Abstract: There is an ever increasing number of services in the power system, and the traditional network architecture lacks an overall view and its control ability is not strong. The Software Defined Network（SDN） is an emerging network architecture. The application of SDN in a power system can change the static pattern of the previous power communication network and realize a real smart grid. However, the architecture of SDN is vulnerable to Distributed Denial of Service（DDoS） threats. A combination of convolutional neural network and Support Vector Machine（SVM） is used to detect attacks. Based on the features of global management of an SDN controller, the association features between adjacent switches are extracted by the controller, so that switches can cooperate in operation and detection efficiency and accuracy can be improved. In addition, a lightweight network monitoring system based on Influxdb and Grafana is designed for real-time observation of network security. A large number of data sets are obtained by simulating attacks and normal traffic, and comparing with other detection methods. The results show that the model has a higher detection rate and a lower false alarm rate, and the data can also be uploaded to the monitoring system in real time to provide managers with a view of the whole network, making the management of the network more convenient.