Software-defined network (SDN) is an innovative networking framework where a centralized controller manages networking administration and sorts out network traffic issues. It becomes difficult for the controller to identify the malicious user who is sending a large number of spoofed packets, such as in a distributed denial of service (DDoS) attack. To prevent DDoS attacks from damaging legitimate users, it is important to take steps to prevent them. The issue of preventing DDoS attacks in SDN remains unresolved despite many algorithms proposed. Methods presented in this paper employ bandwidth threshold estimation, which triggers the intrusion detection and prevention system (IDPS) controller if the threshold is exceeded. Whenever the threshold is exceeded due to network congestion, transferred packets are filtered at the server level by identifying the utilization of bandwidth in OpenDaylight (ODL) and POX. K-nearest neighbor (K-NN) and support vector machine (SVM) are used by the IDPS controller to detect and thwart DDoS attacks. Using Mininet, two SDN centralized controllers are simulated to improve performance significantly. Based on SVM in the ODL controller, this work has provided mitigation techniques for preventing DDoS attacks with an accuracy of 96.75% compared to previously published accuracy.