Software Defined Networks have emerged and developed to become a prevalent indus-try used infrastructure. The mitigation around DDoS (Distributed Denial of Service)attacks in SDN has been a big topic since the network type has come into the scopeof day to day operations. The crossfire attack is a link flooding Distributed Denialof Service attack that increases the amount of benign traffic from a massively dis-tributed botnet to congest a network link, also known as the target link. This spikein traffic is used to deplete the network resources allocated for the target link. Thisattack normally does not contain any malicious payloads, which makes detecting andmitigating more difficult. This research was inspired by the low likelihood of theability to detect and defend against a crossfire attack in software defined networksand is focused on detection and mitigation of these attacks [1]. The environmentcreated in this experiment uses SDN Switches on a specific network topology in ad-dition to the ryu controller. The random forest machine learning model was alsoutilized to dynamically analyze traffic and classify when an attack was beginning tooccur. When the classifier alerts the controller that the threshold is being reachedfor a particular target link the controller will find and deny flows from the sourcewhich has generated the most traffic and is not regularly generating traffic at sucha high rate. Denying flows closer to the source limits the impact that a flood canhave on legitimate traffic in the topology. The threshold set for the target link inthis experiment is 50 MB. The model is able to classify when an interface needs to bedenied at a rate of 90.625 percent. Considering this is a base work, accuracy couldbe improved by having additional functionality applied to the proposed design.