Denial of service is a common attack in the Internet which causes significant problems for both users and service providers. Distributed attack sources can be used to enlarge the attack in case of distributed denial of service (DDoS). Defending against DoS/DDoS attacks generally involves 3 different phases: prevention, detection and response. Detection, the subject of this paper, is one of the key steps in defending against DoS/DDoS attacks as the proper response will be linked to the detection alarm. A good detection technique provides short detection time, low false positive rate, and low computational overhead. This paper presents a novel technique which detects TCP based flooding attacks by using the TCP congestion window which is analysed using the cumulative sum (CUSUM). Network Simulator (NS2) is used to validate the proposed technique.