Article Info
Applying Machine Learning for Detecting DDoS Attacks in Software-Defined IoT Networks
Noor Afiza Mohd Ariffin, Yang Lei
dx.doi.org/10.17576/apjitm-2026-1501-03
Abstract
In Software-Defined Internet of Things (SD-IoT) networks, Distributed Denial of Service (DDoS) attacks remain a major threat due to the large number of heterogeneous and resource-constrained devices. This study proposes an SDN-integrated machine learning framework for real-time DDoS detection using three supervised classifiers: Na?ve Bayes (NB), Decision Tree (DT), and Support Vector Machine (SVM). The framework leverages centralized SDN control for dynamic flow management and attack mitigation. The BoT-IoT dataset was used with proper preprocessing and stratified train?test splitting (70?30). Performance was evaluated using accuracy, precision, recall, F1-score, false positive rate, detection time (milliseconds), CPU usage, and memory overhead. Experimental results show that the Decision Tree classifier achieved the best accuracy of 98.9%, with an average detection time of 480?500 ms, while incurring only a 3% increase in controller CPU and memory usage. These findings demonstrate that lightweight supervised ML models integrated into SDN controllers can provide efficient and scalable DDoS detection for SD-IoT environments.
keyword
Software-Defined Networking (SDN); Internet of Things (IoT); DDoS Attacks; Machine Learning; Network Security

