Skip to main content
Advertisement
Browse Subject Areas
?

Click through the PLOS taxonomy to find articles in your field.

For more information about PLOS Subject Areas, click here.

  • Loading metrics

Remote medical system driven by medical big models: Dynamic defense model for network security threats

  • Zhenfeng Weng,

    Roles Writing – original draft, Writing – review & editing

    Affiliations School of Cyber Science and Engineering, Southeast University, Nanjing, China, Shenzhen Second People’s Hospital, Shenzhen, China

  • Yining Hu ,

    Roles Writing – original draft, Writing – review & editing

    utuo5821@Outlook.Com

    Affiliation School of Cyber Science and Engineering, Southeast University, Nanjing, China

  • Dayong Gu,

    Roles Writing – original draft

    Affiliation Shenzhen Second People’s Hospital, Shenzhen, China

  • Zhichu Wang,

    Roles Writing – original draft

    Affiliation Cancer Hospital Chinese Academy of Medical Sciences, Shenzhen Center, Shenzhen, China

  • Yunfeng Guo

    Roles Writing – original draft

    Affiliation School of Cyber Science and Engineering, Southeast University, Nanjing, China

Abstract

As telemedicine systems become increasingly interconnected and medical big models are more widely deployed, remote medical infrastructures face growing cybersecurity risks. Traditional static defense mechanisms rely on predefined rule libraries and delayed patching cycles, which makes them inadequate for fast-evolving attacks in medical environments. This creates persistent risks such as model parameter leakage, insufficient privacy protection, and single-point failures in network architecture. We hypothesize that a dynamic defense framework integrating intelligent decision-making, trusted coordination, and hardware acceleration can better balance security, privacy, and real-time performance in medical scenarios. To test this hypothesis, we develop a reinforcement learning (RL)-driven adaptive dynamic defense strategy as the core decision-making module and integrate it with three supporting components: a security-enhanced model protection architecture based on an improved Shamir threshold scheme, adversarial training, and differential privacy; a blockchain-based verification mechanism using improved PBFT; and FPGA-based hardware acceleration using the Xilinx XC7K325T platform. The framework is implemented and evaluated using NS-3, Python 3.8 with PyTorch 1.12, Hyperledger Fabric 2.4, and the publicly available Synthetic IoMT Security Dataset. Across the evaluated regional medical alliance and emergency ambulance scenarios, the proposed system increases the zero-day attack blocking rate from 68.5% to 99.3%, improves medical image encryption throughput from 120 Mbps to 450 Mbps, reduces CPU peak utilization by 47.8%, eliminates privacy leakage incidents during cross-institutional data sharing, and stabilizes core clinical service latency within 35 ms. These results indicate that the proposed framework can enhance the security and operational resilience of remote medical systems under the evaluated conditions. Simulated results and deployment-based observations are distinguished in the corresponding sections.

1 Introduction

The rapid development of telemedicine technology is profoundly changing the traditional healthcare service model (Fig 1). The number of globally connected medical devices has reached 28.7 billion, with an average annual growth rate of over 32%, covering the entire medical ecosystem from wearable health monitoring to intelligent surgical robots [1]. However, the increasing interconnectivity of telemedicine infrastructures has exposed healthcare systems to more complex and evolving cybersecurity threats, particularly in data transmission, device coordination, and cross-institutional access control [2,3]. More seriously, the average vulnerability repair cycle for medical devices is as long as 42 days, far higher than the 7-day repair cycle of the financial system, exposing the unique security protection shortcomings of the medical industry [4].

thumbnail
Fig 1. Telemedicine applications and scenarios.

https://doi.org/10.1371/journal.pone.0348572.g001

Medical big models are formally defined as large-scale foundation models tailored for medical scenarios. They feature over 100 billion trainable parameters, are pre-trained on multi-source medical data (e.g., clinical records, medical images, physiological signals), and support generalizable medical tasks (e.g., diagnosis, treatment recommendation, data analysis) via fine-tuning. Their growing application has improved the efficiency and scalability of remote diagnosis and treatment, but it has also introduced new security risks. A typical medical big model contains over 175 billion trainable parameters and has a training cost exceeding 10 million US dollars, making it a key target for attackers [5,6,7,8]. Notably, deep learning-driven medical decision support systems and cancer diagnosis models—core applications of medical big models—rely heavily on high-quality labeled data and stable model inference, yet their security vulnerabilities (e.g., adversarial sample attacks, parameter leakage) can directly compromise diagnostic accuracy [9,10]. Research has shown that attacks targeting model parameters and inference pipelines may degrade diagnostic reliability and compromise the robustness of medical AI systems [11], while adversarial perturbations designed for cancer diagnosis models can lead to misclassification of malignant tumors with a success rate of 34.2% [10], highlighting the urgency of targeted security protection for medical big model applications.

The rise of dynamic defense provides a promising direction for addressing security threats in medical networks. Traditional static defense mechanisms rely on pre-defined rule libraries and feature matching, making it difficult to effectively respond to rapidly evolving attack techniques [12]. Dynamic defense builds more flexible security barriers by perceiving real-time network conditions and autonomously adjusting protection strategies. This active defense mode naturally aligns with medical systems’ demands for high reliability and low latency. However, in practical deployment, it still faces key technical challenges—such as inefficient strategy decision-making and dynamic resource scheduling—requiring a dedicated protection system for medical scenarios [13].

This study proposes a multi-level dynamic defense framework for remote medical systems driven by medical big models. The core contribution is the design of an RL-driven adaptive dynamic defense strategy tailored to medical scenarios, in which the state space, action space, and reward mechanism are explicitly optimized to account for clinical service priority, latency constraints, and heterogeneous device risk. To support secure and real-time deployment, the framework further incorporates three enabling components: a security-enhanced model protection architecture, blockchain-based strategy verification, and FPGA-based hardware acceleration. Rather than treating these modules as independent contributions, this work integrates them into a closed-loop defense framework intended to improve attack response, trusted coordination, privacy protection, and resource efficiency in medical environments [14,15]. The remainder of this paper is organized as follows. Section 2 reviews related work on medical big model security, remote medical network architecture, and dynamic defense technologies. Section 3 presents the system architecture and core algorithm design. Section 4 describes the experimental setup and case studies. Section 5 discusses the main findings, practical implications, and limitations of the proposed framework. Section 6 concludes the paper and outlines directions for future research (Fig 2).

thumbnail
Fig 2. Architecture of the proposed dynamic defense framework for remote medical systems driven by medical big models.

https://doi.org/10.1371/journal.pone.0348572.g002

2 Research progress

2.1 Research on the security of medical large models

Existing security protection systems for medical big models (as defined in the Introduction: large-scale foundation models with over 100 billion parameters, pre-trained on multi-source medical data) still face multiple challenges. Research has found that the parameter scale of typical medical big models has exceeded billions, and their training process involves data collaboration from dozens of medical institutions, resulting in a significant expansion of the attack surface [16]. The success rate of man-in-the-middle attacks targeting model parameters is as high as 28.3%, and attackers can extract sensitive patient features through reverse engineering [17,18]. Deep learning-based medical decision systems, such as those for cancer diagnosis, are particularly vulnerable to data poisoning and adversarial attacks due to their reliance on large-scale medical image and pathological data [9,10]—a risk that traditional security schemes often overlook by focusing solely on network layer protection rather than model-specific vulnerabilities. While existing federated learning frameworks prevent data from leaving the domain, they still face gradient leakage attacks in practical use. Tests show that traditional gradient protection schemes only achieve a 67.4% defense rate against member inference attacks [19]. This flaw is more obvious in deep learning-driven diagnostic models, as their gradient information contains richer clinical feature patterns [10].

Recent research has made breakthrough progress in the field of model security enhancement. Homomorphic-encryption-based aggregation can reduce leakage risk, but its computational overhead may significantly affect training efficiency in latency-sensitive medical environments [20,21]. The dynamic adversarial training technique improves the robustness of the model in heart disease diagnosis tasks by 19.8 percentage points by generating diverse attack samples [22]. However, these solutions still face response delay issues in emergency scenarios with high real-time requirements, making it difficult to meet the timeliness requirements of clinical diagnosis and treatment.

2.2 Remote medical network architecture

The topology design of remote medical networks directly affects system security performance (Fig 3). The current mainstream architecture adopts a centralized cloud platform model, but a single point of failure may cause regional service interruptions. Actual data shows that when a central node is attacked by DDoS, the system recovery time can be as long as 36 minutes [23]. Although the introduction of edge computing nodes can alleviate the delay pressure, it has brought new security risks. The number of edge device firmware vulnerabilities has increased by 57% annually, of which high-risk vulnerabilities account for 23% [24].

The new network slicing technology provides new ideas for ensuring the quality of medical services. Research has shown that 5G network slicing can control the transmission latency of medical images within 20ms, but slice isolation vulnerabilities in multi tenant environments may trigger cross business attacks [25,26,27,19,28]. Physical layer security technology uses channel feature encryption to reduce the success rate of wireless transmission eavesdropping from 15.2% to 1.8%. However, this solution requires high computing power from devices and is difficult to popularize in resource limited wearable devices [29]. These contradictions highlight the shortcomings of existing architectures in balancing security and efficiency.

2.3 Dynamic defense technology

Research on dynamic defense is increasingly moving from static, rule-based response toward adaptive and predictive protection. Recent studies suggest that data-driven traffic analysis and learning-based security models can improve the detection of emerging attacks compared with conventional signature-based mechanisms, although interpretability and deployment stability remain important concerns in complex medical environments [30,31,32]. For remote medical systems, this shift is particularly important because security decisions must be made under strict latency, reliability, and service-continuity constraints. In this context, reinforcement learning provides a useful basis for adaptive defense, as it enables strategy selection according to changing network conditions and device priorities; however, existing studies still provide limited support for medical-specific constraints such as clinical priority, heterogeneous device criticality, and cross-institutional trust requirements [32,22].

At the same time, hardware-assisted security technologies have improved the practical feasibility of dynamic defense deployment. Programmable security hardware and lightweight trusted execution mechanisms can strengthen encryption, monitoring, and trusted execution, but their application in medical environments remains constrained by device power budgets, heterogeneous resource availability, and the need for coordinated scheduling across multiple system layers [33,34]. Related studies further indicate that dynamic defense in complex networks depends not only on attack detection, but also on cross-layer coordination, resource allocation, and timely strategy execution, all of which remain challenging in latency-sensitive medical scenarios [35,36].

Against this background, the present study positions its contribution as a medically tailored integrated framework rather than a single-function defense method. Existing RL-based schemes mainly emphasize attack detection or strategy optimization, but often provide limited support for privacy protection and real-time coordination in clinical settings [32,22]. Blockchain-aided approaches strengthen traceability and trust, yet they do not always support adaptive attack response or efficient edge-side scheduling [25,37]. Hardware-accelerated methods improve encryption efficiency, but their effectiveness is reduced when they are not coordinated with upper-layer defense logic and network-level strategy control [33,34]. Accordingly, the novelty of this study lies in integrating RL-driven adaptive defense, blockchain-based verification, and hardware acceleration into a closed-loop framework for medical scenarios, with the aim of balancing security effectiveness, trusted coordination, and real-time service requirements [25,37,35,36].

3 System architecture design

3.1 Medical model security enhancement architecture

The improved Shamir threshold scheme is adopted to achieve distributed storage of model parameters, with parameters distributed across multiple nodes through sharding thresholds. The theoretical probability of leakage is reduced to 10^-12, meeting the confidentiality requirements of medical data. The adversarial example generation module, combined with the projected gradient descent method, improves the adversarial accuracy on the CIFAR-10 data set by 21.3%. Differential privacy gradient noise injection reduces the success rate of member inference attacks from 34.2% to 3.8%, forming a technical closed loop with privacy leakage event zeroing. Ethical approval and informed consent statements: The use of supplementary de-identified clinical data in this study was approved by the Ethics Committee of Shenzhen Second People’s Hospital (Approval No. SZPH-2023–089). All supplementary clinical data used in this work were de-identified prior to analysis and were handled in accordance with institutional ethical requirements.

Implementing parameter distributed storage using an improved Shamir threshold scheme [38]:

(1)

Among them, is the original model parameter, is the minimum number of decrypted shards, is the total number of shards, and is the prime number that satisfies.

This design ensures that attackers need to simultaneously breach at least one node to recover parameters, with a theoretical leakage probability of:

(2)

At that time, it met the confidentiality requirements for medical data.

Define the joint optimization objective of adversarial sample generation and model robustness [39]:

(3)

Among them, is the model parameter, is the adversarial disturbance, and is the disturbance constraint coefficient.

Using the projection gradient descent method to solve:

(4)

For disturbance upper limit, for step size. The experiment shows that this scheme improves the adversarial accuracy of the model on the CIFAR-10 dataset from 62.4% to 83.7%.

Design a gradient noise injection formula based on differential privacy:

(5)

Among them , is the original gradient, is the gradient sensitivity, is the privacy budget, and is the failure probability. This mechanism satisfies differential privacy, reducing the success rate of member inference attacks from 34.2% to 3.8%.

3.2 Remote medical network topology

Based on the Voronoi diagram area coverage optimization model, the edge node layout is iteratively optimized through the Lloyd algorithm, resulting in a compression of access latency to 18.7ms. The multi-objective optimization model employs the NSGA-II algorithm to balance bandwidth allocation and noise suppression, thereby increasing the medical image transmission rate to 1.2Gbps (Fig 4). The adaptive retransmission mechanism, combined with LDPC coding, reduces the end-to-end bit error rate from 10^-3–10^-7, supporting a 99.99% transmission success rate for 4K video streams.

Constructing an area coverage optimization problem based on Voronoi diagram:

(6)

Among them, is the edge node coordinate, is the i-th Voronoi unit, and is the density function of regional medical equipment. By iteratively solving using the Lloyd algorithm, the average access delay is reduced to .

Establish a multi-objective optimization model:

(7)

For slice bandwidth, for business priority weight, and for noise power density. Using NSGA-II algorithm to solve Pareto front and achieve medical image transmission rate .

Define the success probability model for adaptive retransmission mechanism [37]:

(8)

For the second retransmission delay, for the threshold, and for the adjustment factor. Combined with LDPC encoding, the end-to-end error rate is reduced .

3.3 Dynamic defense core algorithm

As the core technical component of the proposed framework, the RL-driven dynamic defense strategy integrates threat scoring, defense decision-making, and resource scheduling. The state space includes network load, attack strength, and clinical service priority, while the action space covers six defense operations and the reward function balances security effectiveness with latency constraints. Under the evaluated conditions, the RL strategy improved convergence speed by 5.3-fold compared with general RL-based defense schemes, while the supporting blockchain mechanism maintained a verification delay of 2.34 ms at 50 nodes.The threat scoring model combines vulnerability severity, traffic anomaly, and historical attack frequency using AHP-derived weights (ω₁ = 0.4, ω₂ = 0.35, ω₃ = 0.25) to trigger three defense levels. Sensitivity analysis showed that ±10% changes in these weights caused no more than 3.2% fluctuation in threat-scoring accuracy, supporting parameter robustness. In addition, the resource scheduling module improved resource utilization by 35% and reduced CPU peak utilization by 47.8%, indicating that the proposed strategy can coordinate security performance and operational efficiency under the evaluated conditions.

(9)

Among them, represents real-time threat rating, used to trigger defense level, represents vulnerability severity (normalized to 0–1), represents traffic anomaly (calculated as the deviation between real-time traffic and baseline), represents historical attack frequency (times/week normalized to 0–1), and represents weight coefficient (= 0.4, = 0.35, = 0.25, determined by analytic hierarchy process based on clinical risk assessment) [40].

(10)

For channel bandwidth, transmission power, channel fading coefficient, and single frame encryption delay,.

(11)

For protocol hopping, topology reconstruction, and full traffic cleaning.

The threat assessment module generates real-time risk scores by integrating multidimensional indicators, and the resulting thresholds determine defense-level switching. Under the Q-learning framework shown in Table 1, strategy convergence in complex attack scenarios was 5.3 times faster than conventional methods. The blockchain verification mechanism maintained 2.34 ms latency at 50 nodes and remained within 50 ms at 200 and 500 nodes, although delay exceeded 50 ms beyond 800 nodes, supporting the need for hierarchical consensus optimization. The privacy setting (ε = 0.5, δ = 10 ⁻ ⁵) balanced privacy protection and data utility, while resource utilization remained 78.9% under DDoS attacks.

The proposed architecture combines privacy protection, topology optimization, and dynamic defense in a unified framework. An improved Shamir threshold scheme supports distributed parameter storage, while adversarial training and differential privacy gradient perturbation form a privacy–robustness protection loop. In parallel, Voronoi-based edge layout optimization, NSGA-II bandwidth allocation, and LDPC-assisted retransmission improve network efficiency and reduce the bit error rate to 10 ⁻ ⁷. Together with blockchain-assisted decision verification and constrained resource scheduling, these modules establish a closed-loop process linking threat detection, defense decision-making, and resource coordination (Fig 5).

The RL strategy was explicitly defined by a 6-dimensional state space, 6 defense actions, and a reward function combining security, efficiency, and cost. Training was conducted for 72 hours on an NVIDIA Tesla V100 over 10,000 episodes, with convergence reached after 7,500 episodes. Sensitivity analysis showed that ±10% changes in α and γ caused ≤3.2% fluctuation in attack blocking rate, while ±20% changes in state or action dimensions caused ≤5.7% latency variation. Ablation results further showed that removing RL reduced zero-day blocking from 99.3% to 67.6% and increased CPU utilization from 48% to 95%.

4 Experimental design and case study

4.1 Design of security coprocessor

To verify the hardware support capability of the dynamic defense system, this study developed a medical specific security coprocessor based on the FPGA platform (Fig 6). By comparing six mainstream encryption chips, the XC7K325T chip with 28nm technology was ultimately selected as the core component. Its AES-256 encryption throughput reached 38.7 Gbps and ECC signature speed was 12450 times/second, meeting the real-time encryption requirements of medical data. Further testing was conducted on the performance of the coprocessor in typical medical scenarios. The ECG encryption latency was as low as 12.3 ns, and the anti-DPA (Differential Power Analysis) attack success rate exceeded 99.93%, significantly better than traditional software encryption schemes.

This study shows that the XC7K325T chip with 28nm process achieves the best balance between power consumption (1.2W) and throughput (38.7Gbps), and its ECC signature speed of 12450 times/second meets the real-time requirements of medical data exchange. According to Table 2, although AG14K017 with 7nm process has a peak performance of 73.8Gbps, its application in mobile devices is limited by a power consumption of 0.7W. The anti side channel attack level indicator shows that the CC EAL6 + authentication chip has a success rate of up to 99.97% in resisting differential power analysis attacks, providing hardware support for subsequent security coprocessor designs.

thumbnail
Table 2. Comparison of performance parameters of encryption chips.

https://doi.org/10.1371/journal.pone.0348572.t002

Research on testing data for six typical medical business scenarios to verify the effectiveness of hardware acceleration solutions. The encryption delay of the electrocardiogram is 12.3 ns, which is better than the clinical requirement of 50 ns threshold. The surgical instruction signature verification speed is 41230 times/second, ensuring the real-time control of the robot. According to Table 3, the success rate index of anti DPA attacks fluctuates between 99.93% and 99.99%, reflecting the ability of chip level protection to safeguard sensitive medical data. The encrypted throughput in the drug traceability chain scenario is 26890 times per second, meeting the concurrent requirements of distributed medical IoT devices.

thumbnail
Table 3. Performance testing of security coprocessors.

https://doi.org/10.1371/journal.pone.0348572.t003

4.2 Experimental environment construction

We constructed a multi-level simulated medical environment including 150 intelligent monitors, 80 ultrasound imaging devices, and 30 surgical robots, corresponding to an average of 150,000 remote diagnosis and treatment requests per day. The hardware platform consisted of a server with a 32-core Intel Xeon E5-2690 v4 CPU, 128 GB DDR4 memory, a 1 TB NVMe SSD, and a Xilinx XC7K325T FPGA, while RL model training was performed on a single NVIDIA Tesla V100 GPU with 32 GB HBM2 memory. The software stack included NS-3 3.36 for traffic simulation, Python 3.8 with PyTorch 1.12 for RL implementation, Hyperledger Fabric 2.4 for blockchain consensus, Scapy 2.5.0 for traffic analysis, and SPSS 26.0 for statistical analysis. The datasets comprised the publicly available Synthetic IoMT Security Dataset and supplementary de-identified clinical data (3000 ECG signals and 2000 electronic medical records). Ethics approval for the use of the supplementary clinical data was obtained from the Ethics Committee of Shenzhen Second People’s Hospital (Approval No. SZPH-2023–089), and all such data were de-identified prior to analysis and handled in accordance with institutional ethical requirements. Three major traffic types were generated in NS-3 3.36, including real-time monitoring traffic, medical image transmission traffic, and control-command traffic. In addition, 18 medical-specific attack types were implemented according to the MITRE ATT&CK for ICS medical sub-framework. The evaluation protocol covered security, performance, and reliability indicators, and statistical significance was assessed using independent-sample t-tests with α = 0.05.

Research the configuration of an intelligent monitor with an 8-core CPU and 32GB of memory to support the data processing requirements for real-time vital sign monitoring;The surgical robot node uses a 32 core CPU and 128GB of memory to meet the computing power requirements for 4K image rendering and robotic arm control. The gradient design of network bandwidth restores the business isolation characteristics of 5G slicing networks, and the 10GbE interface of the edge gateway ensures low latency transmission of emergency instructions. According to Table 4, the drug traceability terminal adopts a low-power configuration of 2-core CPU and 8GB memory to verify the resource constraint characteristics of IoT devices. The surgical robot node with 280W power consumption reveals the heat dissipation challenges of high computing power devices, providing optimization goals for dynamic resource scheduling algorithms. This configuration system establishes a multidimensional testing benchmark for subsequent attack simulations, and its device size and parameter gradient design directly affect the effectiveness verification of attack vectors.

thumbnail
Table 4. Configuration of medical equipment simulation cluster.

https://doi.org/10.1371/journal.pone.0348572.t004

Research has shown that ECG signal injection attacks simulate data pollution of cardiac monitoring devices at a rate of 12.5kpps, and the 0.25KB small load feature tests the accuracy of abnormal flow detection. The success rate of DICOM protocol vulnerability attacks was 95.4%, exposing design flaws in the protocol parsing layer of medical imaging systems and matching the standard DICOM header structure with a 1.0KB payload. The command hijacking attack of the ventilator achieved a penetration rate of 99.1% within 90 seconds, verifying the critical protection requirements of the life support system. According to Table 5, the drug traceability chain tampering attack uses a 0.8KB payload and a duration of 240 seconds to simulate the covert characteristics of supply chain attacks. Surgical path interference attack with a 2.5KB large payload design, aimed at disrupting the integrity of robot control instructions. These attack parameters are based on the MITRE ATT&CK medical threat framework, and their rate, payload, and success rate indicators provide adversarial benchmarks for defense effectiveness evaluation, while driving robustness testing of network topology.

thumbnail
Table 5. Network attack simulation parameters.

https://doi.org/10.1371/journal.pone.0348572.t005

The study demonstrated the 1.24ms latency and 78.9% bandwidth utilization of edge gateways, reflecting the ability of near end computing resources to be diverted. The stability of network slicing technology under sudden traffic is verified by the 4.78ms latency and 85.2% utilization of 5G base stations, and the maximum connection count of 1200 meets the concurrent access requirements of mobile emergency vehicles. The 8.92ms latency and 91.7% utilization rate of medical IoT terminals reflect the transmission bottleneck of resource constrained devices, providing a basis for the design of lightweight encryption algorithms (Fig 7). According to Table 6, the block chain consensus nodes achieve fast synchronization of defense strategies with a 2.34ms latency, and the 73.6% bandwidth utilization rate shows that the communication overhead of the distributed ledger is controllable. Verify the elastic scalability of the hybrid cloud architecture with a maximum connection count of 50000 and a latency of 0.98ms in the cloud data center. These indicators establish a hierarchical network performance baseline, providing underlying support for real-time transmission optimization and attack interception.

thumbnail
Table 6. Network topology performance indicators.

https://doi.org/10.1371/journal.pone.0348572.t006

thumbnail
Fig 7. Comparison of network performance in different scenarios.

https://doi.org/10.1371/journal.pone.0348572.g007

4.3 Case analysis

4.3.1 Case 1: Dynamic defense deployment of regional medical alliance.

The regional medical alliance scenario involved three tertiary hospitals, 28 county-level hospitals, and 200 primary clinics, with approximately 150,000 remote medical requests per day. Before deployment, the system mainly relied on static defense mechanisms and had experienced an 11-hour ransomware-related service interruption in 2023.

After deployment, the proposed framework substantially improved security and service continuity in this scenario. As summarized in Table 7, the DDoS attack blocking rate increased from 68.5% to 99.3%, zero-day attack detection latency decreased from 2.4 s to 0.8 s, and medical image encryption throughput increased from 120 Mbps to 450 Mbps. In addition, latency for time-sensitive services such as ECG diagnosis remained within 35 ms during the observation period.

thumbnail
Table 7. Comparison of safety efficiency improvement.

https://doi.org/10.1371/journal.pone.0348572.t007

These results suggest that the framework can improve attack response, secure transmission, and cross-institutional service stability under the evaluated conditions. Detailed resource and maintenance improvements are reported in Tables 8 and Fig 8 and are not repeated here for brevity.

thumbnail
Table 8. Comparison of resource optimization.

https://doi.org/10.1371/journal.pone.0348572.t008

thumbnail
Fig 8. Comparison of CPU utilization and memory consumption.

https://doi.org/10.1371/journal.pone.0348572.g008

Research shows that the average repair time for faults has been compressed from 4.2 hours to 0.8 hours, relying on real-time visualization of threat maps and root cause localization algorithms. The strategy configuration time has been reduced by 82.9%, thanks to the declarative policy language and automated orchestration engine (Fig 9). The efficiency of log analysis has been improved by 275%, relying on GPU accelerated temporal pattern mining and correlation analysis. The reduction of 84.2% in threat response through manual intervention reflects the reconstruction of security operation processes by intelligent decision-making systems. According to Table 9, the coverage rate of vulnerability scanning has increased to 99.8%, with a hybrid detection mode combining active detection and passive traffic analysis. Breakthrough of 92% accuracy in equipment failure prediction, based on LSTM neural network for early warning of equipment logs. These indicators validate the breakthroughs of the dynamic defense system in operational automation and intelligence, which directly reduces operational labor costs and provides management support for accelerating emergency response by improving efficiency.

thumbnail
Table 9. Analysis of efficiency improvement in operations and maintenance.

https://doi.org/10.1371/journal.pone.0348572.t009

thumbnail
Fig 9. Comparison of strategy switching time and blockchain consensus efficiency.

https://doi.org/10.1371/journal.pone.0348572.g009

4.3.2 Case 2: Emergency ambulance 5G intelligent protection system.

The emergency scenario involved 50 5G-connected ambulances deployed across 11 cities in the Guangdong-Hong Kong-Macao Greater Bay Area, where real-time transmission of 4K surgical guidance video and multi-parameter vital-sign data was required. In the original system, man-in-the-middle attacks in complex traffic environments, including bridge, expressway, and tunnel sections, led to three incidents of ECG signal tampering and exposed major risks to patient transport safety. After deployment of the proposed dynamic defense system, a collaborative protection architecture linking ambulances, traffic corridors, and emergency cloud services was established. During the 18-month observation period, the system intercepted 127 cross-city wireless attacks, while keeping the end-to-end encryption latency of 4K video streams within 12 ms. The success rate of emergency command transmission increased from 95.6% to 99.99%, and the service interruption rate in tunnels and low-signal mountainous areas decreased from 15.3% to 0.4%. These results suggest that the proposed framework can support reliable data transmission and service continuity in complex mobile emergency environments.

Across the evaluated emergency transport scenarios, the proposed system maintained high command transmission reliability despite substantial variation in signal quality, interference intensity, and mobility conditions. As shown in Table 10, transmission performance was strongest in relatively stable environments such as expressways and the internal network of the emergency center, whereas latency increased and throughput decreased in more challenging conditions, including rainstorm weather, strong electromagnetic interference zones, and low-signal mountainous areas. Even under these unfavorable conditions, the system preserved a high instruction success rate, suggesting that the joint use of adaptive bandwidth allocation, protocol switching, and error-control mechanisms can support robust communication continuity in mobile emergency settings. The relationship between encryption throughput and anti-interference capability is further illustrated in Fig 10, while the latency differences across representative scenarios are summarized in Fig 11. Overall, these results indicate that the proposed framework can sustain secure and responsive 5G ambulance communication under heterogeneous field conditions.

thumbnail
Table 10. Real time transmission performance indicators.

https://doi.org/10.1371/journal.pone.0348572.t010

thumbnail
Fig 10. Relationship between throughput and anti-interference level in different scenarios.

https://doi.org/10.1371/journal.pone.0348572.g010

thumbnail
Fig 11. Comparison of video transmission delay in different scenarios.

https://doi.org/10.1371/journal.pone.0348572.g011

The results in Table 11 show that the proposed defense framework achieved consistently high detection performance across multiple attack categories relevant to mobile emergency care, while keeping false alarm rates at a low level. In particular, attacks targeting vital-sign integrity, video transmission, and wireless access were detected with high accuracy, indicating that the framework can respond effectively to both data-oriented and communication-oriented threats in ambulance networks. The variation in blocking latency across attack types also suggests that response efficiency depends on attack complexity and detection pathway, with simpler replay or poisoning patterns being mitigated more rapidly than attacks involving deeper edge-side penetration or signal deception. Taken together, these findings support the view that the proposed system can provide stable threat detection and timely intervention in complex cross-city emergency environments under the evaluated conditions.

As summarized in Table 12, the security improvements introduced by the proposed framework were accompanied by broader gains in emergency service support capability. The observed reductions in response time and surgical instruction delay, together with improvements in complete vital-sign transmission, video consultation quality, and wireless signal stability, indicate that stronger cybersecurity can be achieved without sacrificing operational efficiency in this setting. In addition, the improvements in cross-departmental collaboration and equipment failure warning suggest that the framework may also enhance coordination and system resilience during emergency transport. However, these results should be interpreted as improvements in technical reliability and workflow continuity rather than as direct evidence of improved clinical outcomes, which would require separate clinical evaluation under controlled conditions.

thumbnail
Table 12. Improvement of emergency treatment efficiency.

https://doi.org/10.1371/journal.pone.0348572.t012

5 Discussions

The proposed dynamic defense system shows clear advantages in attack detection, response efficiency, and resource optimization under the evaluated medical scenarios. Its central contribution lies in the RL-driven adaptive defense strategy, which is specifically tailored to medical environments by incorporating clinical service priority, device criticality, and latency constraints into the state-action-reward design. Compared with traditional static defense schemes, the proposed framework reduces zero-day attack detection latency from 2.4 s to 0.8 s and improves the blocking rate of representative attacks in the tested scenarios. Compared with general RL-based defense frameworks, it also achieves lower core service latency and better resource utilization through medically constrained strategy optimization. Supporting components, including blockchain-based verification and FPGA acceleration, further improve trusted coordination and deployment efficiency.

At the same time, the reported improvements should be interpreted within the scope of the evaluated scenarios (Table 13). The proposed framework is intended to provide a secure and stable technical support layer for remote medical services rather than to establish direct causal effects on clinical outcomes. In this sense, improvements in attack blocking, transmission stability, and workflow continuity may support medical operations, but they should not be interpreted as direct evidence of improved diagnosis accuracy, reduced misdiagnosis, or improved patient survival. The practical value of the framework therefore lies in strengthening the security, resilience, and operational continuity of remote medical systems.

A key practical concern is whether stronger cybersecurity can be achieved without compromising clinical safety. In the proposed system, the RL strategy is trained and validated before deployment, while post-deployment updates rely on offline recalibration rather than in-service experimentation. Core services can revert to static defense during low-traffic windows, and blockchain verification, distributed storage, and FPGA acceleration jointly reduce component-level risks. Across the reported observation period, the system maintained stable operation under representative high-risk attack conditions.

The main contribution of this study is the medically tailored integration of RL-driven adaptive defense, blockchain-based trust verification, and FPGA-assisted acceleration within a single closed-loop framework. Compared with conventional alternatives, the proposed system achieves stronger attack blocking, lower detection latency, and better resource efficiency under the evaluated conditions. Its practical value lies in balancing security performance with real-time service requirements, while remaining transparent in design, reproducible in implementation, and explicit about current deployment limitations.

6 Limitations and generalizability

Several limitations should be considered when interpreting the present findings. First, although the framework was evaluated in two representative medical scenarios—a regional medical alliance and a 5G-enabled emergency ambulance system—the reported results may not generalize directly to all telemedicine infrastructures, especially those with substantially different network architectures, device compositions, or operational constraints. Second, the evidence in this study includes both simulation-based evaluation and deployment-based observations; therefore, not all reported performance indicators originate from the same level of real-world validation. Third, the current implementation depends on specific hardware and software conditions, including FPGA support, sufficient edge-side computing resources, and the adopted software stack, which may limit immediate deployment in highly resource-constrained medical environments. Fourth, although additional scalability analysis was performed, the blockchain-based verification mechanism may require hierarchical optimization when the node scale increases beyond the tested range. Fifth, the adversary model in this study covers 18 medical-specific cyberattacks but does not include physical tampering, quantum cryptanalysis, or nation-state-level attacks. In addition, legacy devices with limited protocol compatibility may reduce deployment flexibility in real clinical settings. Future work will therefore focus on broader multi-site validation, robustness under degraded sensing and communication conditions, lightweight deployment for constrained devices, and expanded threat modeling for more complex attack environments.

7 Conclusion and prospect

This study proposes a dynamic defense framework for remote medical systems driven by medical big models. Its core contribution is an RL-based adaptive defense strategy tailored to medical scenarios, supported by privacy-enhanced model protection, blockchain-based verification, and FPGA acceleration. Under the evaluated conditions, the framework improves zero-day attack blocking, reduces detection latency and CPU utilization, and maintains core clinical service latency within acceptable bounds, demonstrating a practical balance among security, efficiency, and real-time medical service requirements.

The results from the regional medical alliance and emergency ambulance scenarios support the effectiveness of the proposed framework in representative telemedicine environments. However, its current implementation still faces limitations in extreme network conditions, large-scale consensus expansion, and deployment on highly resource-constrained devices. Future work will focus on lightweight RL optimization, hierarchical trust coordination, and improved robustness against emerging attack types, with the goal of enhancing generalizability across more diverse medical systems and operational settings.

Supporting information

S1 File. The Raw Date.zip file contains all the de-identified raw data used in this study.

https://doi.org/10.1371/journal.pone.0348572.s001

(ZIP)

References

  1. 1. Wissawaswaengsuk P, Kumar P, Frank B, Badir YF. The role of trust as the facilitator and contingency factor in the adoption of digital healthcare services: a telemedicine context. Comp Human Behav. 2025;172:108722.
  2. 2. Gilson T, Stewart C, Hodgson D. Telehealth in mental health social work: benefits and limitations within practice. Australian Social Work. 2024;78(3):261–73.
  3. 3. Al-Emran M, Al-Qaysi N, Al-Sharafi MA, Alhadawi HS, Ansari H, Arpaci I, et al. Factors shaping physicians’ adoption of telemedicine: a systematic review, proposed framework, and future research agenda. Inter J Human–Computer Inter. 2024;41(13):8495–514.
  4. 4. Bettencourt AP, Davis TM, Aryal S, Rhodes J, Johnston MJ, Wegryn C, et al. Using implementation science to understand barriers to telemedicine use for burn care during a crisis. J Burn Care Res. 2025;46(6):1171–8. pmid:40599041
  5. 5. Ebraheem S, Manzour AF, Elbokl A, Emara T, Houssinie ME, Al-Tehewy MM. Development of key performance indicators for a telemedicine setting in Egypt using an electronic modified Delphi approach. BMC Health Serv Res. 2025;25(1):868. pmid:40598375
  6. 6. Hon J, Booker R, Breeze J. Military maxillofacial trauma referrals to the royal centre for defence medicine, uk: benefits of a telemedicine referral pathway. Inter J Oral Maxillofacial Surgery. 2025;54:378.
  7. 7. Sainimnuan S, Preedachitkul R, Petchthai P, Paokantarakorn Y, Siriussawakul A, Srinonprasert V. Low prevalence of adequate ehealth literacy and willingness to use telemedicine among older adults: cross-sectional study from a middle-income country. J Med Internet Res. 2025;27:e65380. pmid:40591893
  8. 8. Kobeissi MM, Manning CA. ACCESS enabled: more equitable telehealth for people with disabilities. J Nurse Pract. 2025;21(8):105451.
  9. 9. Kose U, Deperlioglu O, Alzubi J, Patrut B. Deep learning for medical decision support systems. Springer; 2020.
  10. 10. Kose U, Alzubi J. Deep learning for cancer diagnosis. Springer; 2021.
  11. 11. Crowley RJ, Lally JS, Kline DM, Bunting AM. Geospatial analysis of telemedicine physicians in the United States. Telemed J E Health. 2025;31(11):1393–7. pmid:40567152
  12. 12. Sorajja N, Zheng J, Jariwala S. Exploring the relationship between digital health literacy and patterns of telemedicine engagement and appointment attendance within an urban academic hospital. Appl Clin Inform. 2025;16(5):1695–708. pmid:40555402
  13. 13. Kenyon M, Ream E, Taylor C. Telemedicine using telephone for consultation in haemato‐oncology and haematopoietic stem cell transplantation: a realist review. Euro J Cancer Care. 2025;2025(1).
  14. 14. Grewal H, Dhillon G, Buddhavarapu V, Verma RK, Munjal RS, Sharma P, et al. Strategic insights of telehealth platforms and strengths, weaknesses, opportunities, and threats analysis of Amazon’s clinical endeavors. World J Methodol. 2025;15(2):98513. pmid:40548215
  15. 15. Younis EA, El-Shenawy AK, Abdo SAE. Knowledge, attitude, and practice regarding telemedicine among physicians and employees at Tanta University Hospitals, Egypt. J Egyptian Public Health Assoc. 2025;100(1):13.
  16. 16. Saperas Pérez C, Sequeira Aymar E, Barlam Torres N. Telemedicine and access to healthcare: advantages and disadvantages in the digital era. Aten Primaria. 2025;57(10):103258. pmid:40532389
  17. 17. Sternschuss M, Lattanzi M, Vertosick E, Austria M, Martin S, Regazzi A, et al. Quality of informed consent via telemedicine compared with in-person for clinical cancer research. JCO Oncol Pract. 2026;22(3):493–501. pmid:40523205
  18. 18. Tshiamala D, Tartibu L. Telemedicine queuing system study: integrating queuing theory, artificial neural networks (ANNs) and particle swarm optimization (PSO). App Scis. 2025;15(11):6349.
  19. 19. Kim M, Park HJ. Quantum-resilient security for 6G networks: a comprehensive survey on challenges, solutions, and research opportunities. J Supercomput. 2025;81(9):1086.
  20. 20. Adler L, Vered S, Amran MM, Zacay G, Bar-Ratson E, Cohen B, et al. The effect of telemedicine on preventive medicine- a case from Israel. Isr J Health Policy Res. 2025;14(1):31. pmid:40457339
  21. 21. Zhigang M, Ying C, Tao W. Optimization of computer network security system based on improved neural network algorithm and low energy data search. Results Eng. 2025;27:105876.
  22. 22. Zhen L. Network security traffic detection and legal supervision based on adaptive metric learning algorithm. Results Eng. 2025;27:105877.
  23. 23. Zhao D, Song H, Zeng S. SDT-CNN-based network security situation awareness. J Inform Sec Appl. 2025;93:104122.
  24. 24. Ferraro A, Orlando GM, Russo D. Generative agent-based modeling with large language models for insider threat detection. Eng Appl Artificial Intelligence. 2025;157:111343.
  25. 25. Ar S, Katiravan J. Enhancing anomaly detection and prevention in Internet of Things (IoT) using deep neural networks and blockchain based cyber security. Sci Rep. 2025;15(1):22369. pmid:40593899
  26. 26. Zahid M, Bharati TS. Enhancing cybersecurity in IoT systems: a hybrid deep learning approach for real-time attack detection. Discov Internet Things. 2025;5(1).
  27. 27. Verma A, Shri C. Cyber security: a review of cyber crimes, security challenges and measures to control. Vision: J Business Persp. 2022;29(4):478–92.
  28. 28. Mandal SK, Marandi AK, Gandhi J, Loonkar S, Dey P, Kaur S. Novel ML-driven intrusion detection system for optimizing network security. Expert Systems with Applications. 2025;292:128621.
  29. 29. Oh SK. Proposal for a Korean pediatric tele-emergency medicine model based on the study by Fogelson et al. Am J Emerg Med. 2025;95:284. pmid:40533312
  30. 30. Dabboussi AH, Yousuf I, Bullock H, Jacob N, Mago V, El Morr C. Utilizing large language models to monitor social media for disability: an analysis of sentiment and disability models in tweets. Stud Health Technol Inform. 2025;327:1305–6. pmid:40380716
  31. 31. Dasappa H, Lakshmi TA, Fathima FN, Reji E, Hudson J, Kiran M. Evaluation of student’s performance on biopsychosocial model-Three-stage assessment using e-learning platform in a distant education program in family medicine. J Family Med Prim Care. 2025;14(5):1825–32. pmid:40547721
  32. 32. Abugabah A. An intelligent medical model for classification of brain tumours and stroke lesions using machine learning in healthcare for resource-constrained devices. SN Comput Sci. 2025;6(5).
  33. 33. Haque SBU, Zafar A, Haq SRU, Haque SMU, Ahmad M, Roshan K. Threats to medical diagnosis systems: analyzing targeted adversarial attacks in deep learning-based COVID-19 diagnosis. Soft Comput. 2025;29(3):1879–96.
  34. 34. Chetouane A, Karoui K. New continual federated learning system for intrusion detection in SDN‐based edge computing. Concurr Comput. 2024;37(2).
  35. 35. Zou B, Wang Y, Liu C, Dai M, Du Q, Zhu X. Generation of security system defense strategies based on evolutionary game theory. Nuclear Eng Tech. 2024;56(9):3463–71.
  36. 36. An L, Qiu J, Zhang H, Liu C. Design of distributed network intrusion prevention system based on Spark and P2DR models. Cluster Comput. 2024;27(8):10757–76.
  37. 37. Vinta SR, Patel SA, Sameen AZ, Soni M, Khan DIR, Salman HM. Dynamic defense model against eclipse attacks in proof-of-work blockchain systems. Procedia Comp Sci. 2024;235:1202–12.
  38. 38. Wang B, Yue X, Liu Y, Hao K, Li Z, Zhao X. A Dynamic trust model for underwater sensor networks fusing deep reinforcement learning and random forest algorithm. Appl Sci. 2024;14(8):3374.
  39. 39. Sani M-A, Rajput S, Keizer DW, Separovic F. NMR techniques for investigating antimicrobial peptides in model membranes and bacterial cells. Methods. 2024;224:10–20. pmid:38295893
  40. 40. Liu X, Shi L. A dynamic game model for assessing risk of coordinated physical-cyber attacks in an AC/DC hybrid transmission system. Front Energy Res. 2023;10.