Wireless sensor networks (WSNs) are vulnerable to distributed denial-of-service (DDoS) attacks, which can severely degrade overall performance and compromise system availability and reliability. To effectively protect against such attacks, this work introduces a centralized intrusion detection system (IDS) framework utilizing machine learning (ML) techniques. The IDS integrates six different ML models to accurately classify malicious traffic and distinguish it from legitimate network traffic. However, developing and validating a robust ML-based defense solution requires a comprehensive understanding of the attack’s behavior and impact. Therefore, we initially simulate a baseline WSN architecture and conduct different DDoS attacks, focusing specifically on two critical architectural layers: Cluster Heads and the Base Station. To identify vulnerabilities introduced by DDoS traffic saturation and resource exhaustion, the severity of the attacks is further quantified through network-level metrics. This empirical analysis provides four labeled datasets necessary to train the ML models in the IDS framework across multiple operational phases, including the baseline phase before the attacks, the active attack phase during DDoS attacks, and the recovery phase after the attacks. Experimental results demonstrate that the IDS achieves high detection performance and significantly reduces the adverse effects of the attacks. Furthermore, based on the findings, the IDS facilitates rapid network recovery, restoring performance to levels close to normal operations.