Software Defined Network (SDN) is a new technology in computer network area which enables userto centralize control plane. The security issue is important in computer network to protect system fromattackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popularto degrade availability of targeted service on Internet. There are many methods to protect system fromattackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannotmitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigationwe utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodologyof sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlowcollector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modifythe rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sumcumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN floodingattack quickly and cheaply.