The Network Intrusion Detection Systems (NIDS) with machine learning in SDN become increasingly popular solutions. NIDS uses abnormal traffic detection to identify unknown network attacks. Most of today's abnormal traffic detection systems are supposed to continuously update the recognition model in time based on the features from newly collected packets to accurately identify unknown network attack behaviors. However, those existing solutions always require a large number of packets to train the recognition model offline. That means it is impossible to accurately detect the emergence of new cyber-attacks immediately. This paper proposes Griffin, a per-packet anomaly detection system that can dynamically update the training model based on neural networks. The Griffin is executed in SDN environment, utilizing a novel ensemble of autoencoders to collectively filter out abnormal traffic from normal traffic. Meanwhile, the autoencoders are updated based on the root mean square error to adjust the training model. The adjustment is done in an unsupervised manner, which needs no expert to label the network traffic or update the model from time to time. Our evaluations, with the open Datasets provided by Yisroel Mirsky, show that Griffin's time delay is around 0. 1s and its accuracy is 98%. Moreover, we also compare Griffin with other four similar NIDSs and find that Griffin performs the best in terms of Matthews Correlation Coefficient and complexity.