Lowrate Denial of Service (LDoS) attacks ,with the characteristics of low traffic transmission rate, strong concealment, burstiness and great harm, are difficult to be detected by traditional DoS detection mechanism．According to the sudden characteristics of the attack mode，the statistical abnormality of the traffic characteristics is analyzed when the router is attacked by the LDoS attack. Comparing the mean value of the router's ingress traffic with the normal threshold, a detection method based on the CUSUM (Cumulative Sum) algorithm is proposed, which is based on the mutation hypothesis test, and the accumulation and characteristics of the flow before and after the change of the arrival flow analysis．The LDoS attack is detected by comparing the accumulated sum of the analysis with the set threshold．The experiment optimizes the detection performance by adjusting the algorithm parameters．The simulation experiment platform based on NS2 shows that the method has better detection performance．