摘要 |
The present invention relates to a technology of combining bearer information with GTP tunneling session information, based on a policy of setting different bearer attribute types and giving different rules to continuous bears, based on per-bearer generation order, through decoding GTP packet data, in order to determine whether an SIP session is normal, through a bearer used in the SIP session, based on information managed in a GTP session, in order to detect and block an abnormal session of a VoLTE service provided in a GTP network environment, then analyzing the attribute types of the bearers in an SIP session detection step, detecting whether there is an attack on the SIP session based on the analysis results, thus detecting the disguise behavior of an attacker for the abnormal session of the VoLTE service provided in the GTP network environment, based on definitions of the allocation process and attributes of the bearers, understanding, applying, and using operational environment properties (bearer) in the verification of a session in addition to a conventional step of verifying whether a session is forged and integral, and reducing the forgery detection rate in a real network and gaining benefits in terms of the resources of a detection system by detecting/blocking attack behaviors fundamentally in an attack session step performed by an attacker aiming to forge a session, not a reliable service provider. |