Network security framework for Internet of medical things applications: A survey

: Limited device resources and an ever-changing cybersecurity landscape compound the challenges faced by the network protection infrastructure for Internet of medical things (IoMT) applications, which include di ﬀ erent device ecosystems, privacy concerns, and problems with interoperability. Protecting private medical information in IoMT apps is challenging; a comprehensive strategy that provides user education, standard protocols, and robust security mechanisms is necessary to overcome these obstacles. With the advancement of IoMT, the network of clinical systems, gadgets, and sensors is integrated with the Internet of things (IoT) to enable intelligent healthcare solutions. However, the sensitive data sharing and the substantial connections in the IoMT systems raise security and privacy concerns in the network. Therefore, network security is critical in IoMT applications due to data breaches, vulnerabilities, and distributed denial of service attacks on medical data. This study reviews the network security techniques implemented in the existing studies for IoMT applications using machine learning and blockchain technology. This study presents an overview of IoMT healthcare applications by highlighting the security challenges encountered and the necessity of adopting advanced techniques to deal with complex threats. The research is mainly about how deep reinforcement learning (DRL), commonly used for intrusion detection, access control, and anomaly detection, works over time and how it can be used in IoMT applications. With the notion of providing robust security in IoMT applications, this study appraises the bene ﬁ ts of blockchain technology, such as data integrity, accountability, and con ﬁ dentiality. Besides, this study addresses the limitations and challenges of various security techniques that IoMT systems employ. This work assesses the ﬁ ndings, research gaps, and future advancements for enhancing network security in IoMT applications. With an extensive analysis of existing research, this survey guides researchers, medical practitioners, and decision-makers to scale up the DRL and blockchain in IoMT systems more e ﬃ ciently in the future.


Introduction
The Internet of medical things (IoMT) is a collection of related healthcare technologies that collect, exchange, and analyze health-related data [1].IoMT has evolved into a game-changing healthcare technology, revolutionizing IoMT is a collection of related healthcare technologies that collect, exchange, and analyze health-related data.Disease management and healthcare delivery [2].IoMT enables real-time and continuous patient monitoring within healthcare facilities and remotely via connected medical devices such as wearable sensors, implantable devices, and mobile health applications [3], allowing healthcare professionals to remotely monitor vital signs, track medication adherence, and assess patient health.IoMT has enormous potential to improve healthcare by improving patient care, enabling proactive disease management, increasing operational efficiency, and encouraging data-driven decision-making [4].To fully reap the benefits of IoMT while preserving patient safety and privacy, it is critical to solving difficulties relating to data privacy, security, interoperability, and legal frameworks as the sector evolves [4].Because of the sensitive nature of medical data and the criticality of healthcare services, network security is essential in the IoMT applications [5].Data privacy, availability, and veracity, as well as the safe operation of IoMT infrastructure, are of paramount importance.Distributed denial of service (DDoS) assaults severely threaten network security for IoMT applications [6].These attacks are designed to interrupt the availability of an IoMT network, system, or service by flooding it with malicious traffic [7].A DDoS attack happens when many infected devices flood a target system with requests, exceeding its resources and making it unreachable to legitimate users [8].DDoS attacks can impact IoMT, and some risk-mitigation strategies include disrupted medical services, compromised patient safety, and delayed reaction and recovery [9].To reduce the risk of DDoS attacks in IoMT, healthcare organizations must prioritize network traffic monitoring, scalable and resilient infrastructure, DDoS mitigation services, traffic shaping, content delivery networks, regular security audits, and collaboration and information sharing [10].The IoMT system's complexity and dynamic nature require novel ways to react to developing threats, provide real-time protection, and preserve the privacy and integrity of patient data [11].Several significant challenges arise from incorporating machine learning techniques into the IoMT.Because machine learning may analyze patient data, which might lead to data breaches, the most important thing is the need to protect the privacy and security of sensitive health information.Problems with the quality of data and standardization also arise because machine learning models are susceptible to inconsistencies and variances between different types of IoMT devices.Given the limited computational capabilities of many IoMT devices, optimizing machine learning algorithms with care is crucial to achieving compatibility across various operating systems and communication protocols.Complying with rules and thinking ethically are difficult but necessary tasks, particularly regarding healthcare legislation and patient consent.Employing IoMT is complicated for several reasons, including the availability of labeled data, the interpretability of models, and the ever-changing healthcare landscape.Ethical and practical adoption also requires integrating with healthcare procedures and fixing prediction biases.Ensuring the safe, efficient, and morally acceptable deployment of ML in IoMT requires a collaborative effort comprising healthcare practitioners, data scientists, legislators, and technology developers to tackle these numerous difficulties.
Deep reinforcement learning (DRL) has emerged as a potential technique for improving network security across various areas [12][13][14][15].DRL combines deep learning, which allows complex patterns to be extracted from vast datasets, and reinforcement learning, which enables systems to develop optimal decision-making strategies through interaction with the environment [16].DRL-based techniques can detect and mitigate network threats, detect anomalies, and provide adaptive access control.Aside from DRL, blockchain technology has received a lot of interest in the area of network security [17].The decentralized and unchangeable nature of blockchain improves data integrity, secrecy, and accountability [18].By building a tamper-proof distributed ledger, blockchain technology offers a potential solution for protecting medical data, maintaining secure communication, and preventing unauthorized modifications inside IoMT networks [19].Given the growing relevance of network security in IoMT applications and the potential for integrating DRL and blockchain technology as security frameworks, a complete assessment is essential.This survey aims to combine existing knowledge, investigate the problems and DDoS attacks in network security for IoMT applications, investigate the possibilities of DRL-based techniques, and assess the integration of blockchain technology.This survey report will contribute to the creation of effective security frameworks and guide future research efforts in this domain by giving a comprehensive overview of the current status of network security in IoMT.The main contributions of this survey are as follows: • The survey intends to identifying and investigating the network security concerns of DDoS threats in IoMT applications.The threats are identified using the blockchain and machine learning techniques to manage the privacy factors.The rest of this work can be summarized as follows: Section 2 describes the taxonomy and feasibility requirements.Section 3 presents a detailed analysis of the current network security techniques and methods that IoMT systems adopt for DDoS attacks.Section 4 offers critical takeaways from the existing methodologies.Section 5 illustrates the challenges of deep learning and blockchain technology in IoMT systems, analyzes the strengths and limitations to find the research gaps, and discusses future trends and research directions.Finally, the survey concludes in Section 6.

Taxonomy and feasibility requirements of IoMT security solutions
We propose a taxonomy of current security techniques against DDoS attacks in IoMT infrastructures.We also review the requirements to assess the solutions' feasibility in IoMT systems, protect patient data, and counteract weaknesses and threats.

Taxonomy of security solutions for DDoS attacks in IoMT systems
To solve the specific problems caused by cyber threats, a classification of security techniques for DDoS assaults in IoMT systems is necessary.The DDoS assaults require a multipronged strategy since they might interrupt vital healthcare services.To begin with, systems for intrusion detection and firewalls may be implemented to proactively detect and prevent harmful traffic, which will lessen the effect of any possible DDoS occurrences.Anomaly detection procedures that use ML techniques can also improve the system's capacity to spot unusual patterns in network traffic that could be signs of the DDoS assault.Healthcare institutions may better defend themselves against ever-changing DDoS techniques through collaborative initiatives, such as sharing threat intelligence and exchanging information.In addition, IoMT systems may be resilient to volumetric DDoS assaults by utilizing elastic and scalable cloud-based solutions, which allow them to adapt dynamically to different amounts of network traffic.Finally, to strengthen the general safety posture against DDoS attacks, it is essential to include safe communication methods and device authorization procedures.This will guarantee the integrity of data shared inside IoMT systems.To ensure the uninterrupted and dependable functioning of IoMT systems when confronted with DDoS threats, the taxonomy covers a range of approaches, from cooperative and adapting safety measures to detection and mitigation techniques.The security of IoMT systems, which consist of interconnected medical devices and infrastructure, is particularly vulnerable to DDoS assaults.These kinds of attacks can potentially jeopardize patient safety and healthcare operations by interfering with the accessibility and performance of essential healthcare services.Therefore, multiple security measures, taken together, are required to keep IoMT systems secured against DDoS attacks [20].The security mechanisms for preventing DDoS attacks on IoMT infrastructure follow the taxonomy in Figure 1.

Network traffic monitoring and analysis
The detection and prevention of DDoS attacks in IoMT systems rely heavily on network traffic monitoring and analysis [21].The followings are some methods and approaches for monitoring and analyzing network traffic that has proven helpful in detecting DDoS attacks in IoMT: 1. Intrusion Detection Systems (IDS): When it comes to securing essential healthcare data and the security of IoMT systems, IDSs play a pivotal role [22].IDS allows healthcare organizations to ensure the availability, confidentiality, and integrity of IoMT systems by continually monitoring network traffic, device behavior, and potential security threats [23].In addition, improving security, adhering to regulations, and keeping patients' and providers' trust necessitate using an effective intrusion detection system (IDS) architecture [21].2. Anomaly Detection: With this method, DDoS attack anomalies in network traffic can be detected instantly.
Anomalies induced by a rapid increase in traffic or strange patterns can be discovered quickly with machine learning algorithms [24] applied to data gleaned from network traffic analyses and monitoring device activity.As a result of this early identification, corrective actions can be taken immediately, such as traffic filtering [5,25], traffic redirection [26], or deploying extra infrastructure to lessen the attack's effect.As a result, the accessibility, dependability, and uninterrupted supply of healthcare services can be protected from DDoS attacks by implementing efficient anomaly detection algorithms in IoMT systems.3. Collaborative DDoS Detection: By using this method, numerous IoMT devices, edge devices, or network components can collaborate to detect and analyze DDoS attacks [27].These devices can share data regarding traffic flow, anomalies, and threat indications to detect and combat DDoS attacks.As a result, attack campaigns spanning numerous devices or networks can be more easily uncovered with collaborative detection [28].

Traffic filtering and rate limiting
DDoS attacks is designed to crash a network or knock out a specific service by flooding it with data.Attacks on IoMT systems can potentially jeopardize patient safety by delaying or even preventing the delivery of essential medical care.Incoming network traffic is analyzed using traffic filtering to selectively permit or prohibit packets based on the established standards [29].Thresholds can limit the flow of incoming traffic.To prevent a DDoS attack, it delays or stops traffic too high for the network or service to manage [30][31][32][33].The IoMT systems can enforce the following methods to keep the network from getting overloaded and ensure the continuity of essential services: 1. Access Control Lists (ACLs): ACLs protect networks and other vital components of IoMT systems from DDoS violence.By using ACLs, administrators can establish strict criteria for which devices and users are granted access to the network and its resources [34].Inevitably, we can create rules based on IP addresses, protocols, and ports.Administrators can use ACLs to let in trusted traffic while restricting access to potential threats.
To keep patient data private and secure and prevent unauthorized access to critical resources, ACLs are a must in IoMT systems.2. Firewalls: Firewalls are required to defend against DDoS attacks and to decline their effects on IoMT systems [35].This method can protect against standard DDoS attack vectors by inspecting packets and filtering traffic based on IP addresses, protocols, and other features.Firewalls are the first line of defense, protecting sensitive patient information and essential healthcare services from aggressive traffic.3. Rate Limiting Mechanisms: DDoS attacks frequently target overloaded networks, servers, and application services; rate-limiting helps keep those resources from being overwhelmed [36].By limiting the volume of traffic, the system can lessen the severity of the attack without compromising the continuity or responsiveness of essential healthcare services.In addition, combining rate limitation with anomaly detection methods allows the threshold to be constantly adjusted based on typical traffic volumes.

Traffic diversion and scrubbing
IoMT systems can be protected from DDoS attacks through traffic diversion and scrubbing.Redirecting incoming network traffic to other systems or scrubbing centers is what is envisioned by "traffic diversion."By redirecting traffic to scrubbing centers, IoMT systems can reduce the severity of DDoS attacks [37] by ensuring that only clean, legal traffic reaches the targeted network.This method helps keep vital healthcare services available, minimizes network congestion, and safeguards patient information and infrastructure.1. Content Delivery Networks (CDNs): CDNs are networks of servers that are deliberately placed in multiple locations worldwide.By caching and serving material closer to end users, they contribute to improved content delivery by lowering latency and increasing performance.When DDoS assaults are launched against IoMT systems, CDNs can be used as buffers to reduce the severity of the attack [38].By defending against the disruptive impacts of malicious traffic floods, CDNs help keep vital healthcare services available and performing at peak levels.2. Traffic Diversion to DDoS Mitigation Services: Businesses can use mitigation techniques such as service providers to handle incoming traffic in a DDoS existence.Companies can use DDoS mitigation services' cutting-edge traffic surveillance and filtering techniques by redirecting their customers to them [37].Rate limitation, analysis of traffic patterns, and identifying anomalies are just a few of the methods used by these services to detect and stop DDoS attacks.Maintaining the reliability and authenticity of IoMT services is essential for enterprises to continue providing uninterrupted access to vital healthcare apps and resources amid a DDoS attack.

Intrusion prevention systems
DDoS attacks can be detected and stopped by networks that might implement preventive techniques like intrusion detection systems (IDS) and intrusion prevention systems (IPS).It can identify intrusions and take action automatically to prevent or lessen their impact [39].The security of IoMT systems can be improved by using an IPS to detect and block DDoS attacks.Protecting the accessibility and integrity of essential healthcare services requires a comprehensive security architecture that includes real-time surveillance of threats, automated response skills, and integration with other layers of protection.
Network security framework for IoMT  5

Cloud-based DDoS protection
DDoS threats can be protected by cloud-based DDoS prevention, which uses the infrastructure and resources of a cloud service provider.Protecting IoMT systems in the cloud allows them to take advantage of the knowledge and tools made available by cloud service providers in the face of DDoS attacks [39].Regarding protecting against DDoS assaults, cloud-based solutions are preferable because of their scalability, worldwide network existence, traffic scrubbing abilities, and real-time monitoring.

Network resilience and redundancy
Ensure there are many pathways and redundant components in the IoMT network architecture to lessen the effects of DDoS assaults and keep availability high.Critical healthcare services can be maintained even during an attack because of the robustness of the underlying network [40].The severity of DDoS attacks can be reduced by this method, which uses balancing loads, fault tolerance, and proactive routing.The goal of redundancy is to provide fallback options in the event of network failure or assault.By removing potential weak spots, redundancy makes IoMT networks more resistant to DDoS attacks [41].

Collaborative defense
Collaborative defense is a strategy against DDoS threats in IoMT environments that calls for coordinated efforts from several parties.To defend against these attacks in IoMT applications, collaborative defensive teams pool their expertise, assets, and efforts to achieve a common goal [42].Critical healthcare services, patient information, and the IoMT ecosystem's integrity can be protected from DDoS attacks if entities work together to enhance their capacity to identify, mitigate, and recover from such attacks.

Incident response and mitigation
Defenses against DDoS threats in the IoMT context must include incident response and mitigation.Organizations may protect their healthcare systems from these attacks by enforcing robust incident response and mitigation procedures [20].DDoS assaults in IoMT require rapid identification, communication, traffic diversion, rate limitation, containment, and post-incident analysis for reaction and mitigation.These steps will lessen the consequence, guarantee continued service, and fortify future defenses against DDoS attacks in healthcare systems.These measures allow for a well-coordinated and speedy reaction, safeguarding vital healthcare services and patient data and keeping the IoMT infrastructure running smoothly.Essential medical services can be protected against DDoS attacks by using various security solutions designed specifically for the needs and limitations of IoMT systems.However, maintaining a successful defense against developing DDoS attack strategies also requires routine testing, monitoring, and updates to these security measures.

Feasibility requirements of IoMT security for DDoS attacks
In this survey, we undertake a profound analysis of the available security measures for protecting the IoMT infrastructure from DDoS attacks by posing the following questions:

How common are DDoS attacks on IoMT systems, and what are their typical features?
Different varieties of DDoS attacks on IoMT systems will have other effects.Some examples and their distinguishing features are as follows: • Volumetric attacks [43]: These attacks cause the network to crash due to the sheer volume of data sent simultaneously.The idea is to clog up the web, so only genuine users can utilize the IoMT services.• UDP floods [44]: Attackers can send many packets to the targeted system using the User Datagram Protocol (UDP).Network congestion and server resource consumption due to these packets can cause service outages.• SYN floods [44]: SYN floods send many SYN requests to perform the TCP three-way handshake with an advantage of the TCP protocol.This attack uses the server's resources and prevents real users from connecting.• Application layer attacks [45]: These attacks exploit explicit application weaknesses or employ application resources to stop IoMT services from working as intended.Examples include HTTP floods and amplified DNS attacks that cause web server overload.• IoT Botnet attacks [46,47]: The penetration of a network of IoT devices, including IoMT devices, is what orchestrates and launches DDoS attacks.These botnets are incredibly challenging because of the enormous amounts of traffic they can generate.• Reflection/amplification attacks [10]: Attackers take advantage of vulnerable servers or services that send back responses disproportionately large compared to the original request.The attacker can overwhelm the victim's IoMT system by sending fake requests using the victim's Internet protocol (IP) address as a mask.• IoT exploitation [20]: Inadequately protected IoMT devices can be deliberately attacked and manipulated to interrupt services or contribute to wider-scale DDoS attacks.Poor security measures like weak passwords, out-of-date firmware, or missing patches can compromise IoMT devices.

How effective are different security measures in preventing DDoS attacks against IoMT systems, and where do they fall short?
There are advantages and disadvantages to using different security solutions for protecting IoMT systems from DDoS attacks.Some classic security measures and their distinguishing features are as follows: • Intrusion prevention systems [39,48]: IPS solutions offer real-time protection by swiftly detecting and blocking known DDoS attack signatures that can examine data down to the packet level, spot malicious traffic, and stop attacks in their tracks.However, this system may consume much bandwidth and struggle to detect and prevent zero-day or otherwise new DDoS attacks that do not conform to existing signatures.• Firewalls [9]: IoMT systems are protected from intruders thanks to firewalls, which impose access control restrictions.They offer fine-grained oversight of network activity and may effectively block traffic associated with known DDoS attacks.Simultaneously, firewalls may have trouble mitigating DDoS attacks that overwhelm their bandwidth capacity.In addition, complex application layer threats may evade standard firewall protections, necessitating alternative defense methods.• Load balancers [49]: This includes the prevention of server overload and the optimal use of available resources that can protect against DDoS attacks by rerouting floods of traffic and making systems more flexible.However, they were not intended to prevent DDoS attacks; since they distribute traffic, large-scale DDoS attacks may be too much for the network to handle.• Traffic filtering and rate-limiting mechanisms [29,36]: These defenses can spot and stop the abnormally high volumes of traffic that typically accompany DDoS threats.When dealing with complex and distributed DDoS attacks that use several IP addresses and spoofed traffic sources, these methods can have trouble differentiating good traffic from horrible attack traffic.• Anomaly detection systems [24]: The ability of anomaly detection systems to spot deviations from typical behavior is a significant strength that can be used to spot possible DDoS attacks at an early stage.These systems may produce false positives when first deployed because they need time to learn typical operation patterns.
• Collaborative defense platforms [42]: The defense against DDoS attacks is bolstered by collaborative defense platforms, which enable information sharing and coordinated response among participating institutions.However, these systems may make cooperation and communication more difficult.Therefore, they have their drawbacks.[25,36,49]: SDN allows for centralized management and control of network resources by decoupling the control plane from the data plane.Effective traffic management, dynamic allocation of resources, and rapid DDoS attack mitigation are all made possible by one particular point of command.SDN can detect and alleviate DDoS attacks in real time using machine learning methods.In addition, SDN can effectively limit the effects of DDoS attacks on IoMT devices by proactively rerouting traffic and modifying network policies.• Edge computing [28,[57][58][59] and fog computing [37,[60][61][62]: Reduced dependency on data centers is one of the main benefits of edge computing and fog computing, which move computational resources more attached to the network's edge.This decentralized design can make IoMT systems more resistant to DDoS attacks by reducing the strain on essential backend services.In addition, these technologies reduce the latency and bandwidth needs of upstream mitigation by analyzing and processing network traffic at the network edge, where DDoS attacks are inclined to originate.

How efficient and reliable are the various security measures to prevent DDoS attacks on IoMT infrastructures?
There is a wide range in the efficacy and effectiveness of DDoS protection solutions for IoMT systems.However, some significant differences are compared below: • Performance: High-performance defense is often provided by intrusion prevention systems (IPS) [39] and firewalls [35] that can swiftly detect and stop DDoS attack traffic.Even though load balancers [49] aid in traffic distribution, their efficiency can differ depending on their hardware and setup specifics.During high-intensity DDoS attacks, network performance may be negatively affected by the processing and decisionmaking cost introduced by traffic filtering [29] and rate-limiting systems [30].• Scalability: Scalability is provided via cloud-based protection [39] services, which utilize distributed infrastructure to sift through and mitigate DDoS attacks.Software-defined networking (SDN) [63] and load balancers [49] are scalable systems that can handle increased traffic by spreading it over numerous servers or redistributing available bandwidth on the fly.Using parallel processing and distributed computing approaches, anomaly detection systems [24] and machine learning-based solutions [50] can efficiently evaluate massive amounts of network data at scale.• Accuracy and effectiveness: DDoS attacks can be effectively mitigated by using IPS [39] and firewalls [35].
Using machine learning and historical data, anomaly detection systems [24] and other machine learningbased solutions [51] can enhance detection accuracy and keep up with ever-changing attack methods.In addition, defense platforms that encourage collaboration and real-time data exchange have been shown to significantly improve the success rate of anti-DDoS measures.• Response time: DDoS attacks can be quickly mitigated, and service interruptions kept to a minimum with the help of real-time or near-real-time reactions from IPS [39], firewalls [9], and cloud-based security [39] services.Due to the need for analysis and decision-making, anomaly detection systems [24] and machine learning-driven solutions [51] may experience a slight latency in reaction time.The responsiveness and cooperation of engaged entities can affect response times for collaborative defense platforms [42], as these systems rely on clear interaction and collaboration among players.

2.2.5
What are the most challenging and restrictive aspects of establishing security solutions for DDoS mitigation in IoMT systems?
Several specific barriers and constraints might be encountered while attempting to implement and deploy security solutions for preventing DDoS attacks in IoMT systems.Some essential factors include: • Resource limitations [64]: The limited computational and memory capacity of many IoMT systems makes it challenging to install resource-intensive security solutions.These limitations may reduce the efficiency of DDoS protection by limiting the security measures' performance and scalability.• Real-time response [65]: Service outages caused by DDoS attacks must be quickly remedied.However, time spent on evaluation, decision-making, and collaboration as part of security solutions might slow down threat detection and mitigation.It cannot be easy to achieve real-time response while preserving accuracy and efficacy.• Evolving attack techniques [63]: Constant refinement of DDoS attack methods by malicious actors allows them to evade ever-more-common preventive measures.The security solution must keep pace with increasing attack vectors and use cutting-edge methodologies to effectively detect and counteract growing threats.• False positives and negatives [66]: Some security measures may incorrectly label regular traffic malicious, while others may fail to identify actual DDoS attacks.Constant fine-tuning and monitoring are required to find the optimal balance between reliable detection and nuisance alarms.• Complexity and integration [63]: Integrating and deploying security solutions can be difficult for IoMT systems due to the various components and protocols used.It is complex and requires network architecture and security knowledge to ensure that multiple security mechanisms and IoMT components function successfully.• Cost considerations [65]: Strong DDoS mitigation systems can be expensive to implement due to the need for new hardware, software, licenses, and regular maintenance.Limited financial resources may prevent complete security solutions from being implemented in modest IoMT setups or other situations with few available resources.• Privacy and compliance [10]: IoMT systems handle sensitive patient data, and security solutions must adhere to privacy regulations like Health Insurance Portability and Accountability Act (HIPPA).Balancing the need Network security framework for IoMT  9 for DDoS protection with data privacy and compliance requirements can be challenging, requiring careful consideration and implementation of security measures.• User experience impact [42]: Filtering authentic information or imposing rate limits for security reasons might negatively affect the user encounter by interfering with network performance.Fighting against DDoS attacks without negatively impacting the user experience is critical.

2.2.6
How should security solutions for IoMT systems consider factors like usability, scalability, costeffectiveness, and compliance?
• Usability: Security solutions should have intuitive interfaces and configuration options that are easy to understand and manage for administrators and system operators.And also consider how well the security solution integrates with the existing IoMT system components, protocols, and management interfaces.Compatibility and interoperability are crucial for seamless deployment and operation.• Scalability: Ensure that the security solution can handle the increasing volume of traffic and growing demands of the IoMT system without compromising its effectiveness.It should be able to scale horizontally and vertically to accommodate the evolving needs of the system.In terms of flexibility, it is required to consider the ability of the security solution to adapt to changes in network architecture, infrastructure, and IoMT system expansion.Scalable solutions can accommodate new devices, services, and network growth.• Cost-effectiveness: The overall cost of implementing and maintaining the security solution over its lifespan needs to be evaluated.The ongoing expenses, such as licensing fees, updates, support, and training, are also considered, along with acquisition costs.The resource requirements of the security solution are assessed with hardware, software, and personnel.Solutions that optimize resource utilization can reduce operational costs and improve cost-effectiveness.• Compliance: Ensure the security solution meets relevant compliance standards and regulations specific to the healthcare industry, such as HIPAA or General Data Protection Regulation.Regarding data privacy, consider how the security solution handles and protects sensitive patient data.Ensure that it incorporates encryption, access controls, and auditing mechanisms to maintain data privacy and confidentiality.
From the aforementioned discussion, it is vital to remember that DDoS attacks can be devastating when they combine various attack channels and strategies.In addition, attackers' tactics may develop as they learn to take advantage of new attack channels or flaws.Protecting IoMT systems against such ever-evolving threats requires constant vigilance and sophisticated DDoS security techniques.It is also noted that new ideas and technologies are still developing and could have shortcomings.Effective implementation and integration into IoMT systems necessitate emphasis on the particular use case, the system architecture, and the knowledge of security specialists.Regularly reviewing and adapting protection techniques are essential to keeping up with the ever-changing environment of DDoS attacks on IoMT systems.A meticulous DDoS security strategy for IoMT systems should contemplate the strengths and limitations of the various safety measures listed in Table 1.

Review of current solutions for DDOS attacks in IoMT
Organizations utilizing the IoMT space must implement encryption and robust communication protocols, interact with security solution providers and experts, and maintain contemporary security standards to protect the IoMT systems from DDoS attacks.From the facts of the prior section, it is noted that it is crucial to find an optimal security solution for IoMT systems considering variables like ease of use, scalability, costeffectiveness, and regulatory compliance.It is also seen that these goals can be accomplished by implementing cutting-edge security techniques in IoMT systems.IoMT ecosystem's vital healthcare services and individual patient information can be defended from DDoS attacks, with a layered security plan utilizing numerous advanced solutions should be implemented.

Deep learning-based security solution for IoMT systems
The computing paradigm has shifted significantly as a result of developments in the field of Information and Communication Technology (ICT).The IoMT is a significant part of the healthcare business, and the IoT [67,68] has generally emerged as an essential communication channel.However, there are new security and privacy risks associated with IoMT due to the convergence of medical gadgets and the exchange of sensitive data.DDoS security solutions have increasingly relied on machine learning algorithms to detect and categorize attacks in response to these threats dynamically.
A deep neural network classifier based on principal component analysis (PCA) and grey wolf optimization (GWO) was proposed by RM et al. [69] to classify intrusion attacks in the IoMT context.The research centered on managing the massive amounts of information created by connected medical devices that use individual IP addresses for communication over a network.The reduction of dimensions and attribute selection were two of the applications of this technology.The experimental results of this work demonstrated a 32% reduction in training time and a 15% improvement in intrusion classification accuracy compared to prior methods.While binary intrusion classification was the main emphasis of the article, IDS in IoMT applications frequently face various attacks.Therefore, the proposed work should also explore the processes for interpreting and explaining the model's decision-making procedure.
To fight sophisticated multivector botnet attacks, including DDoS, theft, and scoping, Liaqat et al. [63] proposed a revolutionary hybrid deep learning-driven software-defined networking (SDN)-enabled IoMT detection framework.The suggested mechanism is scalable, cheap, and efficient; it uses limited-capacity IoT devices without draining their resources.Concerning detection accuracy and time efficiency, this model performs beyond that of competing methods.By using limited-capacity IoT devices smartly, the proposed SDNenabled IoMT system demonstrates scalability and cost-effectiveness.More insight into the work's efficacy and benefits may be gained compared to more conventional detection techniques like rule-based systems or anomaly detection algorithms.This study has yet to explore the framework's ability to identify and counteract increasingly sophisticated and novel forms of botnet attack.

Security solutions Benefits Shortcomings
Intrusion Prevention Systems [6,39] Established DDoS attack signatures are easy targets for IPS solutions Novel or zero-day DDoS attacks that don't fit known patterns Firewalls [9,35] Effective at preventing standard DDoS attack traffic and offering fine-grained command over network flows

Firewalls deal with DDoS attacks that use too much bandwidth in volume
Load balancers [49] It avoids DDoS attacks by rerouting traffic and making the system more flexible We may need help mitigating DDoS attacks of catastrophic proportions Traffic filtering and ratelimiting mechanism [29,36] Aid in avoiding network overload and guaranteeing continuity of essential services It needs help to differentiate good traffic from lousy attack traffic Anomaly detection systems [24] Have the potential to issue timely warnings and allow for prompt countermeasures Have trouble separating false positives, caused by regular traffic spikes, from actual DDoS attacks Collaborative defense platforms [42] Pool their knowledge and resources to better counter distributed denial-of-service attacks Platforms necessitate user interaction and collaboration, which might increase coordination and communication challenges Cloud-based protection services [39] Effectively mitigate DDoS attacks of massive scale by absorbing the traffic and filtering out malicious content This method delays service delivery due to traffic rerouting and data cleansing procedures Network security framework for IoMT  11 Kumar et al. [64] developed an ensemble learning-based intrusion detection system (E-ADS) employing a fog-cloud architecture to detect and mitigate malicious behavior in the network of IoMT.The proposed system's two main modules are traffic processing and the intrusion detection engine.Experiments showed that compared to the state-of-the-art methods, this model employing feature mapping, feature selection via the correlation coefficient, normalization, and an ensemble method based on XGBoost (DT, NB, RF) achieved better results.Furthermore, by moving security functions to edge devices, where they can reduce latency and improve real-time threat detection and response, the fog-cloud architecture increased the resilience and security of the IoMT system.However, the current approach has yet to be compared to other machine learning algorithms, which might shed light on the merits and shortcomings of the proposed framework.
The hybrid approach of ELM with Bayesian optimization presented by Nayak et al. [51] shows its efficacy in preventing cyber-attacks in IoMT settings.Ensemble learning methods like ELM with genetic algorithm and ELM with random search (RS) are contrasted to individual machine learning algorithms like Naive-Bayes, decision trees, logistic regression, XGBoost, random forest, and ELM.In terms of recall, precision, Fbeta-score, F1-score, F2-score, and area under the receiver operating characteristic (AUC-ROC), and experimental results showed that the proposed strategy was superior.However, bigger nonlinear data approximations are possible by combining deep learning methods to provide better adaptability and learning potential for untrained features, which may not fit the hybrid ELM approach well.
A method for applying AD to the Corneal and Medical EEG spectrograms datasets was proposed by Khalil et al. [50].CNN models, which consist of layers of convolution and kernel filters, are used to process the input images.A pooling and fully connected layers work together to perform the classification.This article uses computer simulation to test the methodologies proposed for automated medical diagnosis in IoMT systems.The suggested technique was able to detect and forecast seizures with high accuracy using the CHB-MIT database, as shown by the results.The study's primary contribution was demonstrating a highly effective technique for detecting anomalies in corneal images.However, the study needs further information about the applicability of the proposed approaches beyond EEG spectra and corneal photos.In addition, the research requires a more in-depth comparison to existing medical image and signal processing and anomaly detection methods.
Allahham et al. [16] presented an intelligent, secure, and energy-efficient (ISEE) framework for telehealth monitoring to ensure the safety of transmitted medical data.The framework intends to improve energy efficiency, remove distortion, and extend battery life using physical layer security and DRL methods.The proposed static-DDPG and dynamic-DDPG strategies perform exceptionally well when assessed against the state-of-the-art optimizers.However, research is still required to confirm the framework in practice, develop more assessment tools, and gauge the framework's scalability and generalizability.

Blockchain technology-based security solution
One way to ensure IoMT systems are secure is to use blockchain technology, which is decentralized and impossible to hack.Using a distributed ledger protects sensitive medical records from prying eyes and ensures they cannot be altered.Healthcare data in IoMT apps is better protected by smart contracts, which automate and enforce established regulations, and cryptographic algorithms, which guarantee secure and transparent transactions.Blockchain provides a solid basis for trustworthy healthcare ecosystems by reducing the impact of single points of failure due to its decentralized structure.Mohan et al. [70] focused on utilizing blockchain technology as a reliable and decentralized means of storing data for IoMT gadgets.With an emphasis on data privacy, computational efficiency, and scalability, the proposed private blockchain infrastructure stores physiological data from IoMT devices in a way that is unlikely to be altered.The system minimizes computing demands and transaction delays using a Raspberry Pi network and the proof of authority consensus method.Using the elliptic curve integrated encryption scheme, the double-encryption mechanism protects sensitive information.The system can scale to accommodate different types of healthcare workers, and its performance test shows a minimum transaction speed of 25 transactions per second.Despite scalability and technology constraints, the system provides a novel answer that can pave the way for high-security, privacy-preserving, real-time health monitoring devices.
To get around the drawbacks of cloud-centric IoMT systems, including excessive latency, substantial storage costs, and a single point of failure, Egala et al. [19] proposed an architecture that uses a hybrid computing model with a blockchain-based distributed data storage system (DDSS).With DDSS, the proposed solution provided decentralized access control, privacy, and security while drastically lowering storage costs and latency.Furthermore, the selective ring-based access control method, device verification, and patient record confidentiality algorithms enhanced the system's security.In addition to guaranteeing decentralized access control, security, and privacy, the experimental study validates that the system has low storage requirements and millisecond-level reaction times, surpassing conventional centralized systems.As a result, the quality and effectiveness of healthcare services could have been enhanced if the proposed approach had been combined with deep learning-based techniques to create a fully functional prototype.
Kumar and Tripathi [53] presented a consortium blockchain network that uses smart contracts and is integrated with a node in the interplanetary file system (IPFS).This study protects patient and device data's confidentiality, integrity, and availability by removing the need for a centralized storage system and implementing secure storage administration within the IoMT-enabled healthcare system.Secure authentication, distributed data storage, and protection of patient privacy are all guaranteed in an IoMT-enabled healthcare system thanks to the combination of smart contracts, a consortium blockchain, and IPFS cluster nodes.The research needs to go into depth on how well it scales to include more chemicals and medical equipment.No complementary studies highlighting the benefits and drawbacks of the proposed approach are presented in the study.The research elaborates on the suggested framework's usability or user experience.
To locate vulnerable IoMT nodes and protect private patient data, Bhan et al. [71] employ a hyperledger blockchain and a clustered hierarchical trust management system (CHTMS).The proposed CHTMS helps prevent rogue nodes in the network, improving the security and dependability of the IoMT system as a whole, and the work is concentrated on blockchain-based IoMT node identification to protect patient records.The evaluation findings reveal that the healthcare smartphone network (HSN) is more secure and reliable after integrating blockchain into the system.In addition, the proposed method lessens the price tag of trust analysis and increases resilience to malicious attacks like denial of service and DDoS.However, future research should explore the scalability of the suggested technique in real-world IoMT networks to improve patient data safety and confidentiality in IoMT systems and address the issues of developing a reliable anonymized healthcare environment.
Blockchain-based encryption architecture presented by Ghazal et al. [18] addresses security issues in E-Health monitoring systems.Blockchain's cryptographic techniques make it more challenging for unauthorized parties to access encrypted data, making it ideal for protecting EHRs.Furthermore, a computational intelligence methodology improves the framework's capacity to recognize patterns and efficiently analyze collected data.The study results are encouraging; the training accuracy is 0.93, and the validation accuracy is 0.91, which are improvements over prior systems.The results of the tests show that the suggested framework performs well, especially with increasing-size datasets.Furthermore, the studies show that the proposed method is successful and scalable, as employing more incredible training information leads to better results.To effectively provide security solutions while improving the privacy and safety of electronic health information in E-Health systems, this study must center on the real-life application of the framework, considering scalability, robustness, and resistance against modern threats.

Findings from current solutions
This section reviewed research articles showing that machine learning, fog-cloud architectures, CNN models, intelligent frameworks, and blockchain technology have great potential for resolving security, privacy, scalability, and efficiency issues in IoMT settings.However, from the outcome of these studies, it is observed that more study is required to examine the detectability of advanced and upcoming attack vectors, generalizability, practical implementation, comparative analysis, and more.Following a comprehensive analysis of the relevant literature, this section summarizes the essential points for defending the IoMT infrastructure against DDoS attacks.• Research articles discuss how deep learning-based models, intelligent frameworks, and blockchain technology might help with privacy, scalability, and efficiency issues in IoMT settings.However, more study is required to examine the detectability of advanced and future attack vectors, generalizability, practical implementation, comparative analysis, and more.• Table 2 summarizes the results of a review of recent studies, showing that many studies have been evaluated well in terms of their precision, recall, accuracy, and FMeasures.These indicators give the researcher a holistic picture of a system's performance, allowing them to make sensible choices according to their unique needs and goals.• Real-time monitoring is crucial for healthcare applications to ensure the security of IoMT networks without disrupting patient care.Therefore, to effectively serve the IoMT framework, the time complexity of the method must be evaluated.According to the investigation, systems based on ensemble learning [64] and frameworks driven by deep learning [63] have assessed this.• ROC and AUC analysis [51,64] is crucial for assessing healthcare security systems' efficacy, precision, and timeliness.The ability to successfully identify and respond to security issues, provide timely alerts, support continuous improvement initiatives, and protect sensitive patient data and essential infrastructure depends on healthcare organizations regularly evaluating these metrics.• When evaluating security systems for healthcare applications, the detection rate is crucial.It guarantees accurate threat identification, enables rapid incident response, boosts patient safety, makes it easier to adhere to regulations, and motivates constant security enhancements.Strong security [50,64] protects sensitive patient information and keeps healthcare networks running smoothly.• Data origins, access control, and trust administration in IoMT systems may all benefit from blockchain technology, which has been the subject of numerous studies looking for a decentralized and safe solution to these problems.Compared to centralized systems, private blockchain frameworks, hybrid computing paradigms, and consortium blockchain networks with intelligent contracts show substantial advancements in security, privacy, scalability, and storage efficiency.• The trends in data in E-Health monitoring systems can be better identified and processed thanks to blockchain's use of encryption methods and computational intelligence technologies.

Challenges and future research directions
This section discusses the challenges and opportunities of using DRL and blockchain to counter DDoS attacks against IoMT systems and possible future directions for research and development in this area.In addition, this analysis aims to identify areas where these systems can be made more efficient and valuable to the general public.

Challenges of deep learning-based security solutions
According to the survey, interpretability and explainability, countering complex and novel attacks, comparative evaluation, applicability, and generalizability, data in addition to specific domains, scalability, and practical implementation are some challenges noted in the present deep learning-based research for IoMT systems.
• For the sake of trust and transparency, interpretation, and explanation, the models should be able to identify and prevent various forms of attack.• Quantitative assessments with other methods can appraise the efficacy of deep learning-based approaches are required.• Extending the evaluation of these solutions beyond limited data sets and use cases is necessary.
• Anomaly detection and data security are two critical areas where deep learning models could be evaluated.
• Testing the offered frameworks in real-world IoMT environments is vital to determine their scalability and practicality.
More study is needed to overcome these obstacles and improve the efficiency, interpretability, applicability, and scalability of deep learning-based security solutions in IoMT systems.

Challenges of blockchain technology-based security solutions
Scalability, technological constraints, usability and user experience, flexibility in real-world situations, complementary research and comparative analyses, and real-world application and robustness are just some of the issues identified in using blockchain technology for IoMT systems based on the review.
• Due to the processing demands and transaction delays of blockchain networks, scalability is an issue of concern.
• Integrating new healthcare technology into the existing system requires overcoming technological barriers.
• Ease of use for healthcare providers and patients necessitates an evaluation of usability and user experience.
• There has to be research into the scalability of IoMT systems built on the blockchain in real-world settings.
• Supplementary research and comparison analysis are required to weigh the pros and cons of various strategies.
Effectiveness and safety in healthcare facilities depend on their practicality and durability.Therefore, numerous Research & Development are needed to overcome these obstacles and improve blockchain technology for IoMT systems.

Findings and analysis of the gaps in the research
An essential part of any research effort is analyzing the results and identifying knowledge gaps.It helps researchers prioritize their work, identify gaps in knowledge, and make progress in their respective domains.Researchers might make strides in their field by focusing on research gaps and answering outstanding questions, developing innovative ideas or frameworks, finding unique solutions to real-world issues, or emerging with surprising insights.Previous studies neglected to take into account the following factors: • It is imperative to determine if the results of a study or implementation can be generalized to a broader population or real situations.• More research is needed to determine the efficacy of a recently developed data analysis method for detecting patterns in healthcare data when applied to real-world healthcare settings.• When multiple algorithms exist to do a task, comparing and contrasting their accuracy, speed, energy usage, and reliability is essential.• As technology evolves, new and more complicated attack vectors, including zero-day exploits and AI-powered attacks, may emerge, making it all the more important to constantly analyze and create defenses to detect and neutralize these dangers quickly.

Future scope of DRL and BT in IoMT systems
The application of DRL and blockchain technologies to thwart DDoS attacks on IoMT systems offers promising prospects for strengthening healthcare facilities' defenses.
• Enhanced security: The immutability and tamper-resistance of blockchain technology make it ideal for protecting sensitive information in a network environment.This further fortifies our defenses against DDoS attacks and safeguards private medical data.• Decentralized defense: Because DDoS attacks are spread naturally, blockchain technology's decentralized structure provides a natural line of defense.Utilizing DRL algorithms with blockchain technology can pave the way for creating distributed security systems.• Trust and transparency: Since blockchain technology creates an immutable and verifiable trail of all network transactions, it inspires confidence and candor among users.Combining DRL and blockchain makes the security mechanisms' decision-making process transparent.By recording the system's actions and decisions on the blockchain, stakeholders can verify the integrity and efficacy of the defense tactics used to counteract DDoS attacks.• Resilience to attacks: Blockchain is naturally resistant to attacks and interference because of its immutability and widespread consensus.Since the blockchain network is decentralized, attackers cannot control or disrupt the learning process, making the DRL system more secure when using blockchain.• Incentive mechanisms: Motivating network participants to aid in the defense against DDoS attacks is possible through incentive mechanisms made possible by blockchain technology.These mechanisms include smart contracts and tokens.DRL algorithms coupled with the blockchain can use these incentive mechanisms to entice nodes to engage in the defense process, increasing the defense system's efficiency and responsiveness.
Improved security, decentralized defense, transparency, resilience, and reward mechanisms are all possible results of integrating DRL with blockchain technology for preventing DDoS attacks in IoMT systems.This combination can improve the IoMT systems' overall security and guarantee the continued supply of vital healthcare services.
This section discusses various obstacles that must be overcome before these technologies reach their full potential, particularly in terms of scalability and performance, enabling real-time processing, cost-effectiveness, and resource efficiency in the face of ever-changing network security threats.Research and development aimed at resolving these issues will establish openings for DRL and blockchain technology to be used effectively in mitigating DDoS attacks on IoMT platforms.Furthermore, improved patient care and safety can result from these developments' potential to boost IoMT environments' security, reliability, and resilience.

Conclusion
This study reviews the network security techniques implemented in the existing studies for IoMT applications using machine learning and blockchain technology.This study presents an overview of IoMT healthcare applications by highlighting the security challenges encountered and the necessity of adopting advanced techniques to deal with complex threats.The research is mainly about how DRL, commonly used for intrusion detection, access control, and anomaly detection, works over time and how it can be used in IoMT applications.This study highlights the need for blockchain-based, DRL-based network security frameworks in the IoMT field.This review focuses on the benefits of DRL, namely its ability to enable intelligent and dynamic security systems against threats by employing machine learning algorithms.Blockchain technology improves the defense system's security, integrity, and transparency by offering decentralized trust and immutability for private medical records.In addition, the survey discusses potential advantages that could result from merging various technologies.To ultimately realize the capabilities of the network security architecture, however, it also identifies difficulties that need to be solved, such as scalability, interoperability, and real-world deployment.Overall, the survey sheds light on the current state of network security frameworks, especially about Network security framework for IoMT  17 DDoS attacks for IoMT, and points the way toward future research that might further investigate and optimize these kinds of technologies.With more study and improvement, these frameworks could significantly improve the safety and dependability of IoMT systems, helping the future of healthcare in the digital age.

Figure 1 :
Figure 1: Taxonomy of security solutions for DDoS attacks.

•
The study evaluated the feasibility and benefits of integrating blockchain with deep learning and other techniques as a security framework for IoMT applications.•The study seeks to contribute to developing effective network security frameworks for IoMT applications by integrating current knowledge, examining problems, and evaluating emerging solutions.It exposes gaps, emphasizes best practices, and makes recommendations to improve the security posture of IoMT networks.• The study guides future research efforts by identifying potential research directions and areas for innovation and developing novel security solutions for IoMT applications.
[22,[49][50][51]otection services[39]: Cloud-based security services offer scalable, globally dispersed protection that successfully manages high-volume attacks, allowing them to absorb and filter traffic from DDoS attacks.Due to traffic rerouting and scrubbing procedures, cloud-based security services may cause significant delays.2.2.3What new methods and technologies have promise for protecting IoMT networks from DDoS attacks?DDoS attacks in IoMT systems can be mitigated with the help of cutting-edge technology and methods like deep learning, machine learning, and blockchain.Specifically, these technologies can help with DDoS defense in the following ways:• Deep learning and machine learning[22,[49][50][51]: Deep learning and machine learning analyzes massive amounts of network traffic data to reveal anomalies and patterns indicating DDoS attacks.These algorithms can gather information from the past to better predict and counteract future threats.They can be used to create IDS/IPS systems that are smart enough to recognize and neutralize DDoS attacks in real time.The identification of attacks can be improved, false positives reduced, and mitigation efforts streamlined with the help of such systems.
[17,27,[52][53][54][55][56][54][55][56]: DDoS mitigation can benefit from the consistency and decentralization offered by blockchain technology.Blockchain can make it harder for attackers to overrun a single point of failure by decentralizing control and administration of network resources among several nodes.In addition, blockchain can improve authentication and authorization processes to lessen the likelihood of DDoS attacks in IoMT systems, allowing for enhanced safety communication and identity management.Blockchain-based consensus methods can also provide collaborative defensive tactics in which organizations work together to combat DDoS attacks by exchanging attack data, coordinating mitigation measures, etc.• Software-defined networking (SDN)

Table 1 :
Capabilities of security solutions against DDoS attacks in IoMT systems

Table 2 :
Experimental Findings of various methods employed for IoMT security solution