Low-rate Denial of Service （LDoS） attack is an improved form of Denial of Service （DoS） attack， which is difficult to detect due to its low average attack rate and strong concealment. To solve the above difficulty， a LDoS attack detection method based on Weighted Mean-Shift K-Means algorithm （WMS-Kmeans） under the architecture of Software-Defined Network （SDN） was proposed. Firstly， by obtaining the flow table information of OpenFlow switch， the six-tuple characteristics of LDoS attack traffic in SDN environment were analyzed and extracted. Then， the percentage error of average absolute value was used as the weight of the Euclidean distance in the mean shift clustering， and the resulting cluster center was used as the initial center of K-Means to cluster the flow table， so as to realize the detection of LDoS attacks. The experimental results show that the proposed method has high detection performance against LDoS attacks in the SDN environment， with an average detection rate of 99.29%， an average false alarm rate of 1.97% and an average missing alarm rate of 0.69%.