Software Defined Networks (SDN) are becoming more commonly used in the cloud. This virtualizes network functions as software instances in the cloud. Mohamad Aslan amd Ashraf Matrawy at Carelton University look at how this characteristics of SDN could affect the performance of Intrusion Detection Systems(IDS) on SDN. Network controllers collect information from other controllers and network switches. Controllers regularly exchange their view of the network, or synchronize to make better decisions about handling network traffic. In an experiment, they created a DDoS attack (TCP SYN) on a SDN and examined the impact of the time between synchronizations between distributed IDS (a form of network controller). The more often the IDS synchronise, the more rapidly they detect an attack. This shows that an out of date network view can negatively impact the performance of security services on an SDN.
Aslan, M., & Matrawy, A. (2017). Could Network View Inconsistency Affect Virtualized Network Security Functions?. arXiv preprint arXiv:1707.05546.