The distributed denial of service (DDoS) attack is one of the most destructive attacks in the network environment. Existing attack detection algorithms based on machine learning often use the eigenvalues of a time to be classified to perform classification. However, the correlation with the features of its adjacent time is not taken into account. The false positive rate and false negative rate therefore are high. We propose a DDoS attack detection method based on hidden Markov model (HMM) time series prediction and chaos model. Aiming at the burstiness of mass attack traffic, we firstly define the network traffic weighted features (NTWF) and network flow average rate (NFAR) to describe the features of network traffic. Then, we use the hierarchical clustering algorithm to classify training sets to get the hidden layer state (HLS) sequences. We employ the NTWF sequence and HLS sequence to conduct supervised learning of the HMM, and predict the NTWF sequence by the state transition matrix and confusion matrix obtained before. Finally, we analyze the prediction error of NTWF sequences by the chaotic model, which is combined with the NFARbased rules, to distinguish attack behavior. Experimental results show that compared with similar methods, the propose method has lower false positive rate and false negative rate.