The software-defined network paradigm has reduced the cost of network management. Protecting the availability of such networks is critical to promoting the quality of their services. In this work, we introduce an unsupervised system for detecting and mitigating distributed denial of service attacks, a recurrent threat to network availability. The solution uses address and port entropy features along with the f-AnoGAN model. The proposed system achieves higher detection efficiency in the public benchmark dataset CIC-DDoS2019 compared to state-of-the-art alternatives, such as BiGAN and FID-GAN. The mitigation module drops most DDoS flows, forwarding the majority of legitimate packets.