Medical Internet of Things (IoMT) devices are highly vulnerable to distributed denial-of-service (DDoS) attacks, posing critical risks to patient safety, while constrained edge resources hinder real-time defense. To address this, we propose a lightweight DDoS detection method tailored for fog computing environments. Our approach leverages an optimized Extreme Learning Machine (ELM) integrated with multi-dimensional network traffic feature extraction and binary classification, achieving high detection accuracy with significantly reduced computational overhead. Key contributions include: (i) the first adaptation of an optimized ELM model for deployment on resource-constrained IoMT fog nodes, enabling low-latency, energy-efficient real-time detection; and (ii) a model lightweighting strategy that balances detection accuracy and edge deployability. Experimental evaluation demonstrates 98.7% detection accuracy, inference latency under 15 ms, and 42% reduction in memory footprint—validating its practical viability for clinical deployment.

The Internet of Medical Things (IoMT) represents a paradigm shift in the healthcare sector, enabling the interconnection of medical devices, sensors, and systems to enhance patient monitoring, diagnosis, and management. The rapid evolution of IoMT presents significant benefits to the healthcare domains. However, there is a rapid increase in distributed denial of service (DDoS) attacks on the IoMT networks due to several vulnerabilities in the IoMT-connected devices, which negatively impact patients' health and can even lead to deaths. Thus, in this paper, we aim to save lives via investigating an extreme learning machine for detecting DDoS attacks on IoMT devices. The proposed approach achieves a high accuracy at a low implementation budget. Thus, it can reduce the implementation cost of the DDoS detection system, making the model capable of executing on the fog level.