A method and system for detecting and mitigating (Distributed Denial of Service) DDoS attack is described herein. The present invention to monitor and detect a deviation from the server using data allows for a variety of Improved technique using a flow-based statistics collection mechanisms. The method further includes the step of coupling a number of exceptions to the algorithm-specific manner in order to improve the accuracy to identify the high-rate DDoS attack. DDoS solution comprises a two-phase approach for the detection and mitigation, and the both are operated by the local and global basis. Using a flow-based statistics collection, DDoS solution is to monitor the flow record data on an individual and aggregate level, and detecting a deviation in the traffic indicators of potential threats. Detection is based on the traffic variations (typically by calculating the sum of the weight of the result of a number of algorithms given) to determine the attack probability and the network flow state to the attack to determine whether valid address from the recognized from the compromised address and a step of collecting and analyzing data. DDoS solution can monitor the flow of data in order to quickly identify whether and when a DDoS attack is in progress to identify. Also, exceptions algorithm can be modified or reasoning to obtain the traffic deviation parameters and the probability of this attack along. Mitigation policy can be based on a predetermined probability of attacks, and allows the operator to configure the appropriate action for the attack. In one embodiment, DDoS solution it is possible to control the attack in real time without any deterioration of the performance or processing capability over a local mechanism in the line card. In another embodiment, the solution DDoS line further comprises a global mechanism, such as a software application external to the judgment of the attack based on a more global point of view into the network.