From Signatures to AI: A Comprehensive Review of DDoS Detection Strategies in IoT & SDN
Main Article Content
Abstract
In the ever-evolving landscape of the Internet of Things (IoT) and Software-Defined Networks (SDN), the rapid growth of interconnected devices has enhanced ease and efficiency. However, this evolution has also paved the way for the ominous cyber-attack: Distributed Denial of Service (DDoS). These attacks, which make systems unavailable for legitimate users, threaten the data integrity, confidentiality, and availability in IoT and SDN infrastructure. This paper delves into the critical issue of DDoS attacks within the IoT and SDN environments, offering a comprehensive exploration of detection mechanisms by categorizing them into traditional (signature-based) and anomaly-based approaches i.e., Machine Learning (ML), Deep Learning (DL), and statistical techniques. Our key findings reveal that while signature-based methods effectively identify known attack patterns, they fall short against novel threats. In contrast, AI-based approaches, particularly ML and DL, demonstrate superior performance in detecting previously unseen attacks. However, their efficiency is highly dependent on the quality of training data and model robustness. Our comparative analysis indicates that ML and DL methods achieve higher detection rates and lower false positives in experimental settings, underscoring the importance of high-quality datasets and resilient models. By highlighting the strengths and limitations of both approaches, this study provides valuable insights for researchers and cybersecurity experts. The need for an effective and diversified DDoS detection mechanism in the developing IoT and SDN domains is evident. While conventional methods remain relevant, AI-based strategies offer a dynamic avenue for enhancing security.
Manuscript received: 24 Oct 2024 | Revised: 14 Dec 2024 | Accepted: 30 Dec 2024 | Published: 31 Mar 2025
Article Details

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
J. Kaur and K.R. Ramkumar, "The recent trends in cyber security: A review," Journal of King Saud University-Computer and Information Sciences, vol. 34, no. 8, pp. 5766-5781, 2022.
DOI: https://doi.org/10.1016/j.jksuci.2021.01.018
K. Sudar and V. Muneeswaran, "Analysis of cyberattacks and its detection mechanisms," Fifth International Conference on Research in Computational Intelligence and Communication Networks, pp. 12-16, 2020.
DOI: https://doi.org/10.1109/ICRCICN50933.2020.9296178
J. Curtis and G. Oxburgh, “Understanding cybercrime in real world policing and law enforcement,” The Police Journal, vol. 4, no. 96, pp. 573-592, 2023.
DOI: https://doi.org/10.1177/0032258X221107584
M.V. Pawar and J. Anuradha, "Network security and types of attacks in network," Procedia Computer Science, vol. 48, pp. 503-506, 2015.
DOI: https://doi.org/10.1016/j.procs.2015.04.126
M.S. Elsayed, N.A. Le-Khac, S. Dev and A.D. Jurcut, "DDoSNet: A deep-learning model for detecting network attacks," IEEE 21st International Symposium on A World of Wireless, Mobile and Multimedia Networks, pp. 391-396, 2020.
DOI: https://doi.org/10.1109/WoWMoM49955.2020.00072
A.B. Dehkordi, M.R. Soltanaghaei, and F.Z. Boroujeni, "The DDoS attacks detection through machine learning and statistical methods in SDN," Journal of Supercomputing, vol. 77, no. 3, pp. 2383-2415, 2021.
DOI: https://doi.org/10.1007/s11227-020-03323-w
K.B. Adedeji, A.M. Abu-Mahfouz, and A.M. Kurien, "DDoS attack and detection methods in internet-enabled networks: Concept, research perspectives, and challenges," Journal of Sensor and Actuator Networks, vol. 12, no. 4, pp. 51, 2023.
DOI: https://doi.org/10.3390/jsan12040051
V. Choudhary and S. Tanwar, “Generation & evaluation of datasets for anomaly-based intrusion detection systems in IoT environments,” Multimedia Tools and Applications, pp. 1-25, 2024.
DOI: https://doi.org/10.1007/s11042-024-19066-2
B. Agarwal and N. Mittal, "Hybrid approach for detection of anomaly network traffic using data mining techniques," Procedia Technology, vol. 6, pp. 996-1003, 2012.
DOI: https://doi.org/10.1016/j.protcy.2012.10.121
A.R. Wani, Q.P. Rana, U. Saxena and N. Pandey, “Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques,” Amity International Conference on Artificial Intelligence, pp. 870-875, 2019.
DOI: https://doi.org/10.1109/AICAI.2019.8701238
Z. He, T. Zhang and R.B. Lee, "Machine learning based DDoS attack detection from source side in cloud," IEEE 4th International Conference on Cyber Security and Cloud Computing, pp. 114-120, 2017.
DOI: https://doi.org/10.1109/CSCloud.2017.58
D. Kapetanovic, G. Zheng and F. Rusek, "Physical layer security for massive MIMO: An overview on passive eavesdropping and active attacks," IEEE Communications Magazine, vol. 53, no. 6, pp. 21-27, 2015.
DOI: https://doi.org/10.1109/MCOM.2015.7120012
M. Keerthika and D. Shanmugapriya, “Wireless sensor networks: Active and passive attacks-vulnerabilities and countermeasures,” Global Transitions Proceedings, vol. 2, no. 2, pp. 362-367, 2021.
DOI: https://doi.org/10.1016/j.gltp.2021.08.045
J. Ahmed and Q. Tushar, “COVID-19 pandemic: A new era of cyber security threat and holistic approach to overcome,” IEEE Asia-Pacific Conference on Computer Science and Data Engineering, pp. 1-5, 2020.
DOI: https://doi.org/10.1109/CSDE50874.2020.9411533
Y. Al-Dunainawi, B.R. Al-Kaseem and H.S. Al-Raweshidy, “Optimized artificial intelligence model for DDoS detection in SDN environment,” IEEE Access, vol.11, pp. 106733-106748, 2023.
DOI: https://doi.org/10.1109/ACCESS.2023.3319214
A. Singh and B.B. Gupta, "Distributed Denial-of-Service (DDoS) attacks and defense mechanisms in various web-enabled computing platforms: issues, challenges, and future research directions," International Journal on Semantic Web and Information Systems, vol. 18, no. 1, pp. 1-43, 2022.
DOI: https://doi.org/10.4018/IJSWIS.297143
R. Vishwakarma and A.K. Jain, “A survey of DDoS attacking techniques and defence mechanisms in the IoT network,” Telecommunication Systems, vol.73, no.1, pp.3-25, 2020.
DOI: https://doi.org/10.1007/s11235-019-00599-z
W. Guo, J. Xu, Y. Pei, L. Yin, C. Jiang and N. Ge, "A distributed collaborative entrance defense framework against DDoS attacks on satellite internet," IEEE Internet of Things Journal, vol. 9, no. 17, pp. 15497-15510, 2022.
DOI: https://doi.org/10.1109/JIOT.2022.3176121
A. Gaurav, B. B. Gupta, W. Alhalabi, A. Visvizi and Y. Asiri, "A comprehensive survey on DDoS attacks on various intelligent systems and its defense techniques," International Journal of Intelligent Systems, vol. 37, no. 12, pp. 11407-11431, 2022.
DOI: https://doi.org/10.1002/int.23048
S. Potluri, M. Mangla, S. Satpathy and S. N. Mohanty, "Detection and prevention mechanisms for DDoS attack in cloud computing environment," 11th International Conference on Computing, Communication and Networking-Technologies, pp.1-6, 2022.
DOI: https://doi.org/10.1109/ICCCNT49239.2020.9225396
Y.F. Hsu, A. Ryusei and M. Matsuoko, “Real network DDoS Pattern Analysis and Detection,” IEEE 46th Annual Computers, Software, and Applications Conference, pp. 1489-1494, 2022.
DOI: https://doi.org/10.1109/COMPSAC54236.2022.00236
M.Z. Shafiq, L. Ji, A.X. Liu, J. Pang and J. Wang, "Large-scale measurement and characterization of cellular machine-to-machine traffic," IEEE/ACM Transactions on Networking, vol. 21, no. 6, pp. 1960-1973, 2013.
DOI: https://doi.org/10.1109/TNET.2013.2256431
A.L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, 2015.
DOI: https://doi.org/10.1109/COMST.2015.2494502
K.S. Sahoo, B.K. Tripathy, K. Naik, S. Ramasubbareddy, B. Balusamy, M. Khari and D. Burgos, "An evolutionary SVM model for DDoS attack detection in software defined networks," IEEE Access, vol. 8, pp. 132502-132513, 2020.
DOI: https://doi.org/10.1109/ACCESS.2020.3009733
V. Gaur and R. Kumar, “Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices,” Arabian Journal for Science and Engineering, vol.47, pp.1353-1374, 2022.
DOI: https://doi.org/10.1007/s13369-021-05947-3
T.K. Moon, "The expectation-maximization algorithm," IEEE Signal Processing Magazine, vol. 13, no. 6, pp. 47-60, 1996.
DOI: https://doi.org/10.1109/79.543975
A. Aldweesh, A. Derhab and A.Z. Emam, "Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues," Knowledge-Based Systems, vol. 189, pp. 105124, 2020.
DOI: https://doi.org/10.1016/j.knosys.2019.105124
Z. Fatehi and A. Montazerolghaem, “DDoS Detection in SDN using Deep Learning,” 8th International Conference on Smart Cities, Internet of Things and Applications, pp. 201-206, 2024.
DOI: https://doi.org/10.1109/SCIoT62588.2024.10570129
M. Mittal, K. Kumar and S. Behal, "Deep learning approaches for detecting DDoS attacks: A systematic review," Soft Computing, vol. 27, pp. 13039-13075, 2023.
DOI: https://doi.org/10.1007/s00500-021-06608-1
K. Chen, S. Zhang, Z. Li, Y. Zhang, Q. Deng, S. Ray and Y. Jin, "Internet-of-things security and vulnerabilities: Taxonomy, challenges, and practice," Journal of Hardware and Systems Security, vol. 2, pp. 97-110, 2018.
DOI: https://doi.org/10.1007/s41635-017-0029-7
J. C. Reed and N. Dunaway, "Cyberbiosecurity implications for the laboratory of the future," Frontiers in Bioengineering and Biotechnology, vol. 7, no. 182, 2019.
DOI: https://doi.org/10.3389/fbioe.2019.00182
J. Gubbi, R. Buyya, S. Marusic and M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, 2013.
DOI: https://doi.org/10.1016/j.future.2013.01.010
J. H. Lee and H. Kim, "Security and privacy challenges in the Internet of Things [Security and privacy matters]," IEEE Consumer Electronics Magazine, vol. 6, no. 3, pp. 134-136, 2017.
DOI: https://doi.org/10.1109/MCE.2017.2685019
D. Kreutz, F.M.V. Ramos, P.E. Verissimo, C.E. Rothenberg, S. Azodolmolky and S. Uhlig, "Software-defined networking: A comprehensive survey," Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, 2014.
DOI: https://doi.org/10.1109/JPROC.2014.2371999
B. Wang, Y. Zheng, W. Lou and Y. T. Hou, "DDoS attack protection in the era of cloud computing and software-defined networking," Computer Networks, vol. 81, pp. 308-319, 2015.
DOI: https://doi.org/10.1016/j.comnet.2015.02.026
S. Sezer, S. Scott-Hayward, P.K. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller and N. Rao, "Are we ready for SDN? Implementation challenges for software-defined networks," IEEE Communications Magazine, vol. 51, no. 7, pp. 36-43, 2013.
DOI: https://doi.org/10.1109/MCOM.2013.6553676
S. Scott-Hayward, G. O'Callaghan and S. Sezer, "SDN security: A survey," IEEE SDN for Future Networks and Services, pp. 1-7, 2013.
DOI: https://doi.org/10.1109/SDN4FNS.2013.6702553
A.A. Alashhab, M.S. Zahid, B. Isyaku, A.A. Elnour, W. Nagmeldin, A. Abdelmaboud, T.A.A. Abdullah and U. D. Maiwada, “Enhancing DDoS attack detection and mitigation in SDN using an ensemble online machine learning model,” IEEE Access, vol. 12, pp. 51630-51649, 2024.
DOI: https://doi.org/10.1109/ACCESS.2024.3384398
Y.W. Chen, J.P. Sheu, Y.C. Kuo and N.V. Cuong, "Design and implementation of IoT DDoS attacks detection system based on machine learning," European Conference on Networks and Communications, pp. 122-127, 2020.
DOI: https://doi.org/10.1109/EuCNC48522.2020.9200909
P.M. Prajapati, P.P. Gandhi and S. Degadwala, “Exploring methods of mitigation against DDoS attack in an IoT network,” International Conference on Inventive Computation Technologies, pp.1373-1377, 2024.
DOI: https://doi.org/10.1109/ICICT60155.2024.10544424
V. Gaur and R. Kumar, "Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices," Arabian Journal for Science and Engineering, vol. 47, pp. 1353-1374, 2022.
DOI: https://doi.org/10.1007/s13369-021-05947-3
S. Karnani and H.K. Shakya, “Mitigation strategies for Distributed Denial of Dervice (DDoS) in SDN: A survey and taxonomy,” Information Security Journal: A Global
Perspective, vol. 32, no. 6, pp. 444-468, 2023.
DOI: https://doi.org/10.1080/19393555.2022.2111004
M. Ge, N.F. Syed, X. Fu, Z. Baig and A. Robles-Kelly, "Towards a deep learning-driven intrusion detection approach for Internet of Things," Computer Networks, vol. 186, pp. 107784, 2021.
DOI: https://doi.org/10.1016/j.comnet.2020.107784
M. Cherian and S. L. Varma, "Secure SDN–IoT framework for DDoS attack detection using deep learning and counter-based approach," Journal of Network and Systems Management, vol. 31, no. 54, 2023.