Introduction

Medical sensor networks (MSNs) and the rapid advancement of healthcare technologies have transformed the way patients are attended to, enabling continuous, real-time monitoring of physiological parameters1. The systems offer high-quality, customized healthcare services that will allow doctors to make informed decisions quickly2. Nonetheless, due to the increasing dependence on interconnected medical resources, there are pressing concerns about the underlying security, privacy, and trust. Medical data is sensitive; hence, MSNs are prone to cyberattacks, including but not limited to data breaches, spoofing, and malware injection, which have the potential to undermine the privacy of patients and the credibility of health systems3. The security of the information in MSNs is therefore of paramount importance. This security problem can be resolved using artificial intelligence (AI)4. AI-based intrusion detection can scan network traffic in real time, detect threats, and respond more quickly than traditional methods. CNNs have the highest ability to detect complex structures and abnormalities in network information and can therefore be used to complement IDS functions5. Moreover, the employed security measures are lightweight authentication protocols that ensure the security of the implemented measures does not exceed the resource limitations of the medical sensors. Such protocols are necessary because they not only improve efficiency but also extend sensor longevity, while ensuring strong security6. The rationale is that the proposed study will develop a resilient, holistic security system comprising an AI-based IDS powered by CNNs and lightweight authentication schemes to protect MSNs. The integrity, privacy, and trust in the management of medical data are guaranteed by the proposed framework in any healthcare system7. The use of MSNs to monitor physiological parameters and provide real-time data to healthcare providers for any patient is one of the areas of application that will continue to grow. This, nevertheless, is a security concern since the information is more confidential. Cyber threats of various kinds include unauthorized access to data, intrusions, and malpractices that undermine patients’ privacy and trust8.

Conventional security is, in most circumstances, unprepared to cope with the dynamic, sophisticated cyber threat environment. To this degree, the said traditional approaches are ineffective and non-receptive to novel and unknown attack vectors. It is therefore in dire need of finding more advanced security solutions that will include real-time threat response and mitigation9. Besides this, the limited resources of the medical sensors, the battery life, and the computer’s power are also problems. Such devices need to be equipped with high security levels while minimizing impact on their functionality and durability. This requires simple authentication protocols that can ensure message security without extensive computational and energy requirements10. The current state of security provided to MSNs still lacks wide TMSs. There is a need to enhance overall security by ensuring the reliability and integrity of devices and data across the network. The solutions that are available to make the TMS real are all static and cannot adapt to the changing conditions and threats in real-time11. Hence, the holistic security system incorporates AI-assisted intrusion detection, low-weight authenticity issues, and an active TMS to significantly enhance the safety, confidentiality, and dependability of MSNs, thereby enhancing the safety of the information of the patient and trust in healthcare systems12.

The main objective of this paper is to develop a robust security framework for MSNs that encompasses AI-driven intrusion detection employing CNNs and lightweight authentication. The model is intended to enhance real-time threat detection to ensure patient information remains confidential and unaltered. Moreover, the research paper will aim to develop dynamic TMSs that continuously assess and ensure the quality of network devices and data. The result is to address MSN security issues while ensuring operational efficiency and sensor longevity. The paper will present an AI-based security framework for MSNs, including a CNN-based IDS and an AI-based TMS.

Designing a hybrid CNN–TMS–ECC framework for real-time and energy-efficient security in MSNs.

Developing a dynamic trust management mechanism for adaptive device reliability assessment.

Implementing and validating a lightweight ECC-based authentication for secure data exchange.

  • Conducting extensive quantitative experiments demonstrating superior accuracy, latency, and scalability over state-of-the-art models.

The remaining section of this paper is structured in the following way. Section 2 continues by reviewing the literature on the prevailing security issues in MSNs and the available solutions. Section 3 details the methodology, data collection, model development, and the implementation of security protocols. It explains the suggested AI-based security system, comprising a CNN-based IDS and an AI-based TMS. Lastly, Sect. 4 presents the results and discussion, in which the proposed framework’s performance was compared with that of existing solutions. Lastly, Sect. 5 concludes the paper with recommendations for further research.

Related works

This section analyzes the security situation in MSNs, highlighting the shortcomings of current intrusion detection and TMS solutions, as well as recent progress in AI and machine learning in network security. It therefore identifies the gaps that the proposed framework has indicated.

MSNs have become part of modern healthcare systems, enabling real-time patient monitoring and data collection. These are sensor networks where sensors are linked and are used in the measurement of various physiological parameters: heart rate, blood pressure, and glucose levels, among others, and transmit this to healthcare providers to take appropriate action13. The standard MSN architecture comprises multiple tiers. The initial level consists of sensing devices embedded in, on, or around the human body that continuously gather data. For example, these devices might consist of wearable sensors embedded into wristbands or patches on the skin or implantable sensors such as pacemakers and glucose monitors14. The second tier relies on the local processing units or gateways mainly meant for aggregating data from many sensors and initial data processing. The topmost layer hosts central servers or cloud-based platforms on which data are stored, analyzed, and retrieved by healthcare providers15. An important challenge for MSNs is supporting secure and efficient communication between the sensor nodes and the central processing units. Generally, sensor nodes are low-power devices with very limited computational capabilities. As such, they are prone to several security threats, including unauthorized access, data tampering, and denial of service. Strong security measures must hence be implemented to ensure that data on patients is protected and the network will become reliable16. Other wireless technologies found in an MSN include Wi-Fi, Bluetooth, Zigbee, and other newly emerging technologies like 5G and IoT, which further expand the application by providing a reliable and high-speed data transfer. Nevertheless, they would also present a potential vulnerability point to attack, which enhanced security measures against possible cyber-attacks would also accompany17. The use of MSNs enables patient monitoring and telemedicine, which can be used to diagnose and treat remotely18. This makes it especially beneficial for the treatment of chronic illnesses and for the provision of health care services in geographically remote or underdeveloped areas. IDSs powered by AI can enhance MSN security by identifying threats immediately, as they can learn and adapt to new threats in real time. The systems benefit from relying on ML and DL models to detect and respond to network traffic anomalies, thereby improving accuracy over conventional threshold-based detection. ML algorithms have gained popularity in IDSs for identifying network activity as usual or malicious. The algorithms may be trained with historical data to recognize familiar attack signatures and learn new attack patterns19. DL and CNNs, in particular, are particularly beneficial for dealing with high-dimensional, complex data, like network traffic. CNNs learn hierarchical feature representations of raw data inputs automatically and can therefore process even the tiniest clues of an intrusion attempt. These models are more accurate and robust in intrusion detection20. AI-based IDS plays a vital role in anomaly detection. These techniques are used to model the behavior the network should exhibit and to identify deviations that can point to malicious activity. The algorithm is based on clustering, statistical analysis, and neural networks to formulate baseline behavior and identify outliers21. AI-based IDS generates alerts and responds instantly to threats by processing and analyzing network data on the fly. This real-time feature is central to reducing the effects of intrusion and eliminating any further damage to the network. Some of these techniques involve using online learning and methods that employ incremental updates to the parameters of a model to continue exhibiting high performance over time22. Although AI-based IDS are very effective, they face challenges such as their hunger for large and labeled datasets in training, the chances of false positives and negatives, and complex models demanding huge computations. The future perspective mainly lies in developing more efficient algorithms, greater model interpretability, and incorporating AI-based IDSs within other security schemes for comprehensive protection23.

Trust management in healthcare networks

Trust management is an important tool for the reliability and security of healthcare networks, especially in the context of MSN environments. TMS should ensure checks on the trustworthiness of devices and data to avoid malicious activities and guarantee secure communication. Direct and indirect trust are mechanisms used in building trust in healthcare networks. Direct trust results from the direct interaction of devices with one another, while indirect trust derives from recommendations made by other devices. Indirect trust considerations are aggregations of the opinions of other trusted nodes in the network, but in direct trust, only the success rate of past interactions is considered24. A reputation-based TMS means scoring devices and reputations based on their behavior. This system considers devices with a high reputation as more reliable. Reputation scores are dynamically updated based on the frequency of use and the result of interaction25. In dynamic TMSs, the degree of trust is constantly evaluated and boosted in real-time; TMSs are designed to be responsive and efficient in adapting to changing circumstances regarding the network and threats. Such systems apply AI and ML methods to the prediction and response of potential security breaches by analyzing the behavioral patterns of devices26. Other of these TMSs use blockchain technology to enhance security. It offers a decentralized and verifiably safe registry of trust scores and transaction histories, with built-in integrity and transparency of information. The impossibility of modifying the blockchain makes it possible to avoid any fraud and unauthorized modifications to the trust record27. However, several issues persist in the sphere of trust management of healthcare networks, such as scalability, computational load, and the integration of TMSs with established network protocols. The next-generation research is focused on developing more powerful algorithms to evaluate trust, scale the TMSs, and improve the security interoperability of TMSs with other security systems28. Table 1 compares scientific studies on critical security solutions in MSNs, which currently focus on essential elements of AI-based Intrusion Detection, Trust Management, and ECC.

Table 1 Summary of existing studies.
Full size table

The proposed model integrates several full capabilities such as Trust Management (TM), Trust Formation (TF), Trust Formation (TF) Trust Propagation (TP), Trust Aggregation (TA), dynamic Trust Updates (DTU), resource efficiency (RF), and real-time processing (RTP). The offered structure is much more consistent compared to the solutions presently proposed. It has designed a more efficient approach to addressing the security needs in MSNs with the benefits of IoT, which is more precise and consumes fewer resources. Therefore, it can be applied best in intelligent health systems.

Methodology

This section outlines the methodology of development and evaluation for the proposed AI-driven security framework supporting MSNs. It begins with a description of the dataset used to train and test the IDS. Then it continues to describe the design and implementation of the CNN architecture for real-time intrusion detection. This section also explains TMS, where AI-based trust evaluation techniques are utilized to assess and update trust scores dynamically inside the network. This also includes developing lightweight authentication protocols based on ECC to enable secure and effective communication, as well as measurement metrics to determine the most effective method for implementing and evaluating the framework.

The complete list of symbols and notations used in the paper is presented in Table 2. Every mathematical symbol, variable, and abbreviation in the CNN-TMS-ECC model is declared to enhance readability and technical articulation.

Table 2 Symbols and notations used in the proposed CNN–TMS–ECC framework.
Full size table

AI model development for intrusion detection

This model uses CNNs to analyze network traffic data and identify anomalies that may indicate potential intrusions. Training and testing of the model were performed using a dataset that was preprocessed to ensure data consistency and feature extraction. The CNN architecture has been designed to capture the complex patterns in the data, with convolutional, pooling, and fully connected layers. The suggested Intrusion Detection framework is presented in Fig. 1.

Fig. 1
figure 1

Proposed framework for intrusion detection.

Full size image

Dataset description (MedBIoT)

Umas’ dataset that has been designed36 is regarded as a standard for evaluating the security state of an IoT-based medical setting. It also supports normal and attack traffic to emulate numerous attacks in IoT environments within a healthcare setting. This dataset will be highly applicable to the design and testing of IDS for MSNs, as it is extensive and realistically reflective of network traffic in intelligent healthcare settings.

The data was traffic generated by a person using IoT devices, such as a smartwatch, a medical monitor, and healthcare hubs. The data characteristics include timestamps, source and destination IP addresses, protocol types, payload sizes, and flags for transmitted packets, among others. The dataset is identified as containing records (rows) that are either normal or one of the given attack types, making it suitable for supervised learning methods.

Normalization and scaling of data are also considered part of data preprocessing, as they provide uniformity and consistency to the dataset. The feature selection process identifies the crucial features for intrusion detection, thereby increasing the model’s accuracy and efficiency. The methods have been integrated to handle missing data, making it stronger during training. The AI model is developed using CNNs because they can handle high-dimensional data and identify complex patterns in network traffic. The training and validation data are ready, and the CNN model is trained using the training data. It is then optimized on the validation dataset to achieve the best performance metrics, such as accuracy, precision, recall, and F1-score. Lastly, the model’s performance is tested on an unseen testing dataset to analyze its actual efficiency and strength in identifying advanced cyber dangers in MSNs. The Umas data would be utilized to constructively train and evaluate AI-driven IDSs to detect and address security risks in smart health care.

Convolutional neural network (CNN) architecture

NNs are a special type of DL model that is very helpful for studying high-dimensional data, including network traffic. The overall structure of a CNN consists of various types of layers, such as a convolutional layer, a pooling layer, and a fully connected layer. Convolutional layers apply convolution operations on input data to extract features through pattern detection, including edges and shapes. The equation gives this operation:

$$\:\left(I*K\right)(x,y)={\sum\:}_{m=0}^{M-1}{\sum\:}_{n=0}^{N-1}I(x+m,y+n)\times\:K(m,n)$$
(1)

where \(\:I\) is the input matrix (e.g., an image or network traffic data), \(\:K\) is the convolution kernel (filter) matrix, \(\:(x,y)\) are the coordinates of the output matrix and \(\:M\) and \(\:N\) are the dimensions of the kernel.

Each convolutional layer will use different filters to capture different features, hence producing multiple feature maps. The output of the convolutional layer is then fed through an activation function, like ReLU (Rectified Linear Unit):

$$\:ReLU\left(x\right)=max(0,x)$$
(2)

Pooling layers reduce the feature maps’ spatial dimensions, which helps decrease the computational load and mitigate overfitting. A common pooling operation is max pooling, defined as:

$$\:P(x,y)={max}_{0\le\:i<p}{max}_{0\le\:j<q}I(x+i,y+j)$$
(3)

where \(\:p\) and \(\:q\) are the dimensions of the pooling window.

Fully connected layers, also known as dense layers, connect every neuron in one layer to every neuron in the subsequent layer. These layers are typically located at the network’s end and are crucial for classification. The output of a fully connected layer is determined by:

$$\:z=Wx+b$$
(4)

where \(\:W\) is the weight matrix, \(\:x\) is the input vector, \(\:b\) is the bias vector and \(\:z\) is the output vector.

The final layer often uses a softmax activation function for multi-class classification:

$$\:softmax\left({z}_{i}\right)=\frac{{e}^{{z}_{i}}}{{\sum\:}_{j}{e}^{{z}_{j}}}$$
(5)

Modifications for enhanced performance

Several modifications and techniques can be applied to enhance the performance of CNN for intrusion detection in MSNs. Batch normalization improves training speed and stability by normalizing each layer’s inputs. The normalized value \(\:\widehat{x}\) is given by:

$$\hat {x}=\frac{{x - \mu }}{{\sqrt {{\sigma ^2}+\varepsilon } }}$$
(6)

where \(\:\mu\:\) is the mean of the batch, \(\:{\sigma\:}^{2}\) is the variance of the batch and \(\varepsilon\) is a small constant to avoid division by zero.

The normalized value is then scaled and shifted using learnable parameters \(\:\gamma\:\) and \(\:\beta\:\):

$$\:y=\gamma\:\widehat{x}+\beta\:$$
(7)

Dropout is a regularization technique that randomly sets a fraction of the input units to zero during training, which helps prevent overfitting.

Data augmentation techniques can artificially increase the size and diversity of the training dataset. For network traffic data, this can include generating synthetic traffic patterns or using oversampling methods like SMOTE (Synthetic Minority Over-sampling Technique).

Adjusting the learning rate during training can improve convergence and model performance. A common approach is to reduce the learning rate by a factor after a set number of epochs if the validation loss does not improve.

$$\:ne{w}_{learning\:rate}=initia{l}_{learning\:rate}\:\times\:{deca{y}_{rate}\:}^{\frac{epoch}{deca{y}_{step}}}$$
(8)

Their integration allows the CNN architecture to be optimized for intrusion detection in MSNs. From this architecture and the described enhancements, we guarantee safe and efficient intrusion detection in medical networks and provide a complete approach to protecting smart health systems.

System design for management of trust

The AI-Based Trust Assessment in the TMS for MSNs is aimed at the real-time analysis of the trustworthiness of the devices and the data that is exchanged within the network. This system applied the technique of machine learning for the measurement of trends of both direct and indirect trust levels, and the trends are updated to enhance the reliability and security of the network.

Direct trust is derived from the direct interactions between two devices, where trust is evaluated based on past interactions. This is achieved by using a weighted average of the outcomes of these interactions. The direct trust \(\:{T}_{i,j}^{direct}\left(t\right)\) of device \(\:iii\) towards the device \(\:j\) at time \(\:t\) can be computed as follows:

$$\:{T}_{i,j}^{direct}\left(t\right)=\frac{{\sum\:}_{k=1}^{N}{w}_{k}\cdot\:{Q}_{i,j}\left(k\right)}{{\sum\:}_{k=1}^{N}{w}_{k}}$$
(9)

where \(\:{Q}_{i,j}\left(k\right)\) is the quality of the \(\:{k}^{th}\) interaction between device \(\:i\) and device \(\:j\), \(\:{w}_{k}\) is the weight assigned to the \(\:{k}^{th}\) interaction, and \(\:N\) is the total number of interactions.

Indirect trust is inferred from the recommendations of other devices in the network. It incorporates the trustworthiness of intermediary devices. The indirect trust \(\:{T}_{i,j}^{indirect}\left(t\right)\) of device \(\:i\) towards device \(\:j\) at time \(\:t\) can be computed as:

$$\:{T}_{i,j}^{indirect}\left(t\right)=\frac{{\sum\:}_{k\in\:{N}_{i}\setminus\:\left\{j\right\}}{T}_{i,k}\left(t\right)\times\:{T}_{k,j}\left(t\right)}{\left|{N}_{i}\setminus\:\left\{j\right\}\right|}$$
(10)

where \(\:{N}_{i}\) is the set of neighbors of the device \(\:i\), and \(\:{T}_{i,k}\left(t\right)\) and \(\:{T}_{k,j}\left(t\right)\) are the trust values between devices \(\:i\) and \(\:k\), and \(\:k\) and \(\:j\), respectively.

where \(\:{T}_{i,k}\left(t\right)\) is the trust value between device \(\:i\) and device \(\:k\) at time \(\:t\), \(\:{T}_{k,j}\left(t\right)\) is the trust value between device \(\:k\) and device \(\:j\) at time \(\:t\) and \(\:{N}_{i}\)​ is the set of neighbors of device \(\:i\).

The overall trust score \(\:{T}_{i,j}\left(t\right)\) is a combination of direct and indirect trust, weighted by a factor \(\:\alpha\:\):

$$\:{T}_{i,j}\left(t\right)=\alpha\:\times\:{T}_{i,j}^{direct}\left(t\right)+(1-\alpha\:)\times\:{T}_{i,j}^{indirect}\left(t\right)$$
(11)

where \(\:\alpha\:\) is a weighting factor between \(\:0\) and \(\:1\) that determines the influence of direct and indirect trust.

Trust values are periodically updated to reflect recent interactions and decay over time to account for the aging of past interactions. The update mechanism can be represented as:

$$\:{T}_{i,j}(t+\varDelta\:t)=(1-\beta\:)\times\:{T}_{i,j}\left(t\right)+\beta\:\times\:{T}_{i,j}^{new}(t+\varDelta\:t)$$
(12)

where \(\:\varDelta\:t\) is the time interval, \(\:\beta\:\) is the decay factor and \(\:{T}_{i,j}^{new}(t+\varDelta\:t)\) is the trust value based on the most recent interaction.

Devices with consistently low trust scores are flagged as potentially malicious. This is determined by setting a threshold \(\:\tau\:\):

$$\:If\:{T}_{ij}\left(t\right)<\tau\:,\:then\:device\:j\:is\:flagged\:as\:malicious$$
(13)

Trust scores are propagated through the network to inform other devices about the reliability of their peers. The probability \(\:{P}_{ij}\left(t\right)\) that device \(\:i\) trusts device \(\:j\) can be modeled using a sigmoid function:

$$\:{P}_{ij}\left(t\right)=\frac{1}{1+{e}^{-\gamma\:\times\:\left({T}_{ij}\right(t)-\tau\:})}$$
(14)

where \(\:\gamma\:\) is a sensitivity parameter.

The aggregated trust \(\:{A}_{i}\left(t\right)\) of device \(\:i\) is computed by summing the trust values from all its neighbors:

$$\:{A}_{i}\left(t\right)=\sum\:_{j\in\:{N}_{i}}{T}_{ij}\left(t\right)$$
(15)

In this way, the AI-Based Trust Assessment applies those mathematical models and algorithms to make certain relevant assessments and properly assess the trustworthiness of the devices and the data within MSNs without compromising the entire network’s security.

Authentication and key establishment protocols

The Authentication and Key establishment scheme are the principles for securing communication in Medical Sensor Networks (MSNs). These protocols are further visioned to be lightweight and efficient, using best-of-breed Elliptic Curve Cryptography (ECC) to guarantee security with minimal computation cost.

figure a

The authentication protocol ensures that only legitimate devices can join the network by using the Elliptic Curve Digital Signature Algorithm (ECDSA) to sign and verify messages. The data flow diagram (DFD) for Authentication and Key Establishment Protocol is depicted in Fig. 2.

Fig. 2
figure 2

DFD for authentication and key establishment protocols.

Full size image
figure b

The security analysis of the authentication and key establishment protocols involves evaluating the following aspects:

  • The security of ECC is based on the difficulty of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP). Given \(\:Q=d\times\:G\), It is computationally infeasible to determine \(\:d\) from \(\:Q\) and \(\:G\).

  • The resulting shared secret SSS is an ECDH-derived secret that ensures messages will be read only by the devices that generated it. The strong mathematics of ECDLP guarantees confidentiality.

  • The use of nonces \(\:{N}_{A}\) ​and \(\:{N}_{B}\) ​ It provides for session uniqueness and guards against replay attacks. Any change in the messages is detected when decrypted and verified.

  • The mutual exchange and verification of nonces enable the mutual authentication of the two devices. The mutual authentications, also with the signatures based on ECDSA, now guarantee that the messages originate from genuine devices.

Man-in-the-Middle (MitM) attacks are prevented by ECC and the secure exchange of public keys. To break the shared secret, an attacker must solve the ECDLP. The use of nonces guarantees that each communication session is fresh and prevents replay attacks. A captured message cannot be reused because the nonces would be invalid.

  • Since \(\:{Q}_{B}={d}_{B}\times\:G\) and \(\:{Q}_{A}={d}_{A}\times\:G\): \(\:{S}_{A}={d}_{A}\times\:({d}_{B}\times\:G)={d}_{B}\times\:({d}_{A}\times\:G)={S}_{B}\)

  • Messages encrypted with S ensure confidentiality.

  • Verification of nonces ensures integrity and authentication.

Incorporating ECC-based protocols for key establishment and authentication in the AI-driven security framework further guarantees strong security with very low computational overhead, thus proving it well-suited to resource-constrained MSNs. The combination of such protocols provides strong security protection against various cyber threats in the network.

Experimental setup

To provide fairness, transparency, and reproducibility, the proposed CNN–TMS–ECC framework was tested and applied to a controlled computing environment. This part outlines the implementation platform, system setup, model parameters, and dataset validation procedure.

Implementation environment

All the experiments were conducted using Python 3.10, TensorFlow 2.10, and Keras for implementing the deep learning components, and the OpenSSL library for performing the cryptography operations. It was tested on a workstation running Ubuntu 22.04 LTS, Intel Core i7-12700 K (3.6 GHz) CPU, NVIDIA RTX 3080 (10 GB VRAM) graphics card, and 32 GB RAM. This system setup was selected to explore real-time medical data processing and to evaluate the computational performance of the framework under actual implementation conditions.

Model configuration and parameters

The CNN-based Intrusion Detection System (IDS) was trained using the Umas dataset, which is a set of labeled network traffic flows of normal and attack behavior. The CNN design has been made in a way that creates the optimal trade-off between the modeling costs and accuracy. This model would have 64 input neurons, which represented the predetermined features, two convolutional layers, each having 32 and 64 filters, and with a 3 × 3 kernel size. The ReLU activation function was used to enable non-linearity, and MaxPooling (2 × 2) was used to reduce the spatial dimensions. This was further followed by two linked layers, which contained 128 and 64 neurons respectively, followed by a multi-class output layer, which was the Softmax. This network too was trained using the Adam optimizer, a learning rate of 0.001, and categorical Cross-entropy loss. The model was trained for 50 epochs, using a 64 batch size and a dropout rate of 0.4.

The Trust management system (TMS) was operating with a trust update interval (DT) of 10 s and a trust threshold (\(\:{\tau\:}_{th}\)) of 0.6. It conducted a proactive test of node reliability by observing behavior, comparing data integrity, and identifying malicious nodes that later recalculated trust scores in real time.

Lightweight Authentication Protocol w.r.t. ECC involves the use of 256-bit keys developed on the P-256 elliptic curve, and therefore the protocol is highly secure and has low computational cost. The integrity of messages was verified using SHA-256 hashing, and the session data was symmetrically encrypted with AES-128. The authentication algorithm also aims to provide mutual authentication through a nonce-based key exchange and the generation of a session key, which ensures privacy and prevents replay attacks.

Evaluation metrics

The given CNN-TMS-ECC was evaluated using a number of quantitative evaluation metrics. These metrics assess the precision of intrusion detection, the reliability of classification, and the framework’s computational efficiency. The indicators selected are Accuracy, Precision, Recall, F1-Score, and Processing Time. All these actions provide distinct insights into the system’s dynamics and its capacity to identify malicious activities while maintaining the real-time performance of MSN resources, which are limited.

The mathematical formulations for these metrics are defined as follows:

$$\:\text{Accuracy}=\frac{TP+TN}{TP+TN+FP+FN}$$
(16)
$$\:\text{Precision}=\frac{TP}{TP+FP}$$
(17)
$$\:\text{Recall}=\frac{TP}{TP+FN}$$
(18)
$$\:\text{F1-Score}=2\times\:\frac{(\text{Precision}\times\:\text{Recall})}{(\text{Precision}+\text{Recall})}$$
(19)
$$\:\text{Processing\:Time\:(}\text{ms}\text{)}=\frac{\sum\:_{i=1}^{n}{t}_{i}}{n}$$
(20)

Where \(\:TP\), \(\:TN\), \(\:FP\), and \(\:FN\) denote true positives, true negatives, false positives, and false negatives, respectively. The term \(\:{t}_{i}\)represents the time taken to process each detection instance, and \(\:n\)is the total number of instances evaluated.

Results and discussion

The CNN-based IDS achieves high accuracy, precision, and recall, and is effective at identifying network intrusions in MSNs. Based on the performance metrics, this system is far superior to conventional security solutions, particularly in detection accuracy and processing speed.

The CNN-based IDS has been evaluated based on accuracy, precision, recall, F1-score, and processing time. The measures provide an overall picture of how the proposed IDS identifies network intrusions and its real-time efficiency. The general accuracy of IDS under a variety of test conditions is represented in Table 3. The CNN-based IDS achieved 95% accuracy across various scenarios.

Table 3 Accuracy of the IDS.
Full size table

Table 4 presents precision and recall values of the different kinds of intrusions that exist, and as can be observed, the values of precision and recall are very high in all the types of intrusions. It shows that the IDS is effective at identifying intrusions with high accuracy, with few false positives and negatives.

Table 4 Precision and recall for different intrusion types.
Full size table

The summarized F1-scores for the different types of intrusion are shown in Table 5. It also indicates a well-balanced performance, showing that the IDS maintains high precision without sacrificing recall.

Table 5 F1-scores for different intrusion types.
Full size table

Another critical aspect of the IDS’s real-time performance is processing time. The system’s rapid reaction to threats can be influenced by the time required to handle each case. Table 6 provides the average processing time per instance at various load conditions. According to the results, the ID system processes high-load data with low latency, which is believed to be the primary requirement for real-time intrusion detection. The system’s data processing capabilities under all load conditions enable its use in environments where it is necessary to detect intrusions as quickly as possible.

Table 6 Average processing time per instance.
Full size table

Figure 3 presents the average processing times for the CNN-based IDS under various load conditions, illustrating how the system’s processing efficiency changes as the network load increases.

Fig. 3
figure 3

Average processing time per instance under different load conditions.

Full size image

Figure 4 shows the normalized percentage-based confusion matrices of the proposed CNN-based IDS under several situations. The overall classification accuracy for Normal, Suspicious, and Malicious traffic, as shown in Fig. 4a, exceeds 95% in both precision and recall. The results of Fig. 4b show trustworthy differentiation between normal and abnormal traffic. Figure 4c shows correct detection across the various attack subclasses (DoS, Spoofing, Injection), whereas Fig. 4d presents a row-wise normalized representation that shows equal performance across all categories. The findings validate that the model has a high detection rate and generalizes to real-time intrusion detection in MSNs.

Fig. 4
figure 4

Confusion matrix of CNN-based IDS on Umas dataset.

Full size image

Overall, this CNN-based IDS performance evaluation indicates that the system is successful and efficient at detecting intrusions in MSNs. This enables improvements in the security of smart healthcare systems. The next generation of work should aim to improve the detection of more complex types of intrusion and to optimize systems to achieve even lower latency.

The effectiveness of TMS lies in defining the computation of trust rates, identifying malicious activities, and assessing the network’s overall reliability. The main performance measures will be the accuracy of trust calculation, trust-based decision-making, response time, and system reliability.

The correctness of the TMS in computing trust scores is fundamental to determining whether equipment within the network can appropriately assess the credibility of its colleagues. Table 7 accurately calculates trust. Thus, the TMS is quite precise in computing the trust scores in the vast majority of cases and has up to 98% accuracy in its everyday interactions.

Table 7 Trust computation accuracy.
Full size table

The TMS’s response time is an essential aspect of real-time, trust-based assessment and decision-making. Table 8 shows average response times of trust computations and trust-based decisions under different load conditions. The response-time analysis indicates that a TMS can perform trust computations and make trust decisions promptly, even under peak load conditions. This is crucial for the real-time security and reliability applications of MSNs.

Table 8 Average response time for trust computation and decision-making.
Full size table

System reliability is quantified as the TMS’s capacity to maintain correct trust scores, enabling accurate long-term decisions, even in the presence of malicious nodes. From the results obtained on the system’s reliability, TMS maintains consistent trust scores and accurate decision-making over a long duration, even with malicious nodes, as evident in Table 9. This long-term reliability will ensure that the network remains secure and trusted.

Table 9 System reliability over time.
Full size table

Figure 5 illustrates the average response time for a trust computation process and decision-making in the TMS under different network load conditions, providing insight into how the system will perform in real-time operation.

Fig. 5
figure 5

Average response time for trust computation and decision-making.

Full size image

Figure 6 shows the system reliability metrics, such as trust score deviation and decision error rate, as a function of time. It demonstrates that the TMS maintains its reliability over prolonged associations, although the network continues to function and may encounter evolving security threats.

Fig. 6
figure 6

System reliability over time.

Full size image

Overall, it is assessed that the TMS responds in a timely and correct manner with trust assessment and dependable decision-making, therefore being a robust solution to strengthen the security and reliability of MSNs for smart healthcare. Future work should focus on optimizing the TMS toward lower latency and higher scalability, together with advanced techniques for better detection and mitigation of more sophisticated malicious behaviors.

Resource efficiency and operational impact

Resource efficiency of the proposed AI-driven security framework, in conjunction with CNN-based IDS and TMS, is vital for deployment within MSNs in operations. This section evaluates computational resources used, energy consumption, and overall network operational impact.

The CPU and memory consumption are obtained by measuring the usage while the IDS and TMS run on it. Ideal resource consumption ensures that the security framework performs efficiently without causing a load on the nodes within the network. Table 10 This shows the security framework’s computational resource usage. IDS and TMS consume 45% of the CPU, whereas memory consumption is 250 MB. This implies that the framework can perform reasonably well on ordinary network nodes without overloading them.

Table 10 Computational resource utilization.
Full size table

Energy consumption is a critical concern for MSNs, specifically battery-powered medical devices. Table 11 This table presents the energy consumption of the IDS and TMS while operating. The 0.8 W of combined power consumption indicates that this security framework is energy-efficient and can be deployed in resource-constrained environments for the long term.

Table 11 Energy consumption.
Full size table

The network’s operational performance is measured by latency, throughput, and packet loss rate before and after deploying the security framework. These determine whether the security measures introduce significant delays or degrade the network’s performance. The slight increase was the operational impact on the network performance concerning latency and packet loss rate, while a slight decrease was measured regarding the throughput, as reflected in Table 12. The minor changes noted are an increase in latency from 10 to 15 ms, a decrease in throughput from 100 to 95 Mbps, and an increase in packet loss rate from 0.1% to 0.2%. It is suggested that the network’s performance will not deteriorate significantly as a result of this security framework.

Table 12 Operational impact on network performance.
Full size table

Resource-efficiency and operational-impact analysis results indicate that the proposed AI-driven security framework exhibits efficient computational resource use and energy consumption and only slightly affects network performance. This makes it a viable solution for enhancing the security and reliability of MSNs in smart healthcare systems. Future work must ensure that resource utilization is optimized and that operational impact is reduced to facilitate easy integration with existing network infrastructures.

The proposed AI-driven security framework for MSNs should be benchmarked with state-of-the-art security solutions to show its effectiveness. Performance comparisons are demonstrated using measures of accuracy, precision, recall, F1-score, processing time, computational resource utilization, and energy consumption. The operational impact on the network performance is summarized in Table 13.

Table 13 Comparison of key performance metrics.
Full size table

This proposed AI-induced security framework has shown improvements across all identified performance measures compared with the existing security solution, as analyzed in the previous section. The proposed framework achieves higher accuracy, precision, recall, and F1 score, and therefore will effectively identify intrusions in computer networks.

The average processing time obtained in this work, compared to other solutions, provides evidence of its effectiveness for real-time intrusion detection. The reduced average processing time defines MSN performance and is closely linked to the time-sensitive paradigm of protecting against security threats.

The proposed framework also consumes fewer CPU and memory resources than comparable existing solutions. Thus, normal network nodes can operate effectively without intensive use of the security framework, resulting in smaller CPU and memory consumption.

Table 14 presents the comparative performance of the proposed CNN-TM-ECC framework with state-of-the-art models in MSNs.

Table 14 Comparative performance of the proposed CNN–TMS–ECC framework with state-of-the-art security models in MSNs.
Full size table

Moreover, the energy consumption of this proposed framework is smaller than that of existing ones, making it feasible for implementation in battery-powered medical devices within power-limited MSNs.

The network performance operational effect suggests that the proposed framework has lower latency and fewer packet drops, and greater throughput. This implies that the security framework does not actually undermine network performance relative to other networks, which is critical to MSNs in terms of reliability and efficiency.

The current security systems are more resource-intensive than the suggested AI-powered security system, which operates more efficiently. Hence, the solution can be effectively used to improve security and reliability in MSNs to SHSs. They need to be refined in future work to enhance the efficiency and flexibility of the suggested framework for the conditions that influence the networks.

Conclusion and future work

This paper introduced a comprehensive AI-enhanced security architecture of MSNs comprising a CNN-based IDS, a dynamic TMS, and a lightweight ECC-based authentication. The architecture proposed aimed to address prominent issues in MSN environments, such as real-time attack detection, secure cooperation among nodes, and efficient resource-based authentication. Upon overall analysis of a standardized medical-IoT data set, the framework demonstrated high effectiveness across various aspects, including high detection rates, accurate trust scores, minimal latency, and competitive energy consumption.

Three significant contributions are noted in the results. To begin with, CNN-based IDS is effective at detecting various types of intrusions with high classification rates. Second, the TMS enhances network reliability by responsively evaluating node behavior and curbing malicious activity. Third, the ECC-based authentication mechanism is lightweight, provides key management, and supports mutual authentication, which are appropriate for resource-constrained devices. Collectively, these elements constitute a unified, multi-layered security system specific to the provision of healthcare monitoring infrastructure in the present day.

Though these are encouraging results, there are still many areas where progress can be made. Future research will target (i) Implementing and testing the framework on MSN testbeds based on real-life requirements where performance is measured in both large-scale and heterogeneous settings (ii) developing the intrusion detecting component with federated or continual learning algorithms to maintain accuracy as the network conditions are changing (iii) optimizing the trust computation model to large-scale and heterogeneous device settings (iv) and integrating long-term resilience with post-quantum cryptographic primitives. Moreover, investigating dynamic adaptation security policies that reduce output, energy, and privacy requirements is also a promising approach. The proposed framework provides a robust foundation for developing next-generation MSNs, and the defined future directions will enhance resilience in newly developed healthcare IoT systems.