DOS ATTACK DETECTION METHOD AND DoS ATTACK DETECTION DEVICE

摘要

PROBLEM TO BE SOLVED: To prevent an outgoing call from a large scale user from being detected incorrectly as DoS attack.;SOLUTION: When the maximum number of SIP sessions 241a for each subscriber data that is set for the transmission source of an SIP signal transmitted to a subscriber system SIP server 2a exceeds the number of SIP sessions 242a to be classified as a large scale user, a determination is made that the transmission source of that SIP signal is a large scale user. Subsequently, the number of receptions of that SIP signal is compared with a Dos attack detection threshold 243a of each user classification for the large scale user that is set separately from the small scale user. If the number of receptions of that SIP signal does not exceed the Dos attack detection threshold 243a of each user classification, a determination is made that the SIP signal is not Dos attack, thus detecting non-Dos attack.;COPYRIGHT: (C)2013,JPO&INPIT