diff --git a/pkg/ingress/controller/controller.go b/pkg/ingress/controller/controller.go
index 3a4aad3..d67603c 100644
--- a/pkg/ingress/controller/controller.go
+++ b/pkg/ingress/controller/controller.go
@@ -829,7 +829,6 @@ func (c *Controller) inspectIngress(ing *nwv1.Ingress) (*Expander, error) {
 				PolicyExpander:       make([]*utils.PolicyExpander, 0),
 				PoolExpander:         make([]*utils.PoolExpander, 0),
 				ListenerExpander:     make([]*utils.ListenerExpander, 0),
-				SecurityGroups:       make([]string, 0),
 				SecGroupRuleExpander: make([]*utils.SecGroupRuleExpander, 0),
 			}}, nil
 	}
@@ -844,7 +843,6 @@ func (c *Controller) inspectIngress(ing *nwv1.Ingress) (*Expander, error) {
 		PolicyExpander:       make([]*utils.PolicyExpander, 0),
 		PoolExpander:         make([]*utils.PoolExpander, 0),
 		ListenerExpander:     make([]*utils.ListenerExpander, 0),
-		SecurityGroups:       make([]string, 0),
 		InstanceIDs:          make([]string, 0),
 		SecGroupRuleExpander: make([]*utils.SecGroupRuleExpander, 0),
 	}
@@ -1518,15 +1516,14 @@ func (c *Controller) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 			}
 		}
 		ensureDefaultSecgroupRule()
-		inspect.SecurityGroups = []string{defaultSecgroup.UUID}
+		inspect.serviceConf.SecurityGroups = append(inspect.serviceConf.SecurityGroups, defaultSecgroup.UUID)
 	}
-	if len(inspect.SecurityGroups) < 1 || len(inspect.InstanceIDs) < 1 {
+	if len(inspect.serviceConf.SecurityGroups) < 1 || len(inspect.InstanceIDs) < 1 {
 		return nil
 	}
-
 	// add default security group to old inspect
 	if oldInspect != nil && oldInspect.serviceConf.IsAutoCreateSecurityGroup && defaultSecgroup != nil {
-		oldInspect.SecurityGroups = append(oldInspect.SecurityGroups, defaultSecgroup.UUID)
+		oldInspect.serviceConf.SecurityGroups = append(oldInspect.serviceConf.SecurityGroups, defaultSecgroup.UUID)
 	}
 
 	listSecgroups, err = vngcloudutil.ListSecurityGroups(c.vServerSC, c.getProjectID())
@@ -1541,7 +1538,7 @@ func (c *Controller) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 	for _, secgroup := range listSecgroups {
 		mapSecgroups[secgroup.UUID] = true
 	}
-	for _, secgroup := range inspect.SecurityGroups {
+	for _, secgroup := range inspect.serviceConf.SecurityGroups {
 		if _, isHave := mapSecgroups[secgroup]; !isHave {
 			klog.Errorf("security group not found: %v", secgroup)
 		} else {
@@ -1570,7 +1567,7 @@ func (c *Controller) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 		return err
 	}
 	for _, instanceID := range inspect.InstanceIDs {
-		err := ensureSecGroupsForInstance(instanceID, oldInspect.SecurityGroups, validSecgroups)
+		err := ensureSecGroupsForInstance(instanceID, oldInspect.serviceConf.SecurityGroups, validSecgroups)
 		if err != nil {
 			klog.Errorln("error when ensure security groups for instance", err)
 		}
diff --git a/pkg/utils/expander.go b/pkg/utils/expander.go
index 3d3fa09..81e90a1 100644
--- a/pkg/utils/expander.go
+++ b/pkg/utils/expander.go
@@ -58,7 +58,6 @@ type IngressInspect struct {
 	PolicyExpander       []*PolicyExpander
 	PoolExpander         []*PoolExpander
 	ListenerExpander     []*ListenerExpander
-	SecurityGroups       []string
 	InstanceIDs          []string
 	SecGroupRuleExpander []*SecGroupRuleExpander
 }
diff --git a/pkg/vngcloud/vlb.go b/pkg/vngcloud/vlb.go
index ab863c0..e7841ca 100644
--- a/pkg/vngcloud/vlb.go
+++ b/pkg/vngcloud/vlb.go
@@ -453,7 +453,6 @@ func (c *vLB) inspectService(pService *lCoreV1.Service) (*Expander, error) {
 				PolicyExpander:       make([]*utils.PolicyExpander, 0),
 				PoolExpander:         make([]*utils.PoolExpander, 0),
 				ListenerExpander:     make([]*utils.ListenerExpander, 0),
-				SecurityGroups:       make([]string, 0),
 				SecGroupRuleExpander: make([]*utils.SecGroupRuleExpander, 0),
 			},
 		}, nil
@@ -479,7 +478,6 @@ func (c *vLB) inspectService(pService *lCoreV1.Service) (*Expander, error) {
 		PolicyExpander:       make([]*utils.PolicyExpander, 0),
 		PoolExpander:         make([]*utils.PoolExpander, 0),
 		ListenerExpander:     make([]*utils.ListenerExpander, 0),
-		SecurityGroups:       make([]string, 0),
 		InstanceIDs:          make([]string, 0),
 		SecGroupRuleExpander: make([]*utils.SecGroupRuleExpander, 0),
 	}
@@ -963,15 +961,15 @@ func (c *vLB) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 			}
 		}
 		ensureDefaultSecgroupRule()
-		inspect.SecurityGroups = []string{defaultSecgroup.UUID}
+		inspect.serviceConf.SecurityGroups = append(inspect.serviceConf.SecurityGroups, defaultSecgroup.UUID)
 	}
-	if len(inspect.SecurityGroups) < 1 || len(inspect.InstanceIDs) < 1 {
+	if len(inspect.serviceConf.SecurityGroups) < 1 || len(inspect.InstanceIDs) < 1 {
 		return nil
 	}
 
 	// add default security group to old inspect
 	if oldInspect != nil && oldInspect.serviceConf.IsAutoCreateSecurityGroup && defaultSecgroup != nil {
-		oldInspect.SecurityGroups = append(oldInspect.SecurityGroups, defaultSecgroup.UUID)
+		oldInspect.serviceConf.SecurityGroups = append(oldInspect.serviceConf.SecurityGroups, defaultSecgroup.UUID)
 	}
 
 	listSecgroups, err = vngcloudutil.ListSecurityGroups(c.vServerSC, c.getProjectID())
@@ -986,7 +984,7 @@ func (c *vLB) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 	for _, secgroup := range listSecgroups {
 		mapSecgroups[secgroup.UUID] = true
 	}
-	for _, secgroup := range inspect.SecurityGroups {
+	for _, secgroup := range inspect.serviceConf.SecurityGroups {
 		if _, isHave := mapSecgroups[secgroup]; !isHave {
 			klog.Errorf("security group not found: %v", secgroup)
 		} else {
@@ -1015,7 +1013,7 @@ func (c *vLB) ensureSecurityGroups(oldInspect, inspect *Expander) error {
 		return err
 	}
 	for _, instanceID := range inspect.InstanceIDs {
-		err := ensureSecGroupsForInstance(instanceID, oldInspect.SecurityGroups, validSecgroups)
+		err := ensureSecGroupsForInstance(instanceID, oldInspect.serviceConf.SecurityGroups, validSecgroups)
 		if err != nil {
 			klog.Errorln("error when ensure security groups for instance", err)
 		}