The TCP SYN flooding (half-open connection) attack is a type of DDoS attack, which denies
the services by consuming the server resources. This attack prevents legitimate users
from using their desired service. The SYN flooding attack exploits the normal TCP three-way
handshake by sending stream of SYN packets to the server with spoofed IP addresses. The
detection of this attack is hard since the internet routing infrastructure cannot differenti-
ate between legitimate and spoofed SYN packets. In this paper we present a new detection
method for the SYN flooding attack based on Multifractal Detrended Fluctuation Analysis
(MFDFA) in addition to an adaptive threshold, thus we can detect the abnormal behavior in
the TCP protocol time series.