A distributed denial of service (DDoS) attack is a highly destructive form of organized cyber-attack that targets network computers or online services. Despite the availability of numerous systems for detecting DDoS attacks, the problem remains. This paper proposes the use of mathematical methods that can detect HTTP flooding DDoS attacks effectively. This paper developed an effective mathematical approach using a Reynold number approach for detecting harmful HTTP flooding DDoS packets in incoming traffic flows before they reach the web server. The traffic will be categorized into aggregated packets based on time, and each aggregated packet will be broken down into equally smaller periods known as events, which will then be divided into groups based on (equal packet size with the same inter-arrival time). Because the aggregated packets contain multiple events, this mechanism will determine the value of the Reynold number for each event. If the computed value shows a high Reynold number in the specified group under examination, it will be classified as an HTTP flooding DDoS attack; otherwise, it will be considered normal. In experiments using the ISCX dataset, the proposed mechanism achieves a high accuracy rate of 97.14%.

A Distributed Denial of Service (DDoS) attack occurs when an attacker tries to disrupt a network, service or website by flooding huge numbers of packets on the internet traffic. Detecting DDoS attacks serves the goal of spotting and addressing them promptly to reduce their effects on the network, system or service being targeted. Detecting Distributed Denial of Service (DDoS) attacks is crucial, for people, companies and network managers. The detection of DDoS attacks has ranging uses in industries such as network security safeguarding websites, managing cloud services ensuring the security of online systems and services. Detecting DDoS attacks is essential for safeguarding infrastructure upholding service availability and guaranteeing the security of online systems and services. To achieve this objective, we proposed a framework to detect DDoS attacks including six steps. In step one, we start by gathering information, which includes network activity and system records, for operations as well as instances of DDoS attacks. Step two, we identify characteristics of the data collected such as patterns in network traffic, packet details, IP addresses, types of protocols used and more. Step three, we utilize algorithms for feature selection such as Salp Swarm Algorithm (SSA), Gray Wolf Algorithm (GWA), Particle Swarm Algorithm (PSO) to pinpoint the features that can distinguish between normal activities and DDoS attack patterns. After that in step four, we divide the processed dataset into sections for training and testing purposes to develop and assess the machine learning models such as SVM (support vector machine), and KNN (K-nearest neighbor). Step five we develop a classification model using machine learning techniques like decision trees, forests, support vector machines (SVM) logistic regression models or neural networks. Finally, we assess the effectiveness of models through metrics such as accuracy rates, precision levels, recall rates, and F1 scores. The results show that the proposed models achieve high results (99.9%). In summary detecting DDoS attacks is crucial for protecting networks, systems and online services against disruptions.