Abstract:Detection Distributed Denial of Service Attack (DDoS) becomes a crucial process for the commercial organization that using the internet these days. Different approaches have been adopted to process traffic information collected by a monitoring stations to distinguish the misbehaving of malicious traffic of DDoS attacks in Intrusion Detection Systems (IDS).. In this paper, we present multi-clustering method called “MCDDM” detect a real-world DDoS attacks collected from “CAIDA UCSD " DDoS Attack 2012 Dataset” and normal traffic traces from “CAIDA Anonymized Internet Traces 2014 Dataset” using combination of ( k-means ,K-fast means , K-medoid ) data mining clustering techniques. “MCDDM” method are used to effectively detect new DDoS attack from unlabeled dataset . The Result of experiments shows that the “MCDDM” method perform better than the cluster method if they used lonely in term of Davies Bouldin Index the proposed solution obtains very low Davies Bouldin Index (-0.666) .