, because of the added wireless connectivity feature, the system can be exposed to more security threats and attacks. Hence, it is essential to resolve the security and privacy issues for APS. In this paper, we first introduce the basic architecture of the existing APS and elaborate the roles of each component. Then the security challenges for APS are discussed starting from the component that poses high risk to the patient's health and safety. To address those challenges, we propose a specification-based misbehavior detection system, called SMDAps, which monitors events within the APS to detect misbehaving components based on the behavior-rule that are derived systematically from the embedded system requirements. Moreover, the monitoring task is supplemented with an outlier detection method to detect anomalous glucose data points. To demonstrate the effectiveness of our approach, we emulate the functionalities of the embedded devices integrated into the APS and adopt a glucose-response model found in the UVa/Padova simulator. Based on investigation, the proposed glucose outlier detection can accurately distinguish anomalous glucose data points of more than 94% when such points deviate of more than 5% from the true value. Additionally, the effectiveness of SMDAps showed a dominating detection rate at a considerable degree when compared to the contemporary machine learning approaches such as Support Vector Machine and k-Nearest Neighborhood classifiers. The SMDAps, kNN, and SVM achieve a AUROC of 99.98%, 99.96%, and 99.95%, respectively, for detecting aggressive attacker type associated with the duration of exposure during the simulation runtime.