Design and implementation of cloud security defense system with software defined networking technologies

摘要

In recent years, the rapid development of cloud computing and software-defined networking. Cloud security issues are more important, we hope to use the virtualization technology of cloud to implement vIDS and vFirewall so that we can according to the requirements of tenants dynamically adjust and replace hardware equipment with software to cut down the high cost. This paper proposes and we design Security Policy Decision System (SPDS) in the cloud, by using OpenStack to create multiple vIDS to detect the distributed denial of service (DDoS) attacks and combined with multiple vFirewall to filter the attack packets so that we can introduced SDN technology to distribute the flow to multiple vIDS to analyze attack packets or direct traffic elsewhere do processing. We hope to take advantage of SDN in the cloud through vIDS, SPDS (security policy decision system) and vFirewall to effectively alleviate the impact of the DDoS attack in the cloud environment.