Distributed denial of service (DDoS) attacks have always been a concern of cyber experts. To detect DDoS attacks, several methods can be used. One of the methods used in this research is the n-gram technique. The n-gram approach analyzes the payload of data packets that enter the network to obtain attack patterns. Data is captured and analyzed, after which it is compared with clean data packets. The chi-square distance value close to 1 indicates that the two packages are very similar so that the data packet is not an attack. A deal less than one means the data packet is categorized as an attack. In this research, the threshold for determining the attack level can be lowered to obtain a very high detection accuracy. As a result, the 2-gram technique has a detection accuracy rate with the lowest false positive value of around 13%, with the highest actual positive ratio reaching 99.98%.

chi-square distance; DDoS; malware; N-grams; payload;