With the development of IOT, the popularization of the Internet, and the recent rapid development of 5G mobile networks, distributed denial-of-service attack (DDoS Attacks) have become more rampant and even more destructive in the Internet industry. Because of the impact of the COVID-19, people rely more on the Internet for shopping, work, etc., making the prevention of cyber attacks more important. The current mainstream method of detecting distributed denial-of-service attack (DDoS Attacks) by machine learning and deep learning. The classification models are usually placed on controller which is the part of the SDN network. The controller communicate with the switch through a secure connection necessarily, so that the attack flow cannot be diverted in a timely manner when it enters. Therefore, this paper proposes a new system architecture adding a new set of lightweight and fast classification model to the switch. In this case, we will immediately divert most of the attack traffic first, and then use the current mainstream classification method to do a second, more accurate diversion.