DDoS is one of the biggest threat in the network. Using the proper countermeasure will notably improve the security level of the target network and/or target system. Existing security evaluation methods don't provide sufficient support for countermeasure selection. To solve the problem, this paper builds a DDoS countermeasure selection model (DCSM), and then proposes the DDoS countermeasure selection method. The method not only takes advantage of multi-attribute decision making theory to evaluate multi- dimension metrics, but also uses historical attack preference based method and entropy method to calculate the weight from both attack and defense perspectives, thus reducing the subjective factors in conventional methods. The correctness and the applicability of the method are validated by the experiments.