A method and system are provided for preventing network service shutdowns resulting from denial of service (DOS) attacks. First, parameters are monitored corresponding to network elements carrying communication signal traffic in a communications network, and, based on the parameters, if a DOS attack is indicated, performing the following for each instance of communication signal traffic: accessing data structures for data relating to protected communication signal traffic, and, based on the data, determining if the communication signal traffic is designated as protected. Finally; based on the determination, cleaning and forwarding each protected communication signal to its respective destination.