SDN(Software Defined Networking) has been considered as a new future computer network architectureand DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture,we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If theBacklog queue of the certain server is occupied over 70%, the sFlow performs packet sampling withthe server address as the destination address. To distinguish between the attacker and the normal user,we use the source address. We decide the SYN packet threshold using the remaining Backlog queuethat possible to allow the number of connections. If certain sources address send the SYN packet overthe threshold, we judge that this address is attacker. The controller will modify the flow table entryto block attack traffics. By using this method, we reduce the resource consumption about the unnecessarymonitoring and the protection range is expanded to all switches. The result achieved from our experimentshow that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.