Abstract
The spread of Internet of Things (IoT) devices has significantly expanded the attack surface for Distributed Denial-of-Service (DDoS) threats, exposing resource-constrained gateways to bandwidth exhaustion and service disruption. While machine learning (ML)–based detection systems achieve strong accuracy, their computational cost renders them impractical for IoT environments. Conversely, lightweight deterministic filters provide efficiency but lack adaptability to evolving attack strategies. This study presents a Hybrid Deterministic–Machine Learning (HD-ML) framework that integrates deterministic packet verification with lightweight supervised classifiers to achieve both scalability and adaptability. The framework filters trivially malicious traffic at the gateway and forwards only residual ambiguous flows for ML-based classification. Using NS-3 simulations, we generated a dataset of over 100,000 packets, extracted flow-level features, and evaluated multiple classifiers including Decision Tree, Naïve Bayes, Logistic Regression, Random Forest, and Support Vector Machine (SVM). Results demonstrate that the HD-ML framework achieves an overall detection accuracy of 98.8% with a false positive rate as low as 0.8%, significantly outperforming standalone deterministic or ML-based approaches. Among the classifiers, SVM exhibited the highest performance with a perfect ROC-AUC score of 1.0 and an F1-Score of 0.926, confirming its suitability for residual traffic analysis. The proposed framework therefore offers a bandwidth-efficient, computationally lightweight, and adaptive defense mechanism for real-time DDoS mitigation in IoT networks.
Keywords