Massive machine type communication (mMTC) network contains massive access devices, which increases the risk of distributed denial of service (DDoS) attacks. Especially, the DDoS attack launched by hijacked devices cannot be detected through traditional cryptography-based authentication because that the hijacked devices have legitimate identities. In this letter, we propose to exploit the characteristics of access traffic at the air interface to detect this kind of DDoS attack, and then identify the suspicious devices. We analyze both the characteristics of access traffic based on MTC traffic arrival model and the random access mechanism proposed by 3GPP to construct test statistics, and propose a sequential change point detection (SCPD) scheme to test whether there are anomalies as quickly as possible. After that, we identify the hijacked devices based on the abnormal traffic. Simulation experiments confirm the effectiveness of our detection scheme.