DETECTION METHOD FOR SIGNALING DOS TRAFFIC IN MOBILE COMMUNICATION NETWORKS

摘要

A detection method for signaling DoS traffic in mobile communication networks according to the present invention comprises: a packet filtering engine for classifying RAB connections by collecting and analyzing GTP-C packets; an RAB connection detection unit for detecting, from the classified RAB connections, malicious RAB connections; and a signaling DoS attack detection unit for calculating the time interval of the detected malicious RAB connection, and determining whether a signaling DoS attack has occurred on the basis of the calculated time interval of the RAB connection. The present invention provides a system and an algorithm for detecting signaling DoS traffic attacks which can disable a mobile communication network by using a massive number of signaling messages which are generated through repeated malicious RAB connections and cancellations to the mobile communications network. The detection method for signaling DoS traffic according to the present invention can be used to respond the security threat of an actual mobile communications network, and, in module form, is expected to be used to supplement the capabilities of an existing management system of a mobile communications network.