Many efforts have been devoted to the development of efficient Network Intrusion Detection System (NIDS) using machine learning approaches in Software-defined Network (SDN). Unfortunately, existing solutions failed to detect real-time and zero-day attacks due to their limited throughput and prior knowledge-based detection. To this end, we propose Griffin, a NIDS that uses unsupervised machine learning expertise to detect both known and zero-day intrusion attacks in real-time with high accuracy. Specifically, Griffin uses an efficient feature extraction framework to capture the sequential features of the traffic packets. Then, it utilizes cluster analysis to reduce the feature scale to achieve low throughput. Moreover, an ensemble autoencoder is built automatically to further extract features with low complexity and high precision to train the model. We evaluate the accuracy, robustness, and complexity of the system using open datasets. The result shows that Griffin’s complexity is about 40% lower, and its accuracy is at most 19% higher than existing NIDS.Additionally, even in the situation with evasion, the Griffin has at most 9% decrease of AUC, which is a good performance compared with other solutions. Furthermore, this paper also utilizes the differential privacy framework during training autoencoders to protect datasets’ privacy which is inherent in machine learning approaches.