A Framework for Distributed Denial-of-Service Attack Detection in Internet of Things Environments

Abstract

Internet of Things (IoT) networks are ubiquitous across industries, homes, and critical infrastructure due to their automation capabilities. However, IoT devices remain highly vulnerable to Distributed Denial-of-Service (DDoS) attacks owing to their limited computational power and inherent heterogeneity. Also, IoT systems often favor usability over security. While deep learning has shown promise for detecting such attacks, existing approaches have largely been validated on conventional network datasets using centralized architectures that create single points of failure. Furthermore, the centralized approaches raise privacy concerns by requiring raw data transmission to the cloud and lack preprocessing tailored to IoT-specific protocols such as MQTT. This study aimed to develop a distributed deep learning framework for DDoS detection in IoT environments. The specific objectives were to design and implement a distributed detection framework based on deep learning, and to evaluate and compare its performance against a centralized paradigm using accuracy, precision, recall, and F1-score. A quantitative experimental research design using the DoS/DDoS-MQTT-IoT dataset was employed. The proposed framework integrated three components: a CNN-BiLSTM ensemble model, a three-tier edge-fog-cloud architecture incorporating federated learning where edge devices performed preprocessing and fog nodes conducted local training while raw data remained on premises, and preprocessing adapted to MQTT's publish-subscribe semantics. Model hyperparameters were held constant across both experimental conditions, and ten-fold cross-validation was applied. Statistical significance was assessed using a paired t-test with an alpha level of 0.05. The distributed detection framework achieved 99.68% accuracy, 99.02% precision, 99.28% recall, and 99.10% F1-score. The distributed framework demonstrated a 64% lower error rate than the centralized approach (1.35% versus 3.76%). This improvement was statistically significant as confirmed by a paired t test over ten-fold cross-validation (p < 0.001). The distributed framework also outperformed traditional machine learning methods and standalone deep learning models including CNN alone, BiLSTM alone, and RNN alone. Overall, the distributed approach exhibits superior accuracy and adaptability compared to centralized detection. It also provides privacy benefits through federated learning. Future work should validate the framework on additional IoT protocols and datasets and explore model compression techniques to further reduce computational requirements on resource-constrained edge devices.