SDN adopts a centralized control method, achieving visualization and dynamism of network management, and is currently a new type of network architecture. However, at the beginning of SDN design, security issues were not considered. In the current situation where DDoS attacks are so prevalent, it is necessary to conduct research on attack detection under SDN architecture. After analyzing the SDN architecture mechanism, this article studies the location deployment of attack detection modules and designs a multi-level collaborative detection scheme for DDoS attacks. It designs an independent modeling scheme based on ensemble learning algorithms to address the problem of attack detection modeling. It extracts two sets of samples from the KDDCUP99 dataset without replacement, and uses SVM and adaBoost algorithms for independent modeling and sample combination modeling. The use of the adaBoost algorithm has a certain improvement in the classi?cation performance of samples, and modeling alone has no impact on the classi?cation performance of samples. It also shows higher classi?cation performance than the total samples on teardrop. The experimental results show that independent modeling for collaborative detection of forwarding plane and control plane has certain feasibility. This scheme starts from reducing the burden on the SDN centralized control center, providing a guarantee for e?ective network management, and has certain guiding signi?cance for attack detection of SDN architecture.