The maintenance of network security requires a lot of computing resources to perform accurate abnormal traffic and behavior analysis. This paper implements an abnormal traffic detection system in a software-defined networking environment. This system integrates the Suricata, an open-source intrusion detection system, with a smart network card. The system supports multiple-thread execution with the auxiliary computing power of the smart network card. If abnormal traffic flow is found, an alarm is issued to notify the SDN controller for proper actions against the anomaly. Through the combination of smart network card and Suricata, the load of SDN controller system operation can be greatly reduced.