e its inception in the mid-1990s DDoS (distributed denial-of service) is one of the oldest and most rapidly evolving cybercrime vec tors which is used as a crude tool for electronic mischief [1]. Any net work can be brought to a standstill by volumetric distributed denial of-service (DDoS) attacks. Because of their widespread distribution and huge volume [2] which will cause catastrophic results. Several re cent research were able to divide DDoS traffic into two classes, based on the pattern and based on anomalies.[3] In fact DDoS is a major issue in network security and a threat to service providers. Defending or defeating a DDoS attack is a major issue. DDoS renders a ser vice inaccessible for a period of time. This behavior is detrimental to service providers, resulting in a loss of revenue. As a result, defeat ing DDoS is a huge task. There are several mechanisms in place to guard against DDoS attacks. In general, the DDoS defense mecha nism is classified into four main categories: attack prevention, attack detection, attack source identification, and attack reaction.[4] On the other hand, the number of Internet of Things (IoT) devices, has de veloped rapidly in recent years. Never less, when making these IoT it is proved that security on these devices is frequently disregarded. As a result, attackers now have a stronger motivation to exploit IoT devices in different attacks especially when using them as Botnets for DDOS attacks. As the number of assaults that can be launched against a network grows, traditional intrusion detection systems (IDS) find it more difficult to keep up.[13] Our aim is finding the optimal volumetric DDOS attack detection method by using different ways and comparing them including machine learning, and heuristics rules (lightweight algorithm) with different protocols: ICMP, UDP, TCP,...