Traditional network situation assessment methods cannot effectively evaluate the distributed denial of service (DDoS) attack security situation in the new network environment. We propose a DDoS attack security situation assessment model based on improved fuzzy C-means (FCM) clustering. This model generates a fusion feature gained from network flow IP address changes of old and new users and unilateral and bilateral network flow, and calculates the risk indexes of each network node on the basis of the fusion feature. The security situation information of the whole network can be obtained by fusing the risk indexes of all the nodes in the network, which is then classified into five security levels by the improved FCM. The DDoS attack security situation of the whole network therefore can be quantitatively evaluated by the proposed model. Experiments on real DDoS data show that the proposed model can assess the DDoS attack security situation reasonably and effectively, and it is more flexible and accurate than existing methods.