A method for protecting SIP (Session Initiation Protocol)-based applications wherein SIP messages are analyzed and malicious SIP messages that potentially constitute a security risk for the SIP-based application are identified is discloses. Regarding a realization of a particularly high security [level] with means that are easy to implement—a pre-definable number N of pre-configurable parameters—identities—is extracted from the SIP messages and that for each SIP message a comparison of the identities with the identities extracted from previous SIP message is performed, on the base of which a maliciousness level ML is assessed for every SIP message.