The Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently there are an increasing number of DDoS attacks against online services and Web applications. However the memory-less feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. These attacks are targeting the application level. Detecting application layer DDOS attack is not an easy task. In this paper, the authors propose a novel trace back method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic which is fundamentally different from commonly used packet marking techniques.