Abstract
The widespread deployment of the Internet of Things (IoT) has transformed industries by enabling automation and connectivity across various application domains. However, this expansion has also introduced significant security challenges, such as distributed denial of service (DDoS) attacks, which can overwhelm network resources, causing service disruptions and financial losses. Traditional machine learning methods for DDoS detection often struggle with limited labeled data, high false alarm rates, and privacy concerns associated with centralized data processing. To address these limitations, we propose DTKD-Fed, a novel semi-supervised DDoS detection framework that integrates digital twin technology with federated knowledge distillation. By leveraging digital twins as virtual replicas of IoT devices, the proposed method enables continuous learning and decentralized model training without requiring labeled data or sharing raw data. The DTKD-Fed framework enhances real-time anomaly detection and mitigates DDoS attacks while maintaining data privacy. Experimental results using publicly available IoT datasets demonstrate the effectiveness of achieving high detection accuracy, competitive performance, and scalability in real-world environments.