A method of detecting a DoS/DDoS attack includes: acquiring traffic data of a preset service in a preset time period, wherein the traffic data is correspondence data between an overall traffic of the service and a time; acquiring an overall traffic threshold data of the service corresponding to different time intervals calculated according to historical traffic data of the service; wherein the larger the historical traffic data of the time interval, the larger corresponding overall traffic threshold data of the service; determining the time interval corresponding to the acquired traffic data, and finding the overall traffic threshold corresponding to the time interval according to the determined time interval; and comparing the traffic data with the found overall traffic threshold, and performing an attack detection to the service when a duration for which the traffic data keeps exceeding the overall traffic threshold exceeds a preset value.