Internet of Medical Things (IoMT), an application of Internet of Things (IoT), is addressing countless limitation of traditional health-care systems such as quality of patient care, healthcare costs, shortage of medical staff and inadequate medical supplies in an efficient manner. With the use of the IoMT systems, there are unparalleled benefits that are enhancing the quality and efficiency of treatments and thereby are improving patients health. However, the 2018 Ransomware cyber-attack on Indiana hospital system exposed the critical fault-lines among IoMT environment. The gravity and frequency of cyber-attacks are expanding at an alarming rate. Motivated from aforementioned challenges, we propose an ensemble learning and fog-cloud architecture-driven cyber-attack detection framework for IoMT networks. The ensemble design, combines Decision Tree, Naive Bayes, and Random Forest as first-level individual learners. In the next level, the classification results are used by XGBoost for identifying normal and attack instances. Second, for dynamic and heterogeneous networks such as IoMT, fog, and cloud, we present a deployment architecture for the proposed framework as, Software as a Service (SaaS) in fog side and Infrastructure as a Service (IaaS) in cloud side. Further, most of the existing work is evaluated using KDD CUP99 or NSL-KDD dataset. These datasets lack modern IoMT-based attacks. Therefore, the proposed model uses a realistic dataset namely, ToN-IoT which is collected from a heterogeneous and large-scale IoT network. The experimental result shows that the proposed framework can achieve detection rate of 99.98%, accuracy of 96.35%, and can reduce false alarm rate up to 5.59%.

医疗物联网（IoMT）是物联网（IoT）的一种应用，它正在以有效的方式解决传统医疗保健系统的无数局限性，例如患者护理质量，医疗保健成本，医务人员短缺和医疗用品不足。通过使用IoMT系统，有无与伦比的好处，可提高治疗的质量和效率，从而改善患者的健康。但是，2018年对印第安纳州医院系统的勒索软件网络攻击暴露了IoMT环境中的关键故障线。网络攻击的严重性和频率正在以惊人的速度增长。基于上述挑战，我们为IoMT网络​​提出了集成学习和雾云架构驱动的网络攻击检测框架。整体设计结合了决策树，朴素贝叶斯（Naive Bayes）和随机森林（Random Forest）作为一级个人学习者。在下一级别，XGBoost将分类结果用于识别正常实例和攻击实例。其次，对于动态和异构网络（例如IoMT，fog和cloud），我们为所提出的框架提供了一个部署架构，例如雾侧的软件即服务（SaaS）和云侧的基础设施即服务（IaaS）。此外，大多数现有工作是使用KDD CUP99或NSL-KDD数据集进行评估的。这些数据集缺乏基于IoMT的现代攻击。因此，提出的模型使用了一个现实的数据集，即ToN-IoT，该数据集是从异构的大规模IoT网络收集的。实验结果表明，所提出的框架可以达到99.98％的检测率，96.35％的准确率，并且可以将误报率降低至5.59％。