One of the important problems of network security is availability. One of the most common threats to the network access are DDoS attacks. Identifying and preventing these attacks is the main purpose of this article. For this purpose, the data and methods of the KDD CUP 99 cluster were selected for their analysis. As the main methods of analysis, algorithms were chosen k-means and EM (pp.98-107).