Internet-of-Things　(IoT)　devices　are　getting　more　and　more　popular　in　recent　years　and　IoT　networks　play　an　important　role　in　the　industry　as　well　as　people＇s　activities.　On　the　one　hand,　they　bring　convenience　to　every　aspect　of　our　daily　life;　on　the　other　hand,　they　are　vulnerable　to　various　attacks　that　in　turn　cancels　out　their　benefits　to　a　certain　degree.　In　this　article,　we　target　the　defense　techniques　against　IoT　Distributed　Denial-of-Service　(DDoS)　attacks　and　propose　an　edge-centric　IoT　defense　scheme　termed　FlowGuard　for　the　detection,　identification,　classification,　and　mitigation　of　IoT　DDoS　attacks.　We　present　a　new　DDoS　attack　detection　algorithm　based　on　traffic　variations　and　design　two　machine　learning　models　for　DDoS　identification　and　classification.　To　demonstrate　the　effectiveness　of　the　two　machine　learning　models,　we　generate　a　large　data　set　by　DDoS　simulators　BoNeSi　and　SlowHTTPTest,　and　combine　it　with　the　CICDDoS2019　data　set,　to　test　the　identification　and　classification　accuracy　as　well　as　the　model　efficiency.　Our　results　indicate　that　the　identification　accuracy　of　the　proposed　long　short-term　memory　is　as　high　as　98.9%,　which　significantly　outperforms　the　other　four　well-known　learning　models　mentioned　in　the　most　related　work.　The　classification　accuracy　of　the　proposed　convolutional　neural　network　is　up　to　99.9%.　Besides,　our　models　satisfactorily　meet　the　delay　requirements　of　IoT　when　deployed　in　edge　servers　with　computational　powers　higher　than　a　personal　computer.