This paper presents a fast and large-scale monitoring system for detecting one of the major cyber-attacks, Distributed Denial of Service (DDoS). The proposed system monitors the packet traffic on a subnet of unused IPs called darknet. Almost all darknet packets are originated from malicious activities. However, it is not obvious what traffic patterns DDoS attacks have. Therefore, we adopt a classifier and train it with traffic features of known DDoS attacks using 80/TCP and 53/UDP packets which can be labeled based on the header information and payloads. The proposed system consists of the two parts: pre-processing and classifier. In the pre-processing part, darknet packets for 30 seconds are transformed into a feature vector which consists of 17 traffic features on darknet traffic. As for the classifier part, we adopt Resource Allocating Network with Locality Sensitive Hashing (RAN-LSH) in which data to be trained are selected by using LSH and fast online learning is actualized by training only selected data. The learning of RAN-LSH is carried out not only with the training data for 80/TCP and 53/UDP packets but also with new training data labeled by a supervisor. The performance of the proposed detection system is evaluated for 9,968 training data obtained from 80/TCP and 53/UDP packets and 5,933 test data obtained from darknet packets with other protocols and source/destination ports. The results indicate that the proposed system detects backscatter packets caused by DDoS attacks accurately and adapts to new attacks quickly.