云环境下SDN的流量异常检测性能分析

随着复杂的混合云网络逐渐成为云计算发展的瓶颈，软件定义网络(SDN)技术近年来成为学术界和工业界关注的热点。在网络安全领域，对于应用SDN来解决网络攻击的研究尚处于起步阶段，SDN是否能够高效检测来自内部的网络攻击尚无定论。针对该问题，在分析SDN技术框架的基础上，设计基于OpenStack的云环境实验方案。在传统云环境网络和SDN环境下同时测试2种流量异常检测算法，模拟Flood攻击和端口扫描攻击，分析SDN在检测攻击时的精确度和资源使用率。结果表明，在云环境下利用SDN检测内部威胁时比传统网络环境占用更少的物理内存而不影响精确度，但直接在SDN控制器上部署安全应用的方式也存在性能瓶颈。

Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network

The increasing complexity of hybrid cloud networks becomes a bottleneck of cloud computing. As a potential solution, SDN has gained great attentions from both industry and academia, especially in the network security domain. Research on utilizing SDN in network attack detection is still in its inception phase. Specifically, it has not been evaluated whether SDN can efficiently detect internal network attacks in a cloud environment. In this research we implement both SDN and traditional network infrastructures based on OpenStack platform. We simulate both flood and port-scan attacks and utilize two types of traffic anomaly detection algorithms. Experiment results indicate that the SDN method shows better performance in memory usage without degrading its accuracy, while it also suffers performance bottleneck when directly deployed into SDN controllers.