<![CDATA[Software Defined Network (SDN) is one of the technological developments in computer networks. Today's computer networks generally use many network devices, where each network device has 2 functionalities, called control plane and forwarding plane. The separation of the two functions through SDN technology has the advantage of having a centralized control plane design is to make configuration and management easier. However, there is also a challenge in the form of a single point of failure that is vulnerable to Distributed Denial of Service (DDoS) attacks. Therefore, SDN requires an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) to be able to detect and prevent DDoS attacks. This study aims to determine the level of accuracy and length of time to detect (Mean Time To Detect), as well as length of time to mitigate (Mean Time To Respond) in dealing with variations of DDoS attacks on SDN topology. This study detects in two ways, first using a signature and anomaly which will adopt the Deep Neural Network model to classify, recognize the types and patterns of DDoS attacks from a dataset with several features. The results of simulation testing with 3 types of attacks, namely ICMP Flood, SYN Flood and UDP Flood on SDN, detection with signature-IDS get MTTD and MTTR results of 7.2475 seconds and 11.74 seconds for ICMP attacks, 26.995 seconds and 11.00 seconds for SYN attacks, 20.49 seconds and 3.00 seconds on a UDP attack. While the anomaly-IDS detection does not use calculations based on MTTD and MTTR because the workings of the system can only classify per packet. So it is calculated based on the level of misclassification of the attack packet (False Negative), namely 7 packets out of 445 packets for ICMP attacks, 557 packets out of 940 packets for SYN attacks, and 2 packets out of 3120 packets for UDP attacks. Therefore, for Anomaly-IDS using the Deep Neural Network model, is still yet optimal and needs to be researched and developed further.]]>
