DDoS Attack Detection in IoT: A Comparative Resource and Performance Analysis of Deep Learning and Machine Learning Models

The proliferation of Internet of Things (IoT) devices has increased susceptibility to Distributed Denial of Service (DDoS) attacks, exposing the limitations of traditional security mechanisms such as firewalls and rule-based intrusion detection systems (IDS), which often fail due to static rules and limited adaptability in resource-constrained environments. To address these challenges, this study introduces a lightweight IDS leveraging advanced deep learning techniques, including lightweight convolutional neural networks (CNNs) such as MobileNetV3, EfficientNetB0, and other models like CNN and Xception. The proposed IDS employs different lightweight deep learning models on image representations of network traffic data and machine learning models on tabular CSV representations of the same data. The primary challenge stems from the balance of high detection accuracy with the computational efficiency required for real-time IDS deployment in constrained IoT environments. This study proposes a dual-format comparative approach to assess how data representation image-based for deep learning and tabular for traditional machine learning influences detection performance and resource utilization. The evaluation is conducted using the CIC-DDoS2019 dataset, measuring detection metrics including accuracy, precision, recall, and AUC, as well as resource efficiency metrics such as inference time, memory usage, and CPU consumption. The results demonstrate that although lightweight deep learning models like MobileNetV3 and EfficientNetB0 deliver near-perfect AUC scores, their inference times are still too high for real-time applications. Conversely, traditional machine learning models such as Random Forest and SVM provide significantly faster inference with minimal resource consumption, making them better suited for real-time IDS deployment.