The goal of protecting an information and communication (IC) system is to achieve and maintain the required level of basic security principles. The basic principles of security are represented by the CIA model, which embraces the integrity, confidentiality and availability of IC resources. One of the factors that have been adversely affecting the availability principle, and the trend of which has been steadily increasing over the last ten years, is the Distributed Denial of Service (DDoS), or DDoS traffic as a means of conducting such attacks. DDoS traffic as a product of DDoS attacks is an anomaly in network traffic. The advent of the Internet of Things (IoT) as a new direction in technological development and a new communication paradigm that brings together billions of new devices connected to the Internet, creates a new space for security vulnerabilities that can be exploited for unauthorized and malicious activities. The subject of this doctoral research is the characterization of traffic generated by IoT devices in a smart home environment as a basis for detecting anomalies resulting from DDoS attacks. This doctoral thesis defines the classes within IoT devices can be deployed in a smart home environment. The classes are based on the coefficient of variation of the ratio of received and sent traffic of each device. Equally shown is the development of a multi-class classification model based on a boosting machine learning method that, with high accuracy (99.79%), can classify devices based on the characteristics of the generated traffic flow using 13 features. The multi-class classification model provides the ability to create a legitimate traffic profile for each class of device necessary to develop a classification model that will allow the detection of network traffic anomalies. The doctoral thesis also presents the development of a network traffic anomaly detection model based on traffic features and device class. The model was developed using the logistic decision tree method whereby a different version of the model is applied to each class of device, which differs in the number of features used and the branching threshold values of the decision tree. According to the results, the high accuracy of the model for all four classes of devices is concluded from 99.92% - 99.99%. This approach for detecting network traffic anomalies is a step forward in this problem area research, as device classes are used for the first time to detect DDoS traffic. Such a model has the potential to identify unprecedented devices and assign them to an appropriate class for which a legitimate traffic profile is known, and there is an effective model that can identify anomalies based on the value of the traffic flow features that such device generates.