Distributed Denial of Service (DDoS) attacks are a serious threat to Cloud. These attacks consume large amount of resources and increase the service usage cost by a significant factor. Due to multi-tenancy and self-provisioning properties of Cloud, traditional DDoS detection techniques cannot be directly applied. Hence,there is a need for Cloud-specific DDoS detection framework. In this paper, a statistical and distributed network packet filtering model is proposed against DDoS attacks in Cloud. The key idea of this scheme is to distribute multiple packet filters among individual virtual machines, which generate and share collective profile of normal behaviour with a coordinator node at constant intervals. Statistics of selected network attributes construct the normal behaviour profile. Based on the deviation from normal behaviour a decision is made whether to accept orreject the incoming packet. The coordinator node monitors filter and distribute the averaged profile to newly provisioned nodes. Individual profiles have low memory and storage requirements and are updated dynamically. Simulation study indicates the effectiveness of this scheme in detecting DDoS attacks in Cloud.