Abstract: Software defined network SDN is a new type of network architecture that simplifies network management and better supports dynamic control of network traffic compared with traditional networks, and has been adopted by many application fields. In order to enhance the anomaly detection and defense capabilities of SDN, an anomaly detection method was proposed based on the Byzantine fault-tolerant mechanism, which was fault-tolerant for abnormal or erroneous instructions and ensured the correct delivery of the flow table. The effectiveness and safety of this method were demonstrated through theoretical analysis. Experiments show that in the SDN environment, the detection method can quickly detect abnormal network devices and reduce the false negative rate and false positive rate in SDN anomaly detec- tion.