ML-DRIVEN APPROACH FOR DDOS DETECTION IN WIRELESS SENSOR NETWORKS

Abstract

The rise of Internet of Things (IoT) networks has revolutionized industries and homes, but also exposed critical vulnerabilities to Distributed Denial of Service (DDoS) attacks. Lightweight and resource-constrained sensor nodes are often unable to defend against volumetric floods or protocolbased intrusions, making them prime targets for attackers. Traditional security systems rely on static rules, signature-based detection, and manual threshold settings, which are ineffective against zero-day variants or obfuscated traffic patterns. These systems fail to capture subtle traffic anomalies and cannot scale to accommodate the high data volume generated by IoT devices. Furthermore, manual configurations and rule-based mechanisms result in high false alarm rates, poor adaptability, and delayed response. There is a growing need for an intelligent, automated, and adaptive system that can process raw network traffic, identify patterns, and accurately classify DDoS activities in real time. The proposed system addresses this by integrating a machine learning-based framework that performs end-to-end detection using supervised learning algorithms. The pipeline involves preprocessing steps such as label encoding, normalization, and dimensionality reduction through Principal Component Analysis (PCA) to enhance the quality and efficiency of the training data. Six machine learning classifiers—Naive Bayes, Random Forest, Support Vector Machine, K-Nearest Neighbors, XGBoost, and AdaBoost—are implemented and evaluated to determine the most effective model for real-time detection. The solution is embedded within a user-friendly Tkinter GUI for dataset management, model training, and performance visualization. This system not only reduces false positives and improves classification accuracy but also ensures fast deployment and compatibility with resourcelimited IoT devices. By offering a comparative model evaluation, the framework empowers security analysts to deploy the optimal detection algorithm for specific network environments, significantly enhancing IoT security against modern DDoS threats while supporting scalability, adaptability, and operational efficiency