USER IDENTIFICATION METHOD OF ATTACK/ANOMALY TRAFFIC IN MOBILE COMMUNICATION NETWORK

摘要

The present invention relates to a method for identifying attacking/abnormal traffic inducing users in a mobile communication network, the method comprising the steps of: collecting and analyzing a GTP user (GTP-U) message to detect attacking/abnormal traffic; extracting a key to be used for referring to an index hash table from the GTP-U message detected as the attacking/abnormal traffic; referring to the index hash table for an index value using the extracted key; referring to a session hash table using the index value; and identifying attacking/abnormal traffic inducing user using session information retrieved from the session hash table.