DDoS (Distributed Denial of Service) attack is the main cause for interrupting the requests of users. DDoS uses more than one IP addresses. It makes botnets (machines that are affected with malware), through which interruption of a service begins and the requests are either denied or delayed to the legitimate users. A protocol is introduced in [DDoS Attack Detection Method Based on Network Abnormal Behavior in big data environment, CoRR, vol. abs/1903.11844, 2019] for the detection of DDoS in which a threshold is defined for detection of illegitimate users. We exhibited simulating of the protocol using a model checker UPPAAL and formally verified the functional requirements of the protocol to determine the system’s accuracy.