The Software-Defined Networking (SDN) is a new network framework widely adopted in data center networks that decouples the control plane from data plane to make network management easier. In SDN, OpenFlow is a mainstream southbound communication protocol for controllers and network devices. In an OpenFlow-supported SDN network, the control plane establishes connections with switches and installs flow entries in their flow tables to direct packet forwarding. Since the flow table built with the ternary content addressable memory (TCAM) has limited space, it is possible to overflow by Denial-of-Service attacks or Flash Crowds (FCs). In this article, we present FTOP, an eviction-based system to capture anomalies and prevent flow table overflow from Low-rate Flow Table Overflow (LFTO) attacks and FCs. FTOP has four modules: Predictor, Detector, Mitigator, and Preventer. Predictor monitors network traffic and produces estimation of the flow count. Detector calculates features of all flows and detects LFTO attacks. Mitigator calculates features of each flow and evicts malicious rules. Preventer calculates the significance score for each flow and evicts the low-scored flows. We introduce random forest classifiers in attack detection and mitigation. Simulation results demonstrate the effectiveness of FTOP in preventing flow table overflow, which proves FTOP a practical solution.