Despite the many research activities that are performed in the field of attack prevention, detection, and mitigation, largescale attacks like Distributed Denial-of-Service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based business today. This paper outlines new mechanisms that facilitate a distributed real-time in-network attack detection. In addition, the foundations for a meaningful evaluation of large-scale detection mechanisms by means of simulations are laid.