DoS attacks have always been one of the main threats to network security since its first appearance. Its purpose is to render the targeted host or network incapable of providing normal services. Currently, most research related to DoS attacks focuses on single intrusion detection or defense measures. In this study, we propose a DoS attack detection and defense method based on the fusion of two strategies: W-L and information entropy. It includes a firewall packet filtering defense mechanism based on abnormal IP tagging under dual granularity DoS attack detection, a multi-threshold abnormal IP tagging strategy, and a firewall packet filtering mechanism based on tagging of abnormal IP addresses. We compared this method with traditional undirected W-L graph kernel method and methods without dynamic threshold and unfrozen mechanism on three classic datasets, including UNSW-NB15. The experimental results validated the effectiveness of our proposed method.