Aiming at the problem that traditional defense schemes against Distributed Denial of Service （DDoS） attacks in Software Defined Network （SDN） tend to ignore the importance of reducing the workload of SDN， as well as do not consider the timeliness of attack mitigation， an efficient collaborative defense scheme against DDoS attacks in SDN was proposed. Firstly， the overhead of the control plane was reduced and the data plane’s resources were entirely used by offloading some of the defense tasks into the data plane. Then， if an anomaly was detected， eXpress Data Path （XDP） rules were generated to mitigate the attack promptly， and the statistical information of the data plane was handed over to the control plane to further detect and mitigate the attack， thereby improving the accuracy and further reducing the controller overhead. Finally， the rules of XDP were updated according to the anomaly source determined by the control plane. To validate the effectiveness of the proposed scheme， the Hyenae attack tool was used to generate three different types of attack data. Compared with the Support Vector Machine （SVM） scheme that relies on the control plane， the new architecture defense scheme， and the cross-plane collaborative defense scheme， the proposed scheme has the timeliness of defense improved by 33.33%， 28.57%， and 21.05%， respectively； the proposed scheme has the Central Processing Unit （CPU） consumption reduced by 33， 11， and 4 percentage points. Experimental results show that the proposed scheme can defend against DDoS attacks well and has a low performance overhead.