Method and apparatus for detecting man-in-the-middle attack

The embodiment of the invention relates to a method and apparatus for detecting a man-in-the-middle attack. The method comprises the following steps: an MeNB receives a first check request message sent by an SeNB, wherein the first check request message comprises first identification information and a first data packet count value; the MeNB generates a second check request message according to thefirst identification information, and sends the second check request message to a user terminal; the MeNB receives a first check response message generated by the user terminal according to the second check request message, wherein the first check response message comprises second identification information and a second data packet count value; when the first data packet count value is the same as the second data packet count value, the MeNB judges that there is no man-in-the-middle attack between the SeNB and the user terminal; and when the first data packet count value is different from thesecond data packet count value, the MeNB judges that the man-in-the-middle attack exists between the SeNB and the user terminal.