IntroductionMost modern attacks/intrusions are very intelligent and leave no trace of their appearance in the network, making detection very difficult. DDoS attacks are classified as resource exhaustion attacks and bandwidth exhaustion attacks [1]. Protocol exploit attacks and malformed packet attacks take up critical resources of the victim system. Many of these attacks also use spoofed source IP addresses, thus evading source identification. The two most basic types of DDoS attacks are 1) bandwidth attacks and 2) application attacks. Bandwidth attacks consume resources such as network bandwidth or equipment by overwhelming them with a high volume of packets [2]. Due to packet overload, target routers, servers, and firewalls may be made unavailable to process valid transactions. Packet-flooding is a form of bandwidth attack in which a large number of seemingly legitimate TCP, User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMP) packets are routed to a specific destination [2]. To make detection difficult, these types of attacks spoof the source address to prevent identification. Application attacks exploit the expected behavior of protocols such as TCP and HTTP to the attacker's advantage by tying up computational resources and preventing them from processing transactions or requests. Any computer on your network can easily be compromised by DDoS attacks without you knowing you are being attacked. Sophisticated and automated DDoS attack tools like Trinoo, TFN, TFN2K, mstream, Stacheldraht, Shaft, Trinity, Knight etc., available on the Internet, do not require technical knowledge to launch a high-speed Flooding attack. The victims are surprisingly government agencies, financial companies, defense agencies and other paper animals”, International Society for Behavioral Ecology, vol. 14, pp. 719-723, 2003.[31] Zhongwen Li and Yang Xiang, “Mathematical Analysis of Active DDoS Defense Systems,” International Conference on Computational Intelligence and Security, Guangzhou, pp. 1563-1566, 2006.[32] G. Preetha, BS Kiruthika Devi, S. Mercy Shalinie, “Combat Model-Based DDoS Detection and Defense Using an Experimental Testbed: A Quantitative Approach,” International Journal of Intelligent Engineering and Informatics (IJIEI), Vol. 1, no. ¾, pp. 261-279, 2011.[33] The Swiss Education and Research Network - Default TTL values ​​in TCP/IP (2002) [Online]. Available: http://secfr.nerim.net/docs/fingerprint/en/ttl default.html.[34] Jaehak Yu, Hansung Lee, Myung-Sup Kim, Daihee Park, “Traffic Flooding Attack Detection with SNMP MIB Using SVM,” Comput. Com, vol. 31, no. 17, pages. 4212-4219, 2008.