Distributed Denial of Service attacks are becoming a serious issue for the developers and the users of the Internet. In recent times, the attackers are targeting the online applications and web services. Detecting such application level attacks are much challenging because the attack traffic mimics the legitimate behaviour. A more sophisticated mechanism is required to detect and mitigate such attacks. In this paper, a novel method for detecting application layer Distributed Denial of Service attack is proposed. Initially, web user behaviour on different perspectives is analyzed using the system log and key dimensions that are highly responsive to attacks are identified using Principal Component Analysis. The extracted key features are analyzed to fix up the appropriate thresholds for differentiating legitimate and illegitimate access. Each incoming session is examined and if found suspicious, the detection mechanism is invoked. The detection mechanism includes a score assignment mechanism which assigns the threat score based on the history and statistical analysis of the current characteristics. The sessions having acceptable score are then scheduled to get service from the server. Remaining sessions are considered malicious and dropped. The real data sets are taken for the simulation and the results are exhibited to show the efficiency of the proposed detection method. The results show that the proposed technique performs effective detection of constant flooding and repeated shot attacks with low false positives and low false negatives.