Abstract
The proliferation of Internet of Things (IoT) devices has introduced severe vulnerabilities, notably Distributed Denial-of-Service (DDoS) attacks. Traditional network-layer intrusion detection relies on deep packet inspection and flow analysis, which struggle against modern encrypted traffic and raise severe privacy violations. To address these limitations, we propose a novel physical-layer framework that strictly preserves payload privacy by exploiting power side-channel signals. This study elevates the detection paradigm through three core pillars. First, we design a dynamic data acquisition and multi-domain feature engineering pipeline. Leveraging this robust feature space, our optimized XGBoost-based engine achieves an exceptional Macro-F1 score of 0.9988 for macroscopic anomaly detection and a robust 0.9658 for a multi-class identification task, seamlessly disentangling stealthy attacks from diverse legitimate IoT workloads (e.g., OpenHAB, ThingsBoard) across varying sampling scales. Second, we systematically evaluate the system’s resilience under extremely injected additive white Gaussian noise (AWGN). Even at 0 dB Signal-to-Noise Ratio, our system sustains a high anomaly detection F1-score of 0.9553, significantly outperforming traditional baselines. Third, to bridge the trust gap inherent in “closed-box” machine learning, we integrate the SHapley Additive exPlanations (SHAP) framework. The comprehensive interpretability analysis demonstrates that our model generates highly transparent and trustworthy alerts, explicitly mapping complex classification decisions back to physical root causes. Furthermore, zero-shot evaluations against unseen attack tools confirm the system’s generalization, achieving a Macro-F1 of 0.9755 for anomaly detection and a Macro-AUC of 0.8928 for attack identification. Ultimately, this research establishes a transparent, highly resilient, and privacy-centric methodological framework for IoT edge security.