Surafel LemmaHenock MulugetaYonas Kibret Deshah2026-03-032026-03-032025-12https://etd.aau.edu.et/handle/123456789/7806Internet of Things (IoT) security is becoming important with the growing popularity of IoT devices and their wide applications. IoT systems are widely used in a variety of sectors, including transportation, utilities, manufacturing, healthcare and home automation. Although IoTs promise to have a significant positive impact on productivity and efficiency, they also pose several privacy and security issues. One of the most destructive attacks on the IoT is Distributed Denial-of-Service (DDoS) attacks. Machine learning-based DDoS attack detection systems have proven effective in detecting and preventing DDoD attacks in IoT systems. However, these DDoS attack-detection systems are batch learning and centralized learning which usually fails to detect zero-day DDoS, and adversarial attacks, and preserve privacy. The dynamicity IoT environment causes concept drift issues that result in performance degradation in detecting DDoS. Despite the rapidly increasing use of federated learning in cyber security domain to address privacy issue, existing methods have limitation in terms of accuracy, convergence speed, and scalability in non-IID (non independent and identically distributed) condition. Furthermore, the current adversarial defenses are tailored to detect known adversarial attacks by training on predefined attack patterns. On this dissertation, we first proposed an adaptive online DDoS detection framework to tackle concept drift in streaming data using a novel Accuracy Update Weighted Probability Averaging Ensemble (AUWPAE), that achieves detection accuracies of 99.54% and 99.33% on the IoTID20 and CICIoT2023 datasets, respectively. AUWPAE outperforms other state-of-the-art online adaptive learning methods, such as ARF-ADWIN, ARF-DDM, SRPs-ADWIN, SRPs-DDM, KNN-ADWIN, HTs, LB, and PWPAE. AUWPAE address different type of concept drift issue and detect zero-day attacks. Second, our dissertation introduces a novel Multi-Stage Adversarial Attack Defense (MSAAD) mechanism that combines resilient adversarial purification, diversified classifier ensembles, and a Multi-Armed Bandit selection strategy to mitigate known and unknown adversarial threats in real-time. This defense system substantially improves model robustness, with adversarial detection accuracy rising up to 99.48% across the same datasets. Third, a novel Dynamic Weighted Clustered Federated Learning (FedDWC) framework is developed to enhance detection accuracy and convergence under non-IID conditions by leveraging bi-level optimization and performance-based dynamic weight updates across clustered clients. Theoretical analysis demonstrates fast convergence of the FedDWC framework. Moreover, the experiment demonstrates the clustering capability and scalability of proposed framework for different size and complexity of IoT devices. FedDWC outperforms conventional FL methods like FedAvg, FedProx, and IFCA, with accuracy gains up to 1.9% on the same above dataset. Collectively, this dissertation contributes a privacy-preserving, robust to adversarial attack and scalable online DDoS attack detection system that advance the state-of-the-art through a synergy of adaptive learning, adversarial resilience, and federated optimization.en-USIoT DDoS attackprivacy preservingadversarial attackonline learningfederated learningdynamic weightingconcept drift detection and adaptationAUWPAEMSAAD and FedDWCDissertation