pith. sign in

arxiv: 2604.03205 · v1 · submitted 2026-04-03 · 💻 cs.CR · cs.LG

A Tsetlin Machine-driven Intrusion Detection System for Next-Generation IoMT Security

Rahul Jaiswal , Per-Arne Andersen , Linga Reddy Cenkeramaddi , Lei Jiao , Ole-Christoffer Granmo This is my paper

Pith reviewed 2026-05-13 19:26 UTC · model grok-4.3

classification 💻 cs.CR cs.LG
keywords Tsetlin MachineIntrusion detectionIoMTCybersecurityInterpretabilityMedical devicesPropositional logic
0
0 comments X

The pith

A Tsetlin Machine intrusion detection system identifies cyberattacks on medical device networks at 99.5 percent binary accuracy.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a Tsetlin Machine as the basis for an intrusion detection system tailored to Internet of Medical Things networks. It models attack patterns through propositional logic clauses and shows the resulting system beats standard machine learning classifiers on a dataset that covers multiple IoMT protocols and attack categories. The model also supplies vote scores and clause heatmaps so operators can see which patterns drove each classification. A reader would care because IoMT devices transmit patient data and control life-critical equipment, making reliable yet understandable threat detection directly relevant to safety.

Core claim

The Tsetlin Machine-based IDS achieves 99.5 percent accuracy in binary classification and 90.7 percent in multi-class classification on the CICIoMT-2024 dataset, surpassing existing state-of-the-art approaches, while supplying class-wise vote scores and clause activation heatmaps that reveal the dominant patterns behind each decision.

What carries the argument

Tsetlin Machine, a rule-based learner that encodes attack patterns as propositional logic clauses and decides via weighted clause voting.

If this is right

  • IoMT networks gain a detection method whose decisions can be inspected clause by clause rather than treated as black boxes.
  • Security teams can trace which specific traffic features trigger alerts and adjust defenses accordingly.
  • The same clause-learning approach can be applied to other IoT environments that require both high accuracy and auditability.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Tsetlin Machine models may prove useful for anomaly detection in any safety-critical network where regulatory requirements demand explainable decisions.
  • Clause heatmaps could serve as a starting point for automated rule generation that security engineers refine manually.

Load-bearing premise

The CICIoMT-2024 dataset and its attack distributions match the traffic patterns and threat landscape that appear in real operational IoMT deployments.

What would settle it

Running the trained model on live IoMT traffic from a hospital network that includes previously unseen attack variants and measuring whether multi-class accuracy falls below 85 percent.

Figures

Figures reproduced from arXiv: 2604.03205 by Lei Jiao, Linga Reddy Cenkeramaddi, Ole-Christoffer Granmo, Per-Arne Andersen, Rahul Jaiswal.

Figure 1
Figure 1. Figure 1: A simple illustration of IoMT working in healthcare. [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The overall architecture of the proposed TM-based IDS. [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Class imbalance in Scenario 1: Binary classification. [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Balanced training class in Scenario 1. 2) Classifier Training: The numerical features are standard￾ized to a common scale having zero mean and unit standard deviation. It improves training stability and enhances model performance and fairness by giving equal importance to all features. Since the TM model operates on binary inputs and learns logical rules, the standardized features are discretized into inte… view at source ↗
Figure 6
Figure 6. Figure 6: Class-wise votes of a Benign sample in Scenario 1. [PITH_FULL_IMAGE:figures/full_fig_p006_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Clause activation heatmap of the same Benign sample. [PITH_FULL_IMAGE:figures/full_fig_p006_7.png] view at source ↗
Figure 11
Figure 11. Figure 11: It shows that the TM model achieves high classifi [PITH_FULL_IMAGE:figures/full_fig_p006_11.png] view at source ↗
Figure 8
Figure 8. Figure 8: Class imbalance in Scenario 2: Multi-class (six-class) classification. [PITH_FULL_IMAGE:figures/full_fig_p006_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Balanced training class in Scenario 2. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Epochs 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 0.40 0.45 0.50 0.55 0.60 0.65 0.70 0.75 0.80 0.85 0.90 0.95 1.00 1.05 Accuracy Training Accuracy Testing Accuracy [PITH_FULL_IMAGE:figures/full_fig_p007_9.png] view at source ↗
Figure 13
Figure 13. Figure 13: Clause activation heatmap of the same Recon sample. [PITH_FULL_IMAGE:figures/full_fig_p007_13.png] view at source ↗
Figure 14
Figure 14. Figure 14: SMOTE is applied to balance the training data for the [PITH_FULL_IMAGE:figures/full_fig_p007_14.png] view at source ↗
Figure 15
Figure 15. Figure 15: Class-wise votes of a Benign sample in Scenario 3. [PITH_FULL_IMAGE:figures/full_fig_p008_15.png] view at source ↗
Figure 16
Figure 16. Figure 16: Class-wise votes of a DDoS sample in Scenario 3. [PITH_FULL_IMAGE:figures/full_fig_p008_16.png] view at source ↗
read the original abstract

The rapid adoption of the Internet of Medical Things (IoMT) is transforming healthcare by enabling seamless connectivity among medical devices, systems, and services. However, it also introduces serious cybersecurity and patient safety concerns as attackers increasingly exploit new methods and emerging vulnerabilities to infiltrate IoMT networks. This paper proposes a novel Tsetlin Machine (TM)-based Intrusion Detection System (IDS) for detecting a wide range of cyberattacks targeting IoMT networks. The TM is a rule-based and interpretable machine learning (ML) approach that models attack patterns using propositional logic. Extensive experiments conducted on the CICIoMT-2024 dataset, which includes multiple IoMT protocols and cyberattack types, demonstrate that the proposed TM-based IDS outperforms traditional ML classifiers. The proposed model achieves an accuracy of 99.5\% in binary classification and 90.7\% in multi-class classification, surpassing existing state-of-the-art approaches. Moreover, to enhance model trust and interpretability, the proposed TM-based model presents class-wise vote scores and clause activation heatmaps, providing clear insights into the most influential clauses and the dominant class contributing to the final model decision.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The manuscript proposes a Tsetlin Machine (TM)-based intrusion detection system for IoMT networks. It models attack patterns using propositional logic and evaluates the approach on the CICIoMT-2024 dataset, reporting 99.5% accuracy for binary classification and 90.7% for multi-class classification while claiming to outperform traditional ML classifiers. The work additionally provides interpretability via class-wise vote scores and clause activation heatmaps.

Significance. If the reported performance gains are confirmed under standard validation protocols, the work offers a concrete example of an interpretable, rule-based ML method applied to a high-stakes domain. The emphasis on clause-level explanations is a potential strength for medical IoT security, where model trust matters.

major comments (1)
  1. [Experimental Evaluation] Experimental Evaluation section: the central performance claims (99.5% binary, 90.7% multi-class accuracy and outperformance of SOTA) rest on comparisons whose baselines, hyperparameter search procedure, cross-validation strategy, and error analysis are not described in sufficient detail to allow verification or reproduction.
minor comments (1)
  1. [Abstract] The abstract states that the TM 'outperforms traditional ML classifiers' without naming the specific classifiers or providing the corresponding metric values in the same paragraph.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the detailed review and constructive feedback on our manuscript. We address the single major comment below and will revise the manuscript to improve the clarity and reproducibility of the experimental evaluation.

read point-by-point responses

  1. Referee: [Experimental Evaluation] Experimental Evaluation section: the central performance claims (99.5% binary, 90.7% multi-class accuracy and outperformance of SOTA) rest on comparisons whose baselines, hyperparameter search procedure, cross-validation strategy, and error analysis are not described in sufficient detail to allow verification or reproduction.

    Authors: We agree that the Experimental Evaluation section requires additional detail to support independent verification. In the revised manuscript we will expand this section to explicitly list all baseline classifiers together with their library versions and hyperparameter ranges; describe the hyperparameter search procedure as a grid search conducted on a held-out validation split; specify the cross-validation protocol as stratified 5-fold cross-validation to preserve class distributions; and include a dedicated error-analysis subsection containing confusion matrices, per-class F1 scores, and a brief discussion of misclassified samples. These additions will directly substantiate the reported 99.5 % binary and 90.7 % multi-class accuracies as well as the outperformance claims relative to the baselines. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper reports empirical results from training and evaluating a Tsetlin Machine IDS on the external CICIoMT-2024 dataset, with stated accuracies of 99.5% (binary) and 90.7% (multi-class). No derivation, equation, or parameter is defined in terms of the target metric; the central claims rest on standard supervised learning against a named public benchmark rather than any self-referential construction, fitted-input prediction, or load-bearing self-citation chain. The interpretability features (vote scores, heatmaps) are post-hoc outputs of the trained model and do not alter the empirical grounding.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The central claim rests on standard assumptions that Tsetlin Machines can capture attack patterns via propositional logic and that the chosen dataset is representative; no new entities are postulated.

free parameters (1)
  • Tsetlin Machine hyperparameters (clauses, threshold, etc.)
    These control model capacity and are typically tuned on the training data to achieve the reported accuracies.
axioms (1)
  • domain assumption Tsetlin Machine propositional logic rules can effectively model diverse IoMT attack patterns
    Invoked when proposing TM as the core detection mechanism.

pith-pipeline@v0.9.0 · 5515 in / 1223 out tokens · 44002 ms · 2026-05-13T19:26:18.479652+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

22 extracted references · 22 canonical work pages

  1. [1]

    Internet of Medical Things (IoMT): Overview, Emerging Technologies, and Case Studies,

    S. Razdan and S. Sharma, “Internet of Medical Things (IoMT): Overview, Emerging Technologies, and Case Studies,”IETE Technical Review, vol. 39, no. 4, pp. 775–788, 2022

    work page 2022

  2. [2]

    Internet of Medical Things Market Report (2025-2030)

    “Internet of Medical Things Market Report (2025-2030).” [On- line]. Available: https://www.grandviewresearch.com/industry-analysis/ internet-of-medical-things-iomt-market-report

    work page 2025

  3. [3]

    Global Threat Report 2025

    “Global Threat Report 2025.” [Online]. Available: https://www. crowdstrike.com/en-us/global-threat-report/

    work page 2025

  4. [4]

    Security of Things Intrusion Detection System for Smart Healthcare,

    C. Iwendi, J. H. Anajemba, C. Biamba, and D. Ngabo, “Security of Things Intrusion Detection System for Smart Healthcare,”Electronics, vol. 10, no. 12, pp. 1–27, 2021

    work page 2021

  5. [5]

    A 360-Degree Review of Tsetlin Machines: Concepts, Applications, Analysis, and the Future,

    S. Kundu, S. S. Patkar, S. M. Mishra, G. Trivedi, and F. Merchant, “A 360-Degree Review of Tsetlin Machines: Concepts, Applications, Analysis, and the Future,”IEEE TechRxiv, pp. 1–23, 2025

    work page 2025

  6. [6]

    The Tsetlin Machine–A Game Theoretic Bandit Driven Approach to Optimal Pattern Recognition with Propositional Logic,

    O.-C. Granmo, “The Tsetlin Machine–A Game Theoretic Bandit Driven Approach to Optimal Pattern Recognition with Propositional Logic,” arXiv preprint arXiv:1804.01508, pp. 1–42, 2018

    work page arXiv 2018

  7. [7]

    Behavior Rule Specification-based Intrusion Detection for Safety Critical Medical Cyber Physical Systems,

    R. Mitchell and R. Chen, “Behavior Rule Specification-based Intrusion Detection for Safety Critical Medical Cyber Physical Systems,”IEEE Trans. on Dependable & Secure Comp., vol. 12, no. 1, pp. 16–30, 2014

    work page 2014

  8. [8]

    Signature-based Intrusion Detection System for IoT,

    B. Nawaal, U. Haider, I. U. Khan, and M. Fayaz, “Signature-based Intrusion Detection System for IoT,” inCyber Security for Next- generation Computing Technologies. CRC Press, 2024, pp. 141–158

    work page 2024

  9. [9]

    Artificial Intelligence Driven Security Model for Internet of Medical Things (IoMT),

    C. Anitha, C. Komala, C. V . Vivekanand, S. Lalitha, and S. Boopathi, “Artificial Intelligence Driven Security Model for Internet of Medical Things (IoMT),” in3rd International Conference on Innovative Practices in Technology and Management. IEEE, 2023, pp. 1–7

    work page 2023

  10. [10]

    A Deep Learning-based Intrusion Detection Technique for a Secured IoMT System,

    J. B. Awotunde, K. M. Abiodun, E. A. Adeniyi, S. O. Folorunso, and R. G. Jimoh, “A Deep Learning-based Intrusion Detection Technique for a Secured IoMT System,” inInternational Conference on Informatics and Intelligent Applications. Springer, 2021, pp. 50–62

    work page 2021

  11. [11]

    Enhancing IoMT Security with Deep Learning Based Approach for Medical IoT Threat Detection,

    N. C. Kavkas and K. Yildiz, “Enhancing IoMT Security with Deep Learning Based Approach for Medical IoT Threat Detection,” inIEEE International Symposium on Digital Forensics & Security, 2025, pp. 1–5

    work page 2025

  12. [12]

    CICIoMT2024: A Benchmark Dataset for Multi-Protocol Security Assessment in IoMT,

    S. Dadkhah, E. C. P. Neto, R. C. Molokwu, and A. A. Ghorbani, “CICIoMT2024: A Benchmark Dataset for Multi-Protocol Security Assessment in IoMT,”Internet of Things, vol. 28, p. 101351, 2024

    work page 2024

  13. [13]

    Intrusion Detection with Interpretable Rules Generated using the Tsetlin Machine,

    K. D. Abeyrathna, H. S. G. Pussewalage, S. N. Ranasinghe, V . A. Oleshchuk, and O.-C. Granmo, “Intrusion Detection with Interpretable Rules Generated using the Tsetlin Machine,” inIEEE Symposium Series on Computational Intelligence, 2020, pp. 1121–1130

    work page 2020

  14. [14]

    Towards IoT Anomaly Detection with Tsetlin Machines,

    O. Gunvaldsen, H. B. Thorsen, P.-A. Andersen, O.-C. Granmo, and M. Goodwin, “Towards IoT Anomaly Detection with Tsetlin Machines,” inIEEE International Symposium on the Tsetlin Machine, 2023, pp. 1–8

    work page 2023

  15. [15]

    CAQoE: A Novel No-reference Context- aware Speech Quality Prediction Metric,

    R. K. Jaiswal and R. Dubey, “CAQoE: A Novel No-reference Context- aware Speech Quality Prediction Metric,”ACM Trans. on Multimedia Computing, Comms. and Applications, vol. 19, no. 1s, pp. 1–23, 2023

    work page 2023

  16. [16]

    Breiman, J

    L. Breiman, J. Friedman, R. A. Olshen, and C. J. Stone,Classification and Regression Trees. Chapman and Hall/CRC, 2017

    work page 2017

  17. [17]

    Wi-Fi based Indoor Location Positioning Employing Random Forest Classifier,

    E. Jedari, Z. Wu, and M. Saif, “Wi-Fi based Indoor Location Positioning Employing Random Forest Classifier,” inIEEE International Conference on Indoor Positioning and Indoor Navigation, 2015, pp. 1–5

    work page 2015

  18. [18]

    Xgboost: A Scalable Tree Boosting System,

    T. Chen and C. Guestrin, “Xgboost: A Scalable Tree Boosting System,” in22nd ACM SIGKDD International Conference on Knowledge Discov- ery and Data Mining, 2016, pp. 785–794

    work page 2016

  19. [19]

    Lightgbm: A Highly Efficient Gradient Boosting Decision Tree,

    G. Ke, Q. Meng, and T. Finley, “Lightgbm: A Highly Efficient Gradient Boosting Decision Tree,” in31st Conference on Neural Information Processing Systems, 2017, pp. 1–9

    work page 2017

  20. [20]

    Alpaydin,Introduction to Machine Learning

    E. Alpaydin,Introduction to Machine Learning. MIT press, 2020

    work page 2020

  21. [21]

    Bhagwat, M

    R. Bhagwat, M. Abdolahnejad, and M. Moocarme,Applied Deep Learn- ing with Keras: Solve Complex Real-life Problems with the Simplicity of Keras. Packt Publishing Ltd, 2019

    work page 2019

  22. [22]

    A Novel Oversampling Technique for Class-Imbalanced Learning Based on SMOTE and Natural Neighbors,

    J. Li, Q. Zhu, Q. Wu, and Z. Fan, “A Novel Oversampling Technique for Class-Imbalanced Learning Based on SMOTE and Natural Neighbors,” Information Sciences, vol. 565, pp. 438–455, 2021

    work page 2021