Baseline traffic is a concept, the reference profile a thorough DDoS test is built to characterize and then attack against. It is the normal, measured shape of a service's legitimate load over time: request rates, bandwidth, connection counts, geographic distribution, protocol mix, and their daily and weekly cycles. Anomaly-based mitigation compares live traffic against this baseline to decide what is abnormal, so the quality of the baseline directly governs how accurately an attack is distinguished from a sales spike or a product launch.
Why it matters in DDoS testing
A defense that does not know normal cannot reliably recognize abnormal. A thin or stale baseline produces both misses and false alarms: real floods that look like a busy Monday, and legitimate surges flagged as attacks. A test establishes the baseline first, then layers a controlled attack on top, measuring how cleanly the mitigation separates the two under realistic mixed load.
Why this separation is central to resilience is examined in DDoS resilience testing.