The invention discloses a DDoS (Distributed Denial of Service) attack detection method based on chaos theory analysis, which comprises the following steps: step 1, collecting information network flowdata, and preprocessing the collected flow data; 2, establishing a network normal flow model by adopting a sequence prediction algorithm in the time sequence model; 3, performing subtraction on the network flow normal model and the network flow measurement value to obtain a corresponding new sequence, thereby obtaining an abnormal subsequence of the network flow; 4, analyzing the abnormal subsequence by adopting a Lyapunov exponent in a chaos theory, and judging the state of the system at the current moment. The technical problems that in the prior art, due to the fact that most of attack flows speak from single data, no obvious malicious feature exists, and even a legal normal request appears, the DDoS attack has great difficulty in detection, and at present, there is no effective solution to detect the DDoS attack to eradicate or reduce the brought harm can be solved.