With SDN increasingly becoming an enabling technology for NFV in the cloud, many virtualized network functions need to monitor the network state in order to function properly. An outdated network view at the controllers can impact the performance of those virtualized network functions. In earlier work, we identified two main factors contributing to an outdated network view in the case of a load-balancer: network state collection and controllers' state distribution. In this paper, we anticipate that the impact might be different in case of security functions. Therefore, we study the impact of an outdated network view on an anomaly-based IDS application. In particular, we investigate: (1) the impact of controllers' state distribution on the performance of a distributed IDS in the case of a DDoS attack; and (2) the impact of network state collection on the performance of an IDS in the case of a TCP SYN flood attack. Our results showed that the outdated network view had negative impact on the IDS anomaly-detection performance in the experiments that we conducted.
[1]
H. Jonathan Chao,et al.
Improving the performance of load balancing in software-defined networks through load variance-based synchronization
,
2014,
Comput. Networks.
[2]
Georg Carle,et al.
Traffic Anomaly Detection Using K-Means Clustering
,
2007
.
[3]
Anja Feldmann,et al.
Logically centralized?: state distribution trade-offs in software defined networks
,
2012,
HotSDN '12.
[4]
Pavlin Radoslavov,et al.
ONOS: towards an open, distributed SDN OS
,
2014,
HotSDN.
[5]
Martín Casado,et al.
Onix: A Distributed Control Platform for Large-scale Production Networks
,
2010,
OSDI.
[6]
Ashraf Matrawy,et al.
On the Impact of Network State Collection on the Performance of SDN Applications
,
2016,
IEEE Communications Letters.