There is a transformation of the traditional network into Software Defined Networking (SDN) which is an outstanding developing area recently. Among the most exciting features of SDN are the remarkable control over network infrastructure and decoupling of control and data plane. Although it helps more flexible network management, SDN should be considered current and upcoming security threats associated with its deployment. One of them is the DDoS attack which is a malicious attempt to bring down networks, applications, or services by overwhelming these resources with too much data or impairing them in some other ways. In SDN, we can offer or change the network functions or behavior program by monitoring controller to realize DDoS attacks. This paper presents an approach of DDoS attack detection in SDN environment by utilizing the entropy metric with consideration of differences in host role profile to suspect under-attack state, we also deal with time factor in information collecting activities. Then, a statistical method is used for investigating flow information sent from OpenFlow switches to confirm the previous suspicion.
