In those years, cloud computing as a new service model has become one of the most interesting topics in the field of information technology. With the rapid development of cloud computing, dynamic changes brought by server virtualization and other new technologies make the manageability of network facing severe challenges, and the current network architectures cannot meet the new requirements. As the increasing complexity of hybrid cloud networks becomes a bottleneck of cloud computing, a potential solution, SDN has gained great attentions from both industry and academic. By separating the network control plane and data plane, OpenFlow based SDN architecture can abstract the underlying infrastructure, make the network scale programming and centralized management. In the network security domain, due to the introduction of virtualization technology, which breaking the manner of division boundaries of traditional network, network boundaries become blurred and dynamic. At the same time, the constantly expand scales of the cloud also make it possible to launched attacks from inside. Faced with these emerging issues, traditional security techniques cannot achieve effective security. SDN's emergence has also brought a new perspective for cloud computing security, it’s technical features show that can make a timely response to a cloud computing environment dynamic changes. So far, research on utilizing SDN in network attack detection is still in its inception phase. Specifically, it has not been evaluated whether SDN can efficiently detect internal network attacks in a cloud environment. In this research, firstly, the security of cloud computing research in recent years were analyzed, in particular a detailed summary of new achievements for cloud computing security brought by SDN. Subsequently, based on the analysis SDN technology framework, towards the complexity of the internal network for cloud computing environments and new security requirements, proposed anomaly detection scheme based on SDN and described in detail from the design, modules and so on. Finally, we implement both SDN and traditional network infrastructures based on OpenStack platform. We simulate both flood and port-scan attacks and utilize two types of traffic anomaly detection algorithms. Experiment results indicates that the SDN method shows better performance in memory usage without degrading its accuracy, while it also suffers performance bottleneck when directly deployed into SDN controllers.