Pulsing denial-of-service(PDoS)attack is a new class of DoS attack, which exploits the deficiencies of the minimum retransmission time out (RTO) of TCP to send out short bursts of attack packets to a victim. Because of its low rate, it can elude traditional high rate detection mechanism. This paper proposes a two-step detection approach based on Mallat wavelet transform and CUSUM (Cumulative Sum) algorithms. First, it extracts the characteristic of PDoS attack based on Mallat wavelet transform. Then, the CUSUM algorithms can cumulate the small offsets to enhance the detection sensitivity. In the end, for the defect of the CUSUM algorithms,it puts forward improved CUSUM algorithms to decrease the ratio of false alarm. The two-step detection approach can detect PDoS attack accurately and effectively.