Medical Internet of Things (IoMT) systems face critical security challenges, including data sensitivity, wireless channel eavesdropping/manipulation, device anomalies, poor interpretability of existing machine learning–based intrusion detection methods, and insufficient privacy preservation. To address these, this paper proposes the first intrusion detection framework integrating federated learning (FL) and eXplainable Artificial Intelligence (XAI). The framework enables high-accuracy, end-to-end privacy-preserving anomaly detection without requiring patient data to leave local devices, while delivering transparent, clinically trustworthy decision explanations. Evaluated on multi-source IoMT physiological datasets and realistic attack scenarios, it achieves over 98% detection accuracy—matching centralized models in performance. Its key innovation lies in the first synergistic co-design of FL and XAI, simultaneously satisfying stringent security, privacy, interpretability, and clinical ethical requirements.

The Internet of Medical Things (IoMT) transcends traditional medical boundaries, enabling a transition from reactive treatment to proactive prevention. This innovative method revolutionizes healthcare by facilitating early disease detection and tailored care, particularly in chronic disease management, where IoMT automates treatments based on real-time health data collection. Nonetheless, its benefits are countered by significant security challenges that endanger the lives of its users due to the sensitivity and value of the processed data, thereby attracting malicious interests. Moreover, the utilization of wireless communication for data transmission exposes medical data to interception and tampering by cybercriminals. Additionally, anomalies may arise due to human error, network interference, or hardware malfunctions. In this context, anomaly detection based on Machine Learning (ML) is an interesting solution, but it comes up against obstacles in terms of explicability and privacy protection. To address these challenges, a new framework for Intrusion Detection Systems is introduced, leveraging Artificial Neural Networks for intrusion detection while utilizing Federated Learning (FL) for privacy preservation. Additionally, eXplainable Artificial Intelligence methods are incorporated to enhance model explanation and interpretation. The efficacy of the proposed framework is evaluated and compared with centralized approaches using multiple datasets containing network and medical data, simulating various attack types impacting the confidentiality, integrity, and availability of medical and physiological data. The results obtained offer compelling evidence that the FL method performs comparably to the centralized method, demonstrating high performance. Additionally, it affords the dual advantage of safeguarding privacy and providing model explanation while adhering to ethical principles.