Cloud Computing provides an auto-scaling feature for dynamic resource utilization to cope with their customers’ requirements and charge as ‘pay-per-use’. Attackers get the benefit of this auto-scaling feature by flooding DDoS attacks on the VMs or instances in the cloud environments. Such DDoS attacks give financial damages to the customers because of massive amount of resource utilization, known as the Economic Denial of Sustainability (EDOS) attack. Transmission Control Protocol (TCP) SYN flooding attack is known to be the most challenging attack resulting EDOS attack. Software Defined Network (SDN) being a cost-efficient solution for cloud service providers, uses the OpenFlow switches and flow tables to make rules for each incoming flow. In SDN, it is feasible to classify an incoming flow as an attack and block forwarding of this flow to the targeted VM. This research work proposes an SDN based fast and computationally cost-efficient statistical anomaly detection model, named EDOS-TCP SYN mitigation model (EDOS-TSM) to mitigate TCP SYN flooding attack from a single user and spoofed IPs. EDOS-TSM uses binomial probability, TTL field value of IP packet header and multi-TCP SYN requests to detect source-based and spoofing based attacks. The proposed model is implemented, and the performance is evaluated on an OpenStack production-based cloud with real-time traffic and attack generation. The attack mitigation results are compared with existing models in the literature. The results show a large number of false negatives in existing models and efficiency of EDOS-TSM is proved in both source based and spoofing attacks.