A Unified Cross-Domain Framework for DDoS Detection Across IoT, Cloud, and SDN Networks

The convergence of Internet of Things (IoT), cloud computing, and Software-Defined Networking (SDN) has increased the attack surface for large-scale Distributed Denial- of-Service (DDoS) attacks. While machine-learning and deep-learning methods achieve strong results within single domains, they frequently fail to generalize across hetero- geneous network environments. We propose a unified cross-domain DDoS detection framework that harmonizes traffic from IoT, cloud, and SDN domains into a shared, semantically consistent feature space, enabling fair comparison and transferability assessment. Five supervised classifiers Random Forest, XGBoost, LightGBM, Cat- Boost, and a Multi-Layer Perceptronare evaluated under source → target transfer scenarios using standardized metrics and statistical testing. Experiments on repre- sentative IoT, cloud, and SDN benchmark datasets show consistently high detection performance (accuracy  ≥  0.987) and area under the ROC curve (AUC  ≥  0.998) after harmonization, with only minor precision degradation across merged datasets. Feature-importance and interpretability analyses identify flow duration, packet-length statistics, and inter-arrival variance as invariant indicators of volumetric DDoS activ- ity. The results demonstrate the frameworks robustness, scalability, and practical suitability for deployment in next-generation heterogeneous network infrastructures.