关键词: 云计算, 安全, 入侵防御, 软件定义网络, 控制器

Abstract: Because the traditional intrusion prevention system is connected in series in the network, the ability to deal with the intrusion is limited, and cause network congestion easily. Aiming at the problems, a cloud platform intrusion prevention scheme is designed based on software defined network(SDN). Using the programmable feature of SDN, when the intrusion detection system detects intrusion, it will transmit the intrusion information to the controller, then the controller will send security policy to virtual switch, so that it can filter the intrusion traffic and achieve the purpose of blocking intrusion behavior dynamically. A comparative analysis is mode through the experiment, the result shows that the efficiency of the intrusion detection can be improved by two times compared with the traditional intrusion prevention scheme, it has certain reference significance for the deployment of intrusion prevention scheme in cloud environment.