One of the most harmful orchestrated cyberattacks against online services or computers on the network is the distributed denial of service (DDoS) attack. Although there are numerous ways to spot DDoS attacks, the issue is still widespread. The primary theories about this gap are discussed in this study utilizing mathematical techniques that may efficiently identify HTTP flooding DDoS attacks. This research suggested an efficient mathematical mechanism based on the tendency measurements (i.e., the skew) of the distribution packets to detect the destructive HTTP flooding DDoS packets in the incoming flows in the traffic before reaching the website. The traffic will be divided into aggregated packets based on a given time, then, each aggregated packet will be broken down into equal smaller time called events, after that those events will be divided into groups according to (equal packet size with the same inter arrival time). Using the skew value for each event, this approach will determine the chance of HTTP flooding DDoS attacks occurring within the group. If the skew value is close to value 1 or -1, it is categorized as an HTTP flooding DDoS attack; otherwise, it is considered normal. The suggested mechanism, which outperforms related literature works, yields excellent accuracy rates of 99.12%, according to experimental findings on the CIC DDoS dataset.