A method and a system, wherein the system comprises a first server operatively coupled to a router, to receive a copy of network traffic processed by the router, a database operatively coupled to the first server, wherein the server records parsed network traffic information onto the database, and a device operatively coupled to the first server to receive alerts regarding possible denial-of-service attacks, the alerts based upon network traffic falling outside a standard deviation range. A method that comprises receiving a data packet from a network, parsing the data packet, storing data in the fields of the data packet into a database, comparing observed data set values with a historical data set values, sending an alert to a device based upon network traffic falling outside a standard deviation range, and updating the historical data set values by averaging the observed data set values with an old historical data set values.