In Software Defined Networking (SDN) the data plane is separated from the controller plane to achieve better functionality than the traditional networking. Although this approach poses a lot of security vulnerabilities due to its centralized approach. One significant issue is compromised SDN switches because the switches are dumb in SDN architecture and in absence of any intelligence it can be a easy target to the attackers. If one or more switches are attacked and compromised by the attackers, then the whole network might be down or defunct. Therefore, in this work we have devised a strategy to successfully detect the compromised SDN switches, isolate them and then reconstruct the whole network flow again by bypassing the compromised switches. In our proposed approach of detection, we have used two controllers, one as primary and another as secondary which is used to run and validate our algorithm in the detection process. Flow reconstruction is the next job of the secondary controller which after execution is conveyed to the primary controller. A two-controller strategy has been used to balance the additional load of detection and reconstruction activity from the master controller and thus achieved a balanced outcome in terms of running time and CPU utilization. All the propositions are validated by experimental analysis of the results and compared with existing state of the art to satisfy our claim.