Aiming at the problem that System Wide Information Management (SWIM) system is affected by Distributed Denial of Service (DDoS) attacks in the application layer, a detection approach of SWIM application layer DDoS attack based on Hidden Semi-Markov Model (HSMM) was proposed. Firstly, an improved forward-backward algorithm was adopted, and HSMM was used to establish dynamic anomaly detection model to dynamically track the browsing behaviors of normal SWIM users. Then, normal detection interval was obtained by learning and predicting normal SWIM user behaviors. Finally, access packet size and request time interval were extracted as features for modeling, and the model was trained to realize anomaly detection. The experimental results show that the detection rate of the proposed approach is 99.95% and 91.89% in the case of attack 1 and attack 2 respectively. Compared with the HSMM constructed by fast forward-backward algorithm, the detection rate is improved by 0.9%. It can be seen that the proposed approach can effectively detect the application layer DDoS attacks of SWIM system.