In this study, the SAnDet architecture, which can do anomaly-based intrusion detection by taking advantage of the capabilities offered by the SDN architecture, is presented and implemented as a controller application. A detailed description of this system which consists of three main modules which are statistics collector, anomaly detector, and anomaly prevention is given. More specifically, Replicator Neural Networks (RNN) which is a special variant of the autoencoder, and the EncDecAD method which is a special type of LSTM network that can produce successful results, especially in given data series, are used to identify unknown attacks using flow features collected from OpenFlow switches. In experiments, flow-based features extracted from network traffic data including different types of attacks, are given as input into models as time series. The results of the methods are calculated using the ROC and AUC metrics. Experimental results show that EncDecAD outperforms RNN. Moreover, it is demonstrated that this study has several benefits over previously conducted research.