Comprehensive Characterization and Taxonomy of Evolving Distributed Denial of Service (DDoS) Threats in Heterogeneous Internet of Things (IoT) Environments

Abstract

The evolving Distributed Denial of Service (DDoS) landscape in heterogeneous Internet of Things (IoT) ecosystems presents a dynamic attack surface due to the diversity of devices, lightweight communication protocols, and inconsistent security settings. This paper provides a structured approach to classification, detection, and mitigation of IoT-based DDoS attacks by integrating a multidimensional taxonomy with simulation-based datasets, feature engineering, and advanced learning models. Using NS-3 and OMNeT++ simulations, volumetric floods, protocol exploits, reflective amplification, and stealthy low-rate attacks were emulated across IoT architectural layers. Statistical and protocol-aware features such as payload size, entropy, burstiness, and inter-arrival time were extracted and analyzed. Principal Component Analysis (PCA) retained ~79% of the variance while reducing feature dimensionality, improving computational efficiency. On controlled datasets, Random Forest and Support Vector Machine classifiers achieved an accuracy, precision, recall, and F1-score of ~95%, with an AUC of 0.95, demonstrating strong separability of benign and malicious traffic. Experiments with federated learning across low-end devices, mid-range gateways, and mixed-capability nodes showed accuracy improvements from 50% to ~67%, with communication overheads ranging from ~20 MB to ~60 MB depending on device profile. Attack vectors were mapped to IoT architectural layers to support targeted defense strategies such as cross-layer monitoring, SDN-based filtering, and blockchain-backed authentication. These results validate a scalable and adaptive framework for real-time IoT DDoS detection that combines traffic profiling, dimensionality reduction, efficient classification, and federated training. The findings underscore the need for protocol-aware, layer-specific defense mechanisms to counter the growing sophistication of adversarial strategies in IoT systems.