In　the　cloud　environment,　DDoS(distributed　denial　of　service)　attacks　may　be　more　covert,　easier　to　launch　and　potentially　larger　because　data　flow　can　be　encrypted.　A　trust-based　DDoS　attack　discovery　approach　for　the　encrypted　traffic　in　the　cloud　environment　called　TruCTCloud　is　proposed.　Firstly,　a　trust　evaluation　mechanism　is　introduced　to　filter　the　non-attack　traffic　of　legitimate　tenants　by　exploiting　signature　of　the　cloud　service　itself　with　the　other　environmental　factors,　and　then　the　sensitive　information　contained　in　legitimate　tenants＇　traffic　is　guaranteed.　Secondly,　a　traffic　classification　algorithm　based　on　the　kNN(k-nearest　neighbors)　is　proposed　to　detect　and　identify　for　the　filtered　encrypted　traffic　and　other　unencrypted　traffic,　where　five　kinds　of　characteristics　including　flow　median　of　packets　per　flow,　flow　median　of　bytes　per　flow,　percentage　of　correlative　flow,　port　growth　rate　and　source　IP　growth　rate　are　introduced　to　construct　a　Ball-tree　data　structure　of　characteristics.　Finally,　some　experiments　are　conducted　to　evaluate　the　proposed　method　in　the　OpenStack　cloud　platform.　The　results　suggest　that　our　method　can　quickly　detect　the　abnormal　traffic　or　early　traffic　of　DDoS　attack　and　effectively　protect　the　sensitive　traffic　information　of　legitimate　users　from　the　DDoS　attack.　©　2021,　Science　Press.　All　right　reserved.