Privacy Preserved Online DDoS Attack Detection Frameworks for IoT Systems
No Thumbnail Available
Date
2025-12
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Internet of Things (IoT) security is becoming important with the growing popularity of IoT
devices and their wide applications. IoT systems are widely used in a variety of sectors, including
transportation, utilities, manufacturing, healthcare and home automation. Although IoTs promise
to have a significant positive impact on productivity and efficiency, they also pose several privacy
and security issues. One of the most destructive attacks on the IoT is Distributed Denial-of-Service
(DDoS) attacks. Machine learning-based DDoS attack detection systems have proven effective in
detecting and preventing DDoD attacks in IoT systems. However, these DDoS attack-detection
systems are batch learning and centralized learning which usually fails to detect zero-day DDoS,
and adversarial attacks, and preserve privacy. The dynamicity IoT environment causes concept
drift issues that result in performance degradation in detecting DDoS. Despite the rapidly
increasing use of federated learning in cyber security domain to address privacy issue, existing
methods have limitation in terms of accuracy, convergence speed, and scalability in non-IID (non independent and identically distributed) condition. Furthermore, the current adversarial defenses
are tailored to detect known adversarial attacks by training on predefined attack patterns.
On this dissertation, we first proposed an adaptive online DDoS detection framework to tackle
concept drift in streaming data using a novel Accuracy Update Weighted Probability Averaging
Ensemble (AUWPAE), that achieves detection accuracies of 99.54% and 99.33% on the IoTID20
and CICIoT2023 datasets, respectively. AUWPAE outperforms other state-of-the-art online
adaptive learning methods, such as ARF-ADWIN, ARF-DDM, SRPs-ADWIN, SRPs-DDM,
KNN-ADWIN, HTs, LB, and PWPAE. AUWPAE address different type of concept drift issue and
detect zero-day attacks. Second, our dissertation introduces a novel Multi-Stage Adversarial
Attack Defense (MSAAD) mechanism that combines resilient adversarial purification, diversified
classifier ensembles, and a Multi-Armed Bandit selection strategy to mitigate known and unknown
adversarial threats in real-time. This defense system substantially improves model robustness, with
adversarial detection accuracy rising up to 99.48% across the same datasets. Third, a novel
Dynamic Weighted Clustered Federated Learning (FedDWC) framework is developed to enhance
detection accuracy and convergence under non-IID conditions by leveraging bi-level optimization
and performance-based dynamic weight updates across clustered clients. Theoretical analysis
demonstrates fast convergence of the FedDWC framework. Moreover, the experiment
demonstrates the clustering capability and scalability of proposed framework for different size and
complexity of IoT devices. FedDWC outperforms conventional FL methods like FedAvg,
FedProx, and IFCA, with accuracy gains up to 1.9% on the same above dataset. Collectively, this
dissertation contributes a privacy-preserving, robust to adversarial attack and scalable online
DDoS attack detection system that advance the state-of-the-art through a synergy of adaptive
learning, adversarial resilience, and federated optimization.
Description
Keywords
IoT DDoS attack, privacy preserving, adversarial attack, online learning, federated learning, dynamic weighting, concept drift detection and adaptation, AUWPAE, MSAAD and FedDWC