This paper introduces a novel approach for detecting the participation of a protected end-user or IoT device in Distributed Denial of Service attacks. With this purpose, traffic flows are inspected at source-side looking for discordant behaviors. In contrast to most previous solutions, the proposal assumes the non-stationarity and heterogeneity of the emerging communication networks, which demands a more complex analytical environment. This has led to delegate the analytic tasks to a dedicated data processing layer, where advanced feature extraction, pattern recognition, prediction and adaptive thresholding capabilities operate. The proposal relies on a sophisticated knowledge acquisition architecture enabled to operate on 5G environments, in this way supporting the leading-edge technologies it implements and being compatible with defensive self-organizing schemes. The effectiveness of the proposal has been proven by analyzing traffic from 62 network devices of different nature with different behavioral profiles, being able to accurately distinguish their normal activities from malicious traffic injections.