Sip intrusion detection and response architecture for protecting sip-based services

PURPOSE: An SIP(Session Initiation Protocol) intrusion detection and a response architecture for protecting an SIP-based service are provided to cope with a new SIP based attack without the degradation of multimedia quality through not only the detection of an SIP based attack and abnormality of an SIP traffic but also the management of an SIP recognition security device. CONSTITUTION: An SIP intrusion detecting system(100) copes with the attack by detecting an SIP based attack, and an abnormal SIP traffic detecting engine(200) transmits and receives data to and with an SIP-based integrated security management system agent. The abnormal SIP traffic detecting engine detects traffic abnormality based on net-flow data. An SIP-based integrated security management system(300) receives a traffic abnormality event.