Data mining techniques had used to detect DDoS attacks by analyzing network traffic patterns. The random forest (RF) algorithm is used as a detection model after dividing the dataset into (training data) and (test data). Encoding was utilized to initialization the data set used, which is an important step in the preprocessing process to obtain the best results the log2 algorithm is used to standardize data. In addition, the principal component analysis (PCA) technique is applied several times to reduce data dimensions. Emphasis was placed on strengthening the preprocessing step to obtain high accuracy and efficiency in the classification and detection of attacks. In this paper, the proposed model was applied to datasets (CICDDOS2019) it is extracted from CICIDS2018, the dataset has two versions, the first version is CSV files, which contain 13 different DDoS attacks, and another version is raw PCAP files. The results showed an increase in the level of accuracy when using the PCA technique to 99.9%