Abstract: Software-Defined Networks (SDN) proposes a new architectural idea, but the controller is vulnerable to Distributed Denial of Service (DDoS) attacks and causes resource exhaustion. To solve the above problems, a DDoS attack detection algorithm based on Support Vector Machine (SVM) in SDN environment—RF-SVM is proposed. First, it selects the associated six-dimensional features based on the characteristics of classification and DDoS attacks combined with data packet header information. Then, it uses random forest to calculate feature weights and filter features to obtain an optimal feature subset. Finally, it uses SVM algorithm to detect DDoS attacks to achieve better classification performance. The experimental results in the same scene show that the RF-SVM algorithm has higher detection rate, recall rate and F₁ value than SVM algorithm and RF algorithm.