To address the challenges of malware detection in resource-constrained Internet of Medical Things (IoMT) devices under non-independent and identically distributed (Non-IID) data, this paper proposes a lightweight split learning framework integrating image-based malware representation, edge-coordinated training, and game-theoretic joint optimization. Unlike conventional federated learning (FL), the framework partitions the model between clients and edge servers, substantially reducing communication overhead and local computational burden while preserving data privacy. It pioneers the application of split learning to IoMT security and introduces a novel game-theoretic formulation to jointly optimize resource allocation and convergence efficiency. Experimental results demonstrate that, compared to state-of-the-art FL approaches, the proposed framework achieves a 6.35% improvement in accuracy, a 5.03% gain in F1-score, a 14.96% acceleration in convergence speed, and a 33.83% reduction in resource consumption.

The rapid growth of Internet of Medical Things (IoMT) devices has resulted in significant security risks, particularly the risk of malware attacks on resource-constrained devices. Conventional deep learning methods are impractical due to resource limitations, while Federated Learning (FL) suffers from high communication overhead and vulnerability to non-IID (heterogeneous) data. In this paper, we propose a split learning (SL) based framework for IoT malware detection through image-based classification. By dividing the neural network training between the clients and an edge server, the framework reduces computational burden on resource-constrained clients while ensuring data privacy. We formulate a joint optimization problem that balances computation cost and communication efficiency by using a game-theoretic approach for attaining better training performance. Experimental evaluations show that the proposed framework outperforms popular FL methods in terms of accuracy (+6.35%), F1-score (+5.03%), high convergence speed (+14.96%), and less resource consumption (33.83%). These results establish the potential of SL as a scalable and secure paradigm for next-generation IoT security.