The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The present disclosure provides an apparatus and a method for handling a network attack in a software defined network (SDN). The method for handling a network attack in an SDN according to various embodiments of the present disclosure includes detecting a first candidate of the network attack in a flow during a first time interval, in response to detecting the first candidate, changing quality of service (QoS) of the flow from first QoS to second QoS, detecting a second candidate of the network attack in the flow of the second QoS during a second time interval following the first time interval, and in response to detecting the second candidate, blocking the flow. The apparatus and the method according to various embodiments of the present disclosure may gradually block a network attack through multiple levels, to thus reduce the probability of determining a wrong network attack and to lower a recovery cost for network failure. Therefore, the apparatus and the method according to various embodiments of the present disclosure enable efficient network management.