The invention provides a malicious scanning defense method based on adaptive IP address conversion, applied to an SDN. The method comprises the following steps: 1) in the case of a scanning attack, sampling a request data packet from each subnet of the SDN, and analyzing the request data packet to generate statistical data within different time intervals; 2) calculating the distribution of a source IP address, a destination IP address and a destination port number within each time interval according to the statistical data; 3) calculating the Sibson entropy of the same distribution of the source IP addresses, the destination IP addresses and the destination port numbers within adjacent time intervals, and judging a scanning attack strategy accordingly; and 4) generating an IP address transfer strategy according to the scanning attack strategy, and implementing virtual IP address conversion according to the IP address transfer strategy. Meanwhile, the invention further provides a system for implementing the method. The system comprises constructing a controller, hopping proxy and detection proxy in the SDN architecture for implementing the steps in the method.