The link flooding attack (LFA) has emerged as a new category of distributed denial of service (DDoS) attacks in recent years. Along with the massive deployment of low-cost insecure Internet-of-Things (IoT) devices, the fast proliferation of IoT botnets dramatically increases the risk of LFAs. However, how to efficiently defend against LFAs in IoT still remains as an open problem. To overcome this challenge, we model the interaction between an LFA attacker and the network manager as a two-person Bayesian game in this article to precisely characterize the behaviors of both sides. Then, the rational behaviors of the attacker and the optimal strategies of the defender are unveiled by deriving the Bayesian Nash equilibrium (BNE). Inspired by the obtained BNEs, a cost-effective decision framework is proposed for the defender to make defense decisions. Furthermore, we numerically analyze the effect of all the related factors and present feasible suggestions to deter attack motivations fundamentally. Experimental results demonstrate that the proposed method not only consistently outperforms baseline methods in terms of the defender’s utilities under different attack intensities, but also is robust to the changes in important parameters, including the value of benign traffic and the latency of traffic scrubbing.