隨著網路發展的迅速演進，資訊的產生也變得更加快速且巨量，舉凡網路安全、雲端儲存及雲端運算等，其共同特徵便是需要處理非常大量的資訊，但舊有的傳統網路架構已逐漸無法滿足現今的網路需求，而如今網路功能虛擬化的應用變得越來越廣泛，傳統網路架構也將面臨來自新興軟體定義網路架構及雲端服務的挑戰。
在現代的網路安全架構中，傳統防火牆已經無法滿足現今複雜網路部署的安全需求。而入侵檢測提供了對內部和外部攻擊的即時保護，其安全防護技術具積極主動之特性，也因此隨著網路結構的越趨複雜化，更顯示出其重要性。而在以入侵檢測為核心的防禦機制當中，基於規則導向的入侵檢測防禦機制能透過抓取網路上往來的封包，對取得的封包進行解封裝，從入侵者的攻擊行為模式及封包特徵來加以分析並比對特徵資料庫，以進行維護網路安全的目的。然而在分析的過程當中，若面臨到會產生巨大流量的攻擊時，由於需要鏡像攻擊的流量以抓取分析封包，因此可能造成產生出雙倍甚至更多的流量至系統當中，進而導致系統負載過高而癱瘓。
而在本研究所提出的系統架構中，透過軟體定義網路架構的網路設定可程式化的特性，以自動產生OpenFlow規則的方式來設定網路安全的配置， 在軟體定義的環境下根據網路負載狀況來分配流量的轉發，並搭配開源入侵檢測軟體Snort的監控及分析，以達到維護網路安全效能的目的。

With the rapid evolution of network development, information producing has become more rapidly and massively. The co-feature of network security, cloud storage and cloud computing is that they all need to deal with very large amounts of information, but nowadays, the traditional network infrastructure has gradually unable to satisfy the needs of today's network requirements. The applications of network functions virtualization become more widespread now, the traditional network architecture constantly needs to face the challenges coming from emerging software-defined networking (SDN) architecture and cloud services.
In modern network security architecture, traditional firewall cannot fully satisfy the security needs of the complex network deployment. IDS (Intrusion Detection System) provides real-time protection against the internal attacks and external attacks. The security technology of IDS has active properties, therefore, it shows its importance in the increasingly complicated network structure. In the core of defense mechanisms based on intrusion detection, the rules-based intrusion detection and prevention mechanisms can crawl packets pass on the network and de-encapsulate them. Then, the defense mechanism will analyze the aggressive behavior of the invaders and the characteristics of the packets, and compare to the feature library, in order to achieve the purpose of maintaining network security. However, in the process of analyzing traffic, it sometimes needs to face to enormous attack traffic. In the meantime, the need to mirror the attack traffic in order to analysis could result in generating double or even more traffic to the system, and this excessive load may lead to paralyzing of the system.
In the proposed method, SDN architecture is used to generate OpenFlow rules and set network security configuration automatically. By allocating the traffic according to the condition of network load under SDN environment, and with the ability of the open source intrusion detection software, Snort, to monitor and analysis the network, in order to achieve the purpose of maintaining network security.

Open Networking Foundation, “Software-Defined Networking: The New Norm for Networks,” ONF White Paper, April , 2012.
Nunes, B.A.A.; Mendonca, M.; Xuan-Nam Nguyen; Obraczka, K.; Turletti, T., "A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks," Communications Surveys & Tutorials, IEEE , vol.16, no.3, pp.1617,1634, Third Quarter 2014.
W. Stallings: "Software-Defined Networks and OpenFlow", in The Internet Protocol Journal, Cisco, vol. 16, no 1, pp. 2-14, March, 2013.
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J. Turner, “OpenFlow: Enabling Innovation in Campus Networks,” ACM SIGCOMM Computer Communication Review, vol. 38, pp. 69–74, March 2008.
R. Bifulco and G. Karame, “Towards a richer set of services in software-defined networks,” in Proceedings of the NDSS Workshop on Security of Emerging Technologies (SENT), 2014.
Khondoker, R.; Zaalouk, A.; Marx, R.; Bayarou, K., "Feature-based comparison and selection of Software Defined Networking (SDN) controllers," Computer Applications and Information Systems (WCCAIS), 2014 World Congress on , vol., no., pp.1,7, 17-19 Jan. 2014.
Y. Yu, C. Qian and X. Li "Distributed and collaborative traffic monitoring in software defined networks", Proc. 3rd Workshop Hot Topics Softw. Defined Netw., pp.85-90, 2014.
Giroire, F.; Moulierac, J.; Phan, T.K., "Optimizing rule placement in software-defined networks for energy-aware routing," Global Communications Conference (GLOBECOM), 2014 IEEE , vol., no., pp.2523,2529, 8-12 Dec. 2014.
Software-Defined Networking: The New Norm for Networks, https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf，retrieved date：2016/7/2.
Lara, A.; Ramamurthy, B., "OpenSec: A framework for implementing security policies using OpenFlow," Global Communications Conference (GLOBECOM), 2014 IEEE , vol., no., pp.781,786, 8-12 Dec. 2014.
Kampanakis, P.; Perros, H.; Beyene, T., "SDN-based solutions for Moving Target Defense network protection," A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on , vol., no., pp.1,6, 19-19 June 2014.
Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan, "Openflow random host mutation: transparent moving target defense using software defined networking," In Proceedings of the first workshop on Hot topics in software defined networks (HotSDN '12), 2012 ACM, pp. 127-132, 13-17 Aug 2012.
Lim, S.; Ha, J.; Kim, H.; Kim, Y.; Yang, S., "A SDN-oriented DDoS blocking scheme for botnet-based attacks," Ubiquitous and Future Networks (ICUFN), 2014 Sixth International Conf on , vol., no., pp.63,68, 8-11 July 2014.
Belyaev, M.; Gaivoronski, S., "Towards load balancing in SDN-networks during DDoS-attacks," Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), 2014 First International , vol., no., pp.1,6, 28-29 Oct. 2014.
Ashraf, J.; Latif, S., "Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques," Software Engineering Conference (NSEC), 2014 National , vol., no., pp.55,60, 11-12 Nov. 2014.
Yannan Hu; Wang Wendong; Gong Xiangyang; Liu, C.H.; Xirong Que; Shiduan Cheng, "Control traffic protection in software-defined networks," Global Communications Conference (GLOBECOM), 2014 IEEE , vol., no., pp.1878,1883, 8-12 Dec. 2014.
Pena, J.G.V.; Yu, W.E., "Development of a distributed firewall using software defined networking technology," Information Science and Technology (ICIST), 2014 4th IEEE International Conference on , vol., no., pp.449,452, 26-28 April 2014.
Y. Yu, C. Qian and X. Li "Distributed and collaborative traffic monitoring in software defined networks", Proc. 3rd Workshop Hot Topics Softw. Defined Netw., pp.85 -90, March 2014.
Namal, S.; Ahmad, I.; Gurtov, A.; Ylianttila, M., "SDN Based Inter-Technology Load Balancing Leveraged by Flow Admission Control," Future Networks and Services (SDN4FNS), 2013 IEEE SDN for , vol., no., pp.1,5, 11-13 Nov. 2013.
C. Gong and K. Sarac, “Toward a Practical Packet Marking Approach for IP Traceback,” International Journal of Network Se-curity (IJNS), vol. 8, no, 3, pp. 271– 281, May 2009.
Yufei Gu; Yangchun Fu; Prakash, A.; Zhiqiang Lin; Heng Yin, "Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting," Cloud Computing, IEEE Transactions on , vol.2, no.4, pp.380,394, Oct.-Dec. 1 2014.
Osanaiye, O.A., "Short Paper: IP spoofing detection for preventing DDoS attack in Cloud Computing," Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on , vol., no., pp.139,141, 17-19 Feb. 2015.
Dabbagh, M.; Ghandour, A.J.; Fawaz, K.; Hajj, W.E.; Hajj, H., "Slow port scanning detection," Information Assurance and Security (IAS), 2011 7th International Conference on , vol., no., pp.228,233, 5-8 Dec. 2011.
Soniya, B.; Wiscy, M., "Detection of TCP SYN Scanning Using Packet Counts and Neural Network," Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on , vol., no., pp.646,649, Nov. 30 2008-Dec. 3 2008.
Y. Hu, W. Wendong, G. Xiangyang, C. H. Liu, X. Que and S. Cheng, "Control traffic protection in software-defined networks," Global Communications Conference (GLOBECOM), 2014 IEEE, Austin, TX, 2014, pp. 1878-1883.
M. G. Ionită and V. V. Patriciu, "Biologically inspired risk assessment in cyber security using neural networks," Communications (COMM), 2014 10th International Conference on, Bucharest, 2014, pp. 1-4.
T. Chin, X. Mountrouidou, X. Li and K. Xiong, "An SDN-supported collaborative approach for DDoS flooding detection and containment," Military Communications Conference, MILCOM 2015 - 2015 IEEE, Tampa, FL, 2015, pp. 659-664.
R. Hilden and K. Hätönen, "A Method for Deriving and Testing Malicious Behavior Detection Rules," Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 1337-1342.
Peng Xiao, Wenyu Qu, Heng Qi, Yujie Xu and Zhiyang Li, "An efficient elephant flow detection with cost-sensitive in SDN," Industrial Networks and Intelligent Systems (INISCom), 2015 1st International Conference on, Tokyo, 2015, pp. 24-28.
Y. Liu, Q. Liu, P. Liu, J. Tan and L. Guo, "A factor-searching-based multiple string matching algorithm for intrusion detection," Communications (ICC), 2014 IEEE International Conference on, Sydney, NSW, 2014, pp. 653-658.
W. Yu, Guobin Xu, Zhijiang Chen and P. Moulema, "A cloud computing based architecture for cyber security situation awareness," Communications and Network Security (CNS), 2013 IEEE Conference on, National Harbor, MD, 2013, pp. 488-492.
R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," Local Computer Networks (LCN), 2010 IEEE 35th Conference on, Denver, CO, 2010, pp. 408-415.
Soniya, B.; Wiscy, M., "Detection of TCP SYN Scanning Using Packet Counts and Neural Network," Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on , vol., no., pp.646,649, Nov. 30 2008-Dec. 3 2008.
S. Gorlatch, T. Humernbrum and F. Glinka, "Improving QoS in real-time internet applications: from best-effort to Software-Defined Networks," Computing, Networking and Communications (ICNC), 2014 International Conference on, Honolulu, HI, 2014, pp. 189-193.
N. Khamphakdee, N. Benjamas and S. Saiyod, "Improving Intrusion Detection System based on Snort rules for network probe attack detection," Information and Communication Technology (ICoICT), 2014 2nd International Conference on, Bandung, 2014, pp. 69-74.
Y. Zhou et al., "A Load Balancing Strategy of SDN Controller Based on Distributed Decision," 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, 2014, pp. 851-856.
W. Yong, T. Xiaoling, H. Qian and K. Yuwen, "A dynamic load balancing method of cloud-center based on SDN," in China Communications, vol. 13, no. 2, pp. 130-137, Feb. 2016.
R. Tu, X. Wang, J. Zhao, Y. Yang, L. Shi and T. Wolf, "Design of a load-balancing middlebox based on SDN for data centers," 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Hong Kong, 2015, pp. 480-485.
A. Craig, B. Nandy, I. Lambadaris and P. Ashwood-Smith, "Load balancing for multicast traffic in SDN using real-time link cost modification," 2015 IEEE International Conference on Communications (ICC), London, 2015, pp. 5789-5795.
W. K. Hsieh, W. H. Hsieh, J. L. Chen, F. Y. Chou and Y. S. Lee, "Load balancing virtual machines deployment mechanism in SDN open cloud platform," 2015 17th International Conference on Advanced Communication Technology (ICACT), Seoul, 2015, pp. 329-335.
R. Yasunaga, Y. Nakayama, T. Mochida, Y. Kimura, T. Yoshida and K. i. Suzuki, "Optimal load balancing method for symmetrically routed hybrid SDN networks," 2015 21st Asia-Pacific Conference on Communications (APCC), Kyoto, 2015, pp. 234-238.
M. Belyaev and S. Gaivoronski, "Towards load balancing in SDN-networks during DDoS-attacks," Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), 2014 International, Moscow, 2014, pp. 1-6.
Z. Trabelsi and S. Zeidan, "IDS performance enhancement technique based on dynamic traffic awareness histograms," Communications (ICC), 2014 IEEE International Conference on, Sydney, NSW, 2014, pp. 975-980.
J. Ashraf and S. Latif, "Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques," Software Engineering Conference (NSEC), 2014 National, Rawalpindi, 2014, pp. 55-60.
A. Kalliola, K. Lee, H. Lee and T. Aura, "Flooding DDoS mitigation and traffic management with software defined networking," Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on, Niagara Falls, ON, 2015, pp. 248-254.
H. Wang, L. Xu and G. Gu, "FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks," Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 239-250.
R. Munir, M. R. Mufti, I. Awan, Y. F. Hu and J. P. Disso, "Detection, Mitigation and Quantitative Security Risk Assessment of Invisible Attacks at Enterprise Network," Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on, Rome, 2015, pp. 256-263.
R. Tu, X. Wang, J. Zhao, Y. Yang, L. Shi and T. Wolf, "Design of a load-balancing middlebox based on SDN for data centers," Computer Communications Workshops (INFOCOM WKSHPS), 2015 IEEE Conference on, Hong Kong, 2015, pp. 480-485.
Lei Zhang, Guochu Shou, Yihong Hu and Zhigang Guo, "Deployment of Intrusion Prevention System based on Software Defined Networking," Communication Technology (ICCT), 2013 15th IEEE International Conference on, Guilin, 2013, pp. 26-31.
N. Jongsawat and J. Decharoenchitpong, "Creating behavior-based rules for snort based on Bayesian network learning algorithms," Science and Technology (TICST), 2015 International Conference on, Pathum Thani, 2015, pp. 267-270.
https://en.wikipedia.org/wiki/Fat_tree，retrieved date：2016/7/2.