Abstract:Software defined network (SDN), as a novel network architecture, introduces significant flexibility through the ideas including separation between forwarding and controlling and centralized control. It also facilitates the global awareness of the network status. Distributed denial of service (DDoS) is a typical attack method. This paper focuses on the problem DDoS attack detection in SDN and proposes a DDoS attack detection method based on conditional entropy and decision tree. The proposed method used conditional entropy to evaluate the current network status. It analyzed the characteristics of DDoS attacks in SDN and extracted six key features for traffic detection. The C4.5 decision tree algorithm was utilized to classify network traffic and achieved DDoS attack detection in SDN. Experimental results show that the method presented in this paper exhibits superior detection precision and recall to other research methods. Additionally, it can significantly reduce the detection time.