With the rapid expansion of connected objects in our daily lives, the risks of cyberattacks, particularly by distributed denial of service (DDoS), have increased considerably. IoT devices, often designed with few resources and little protection, are easy targets for cybercriminals. In this context, our study explores the role of artificial intelligence (AI) in detecting these threats, based on Machine Learning approaches adapted to the specific constraints of the IoT.
We propose a hybrid solution combining Isolation Forest (unsupervised) to detect anomalies without prior labeling, and Random Forest (supervised) to refine classifications. Based on the CICDDoS2019 dataset, containing realistic attack scenarios, we implement a complete pipeline from the data preparation stage to the model training stage, including the
selection of the most relevant features using SHAP.
The results obtained are very promising, with accuracy reaching 99.13% for Random Forest and 89.2% for Isolation Forest. Two deployment scenarios are then proposed: one on aggregator nodes (e.g. Raspberry Pi), and the other in distributed architecture, with embedded detection on the IoT objects themselves, coupled with in-depth analysis on security devices.
This modular, lightweight and distributed approach shows that it is possible to combine efficiency, speed and adaptability to better protect IoT environments against DDoS attacks.

IoT, DDoS, Machine Learning, Deep Learning, K-Means, Isolation Forest, Random Forest