Denial-of-service (DOS) is a type of computer attack, which can essentially disable computers and networks. Resource consumption type of DOS attack could not be detected by the traditional misuse detection technique. This paper presents a new method of support vector mchine (SVM) to detect these attacks. We find that a DOS attack to a host is related to the activities within an impact data set of the host. The SVM method is used to classify the subsets of an impact data set to estimate its anomalism. The experiment result shows that this method can detect resource consumption type of DOS attacks, such as SYN-flood, Smurf and UDP-storm. A receiver operating characteristic curve is plotted to determine performance for any possible operating point of the DOS attacks detection. Denial-of-service (DOS) is a type of computer attack, which can essentially disable computers and networks. Resource consumption of DOS attacks could not be detected by the traditional misuse detection technique. This paper presents a new method of support vector mchine (SVM) to detect these attacks. We find that a DOS attack to a host is related to the activities within an impact data set of the host. The SVM method is used to classify the subsets of an impact data set to estimate its anomalism. The experiment result shows that this method can detect resource consumption type of DOS attacks, such as SYN-flood, Smurf and UDP-storm. A receiver operating characteristic curve is plotted to determine performance for any possible operating point of the DOS attacks detection.