Distributed denial of service (DDoS) attack is a major threat in the field of network security. As a new type of network architecture, the logic centralization and programmability of software defined networking (SDN) provide new ideas for defending against DDoS attacks. This study designs and implements a lightweight DDoS attack detection and mitigation system in SDN. The system uses the entropy detection method and judges the abnormality through the dynamic threshold. If the dynamic threshold is abnormal, the system will use a more accurate decision tree model for detection. Finally, the controller determines the attack source by calculating the packet symmetry rate of the flow and delivers the blocking flow entry. The experimental results show that the system can respond to DDoS attacks in time. It has a high detection success rate and can effectively contain attacks.