In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.