SYSTEM AND METHOD FOR DETECTING INTERNET WORM TRAFFIC BY CLUSTERING TRAFFIC CHARACTERIZATION CLASSIFIED BY TYPE

摘要

A system and a method for detecting Internet worm traffic through traffic characteristic classification by types are provided to perform a proper countermeasure and a manager alarm by classifying worm traffic into groups, defining a traffic characteristic vector, and defining a type of the worm traffic through similarity comparison with the characteristic vector of new traffic, thereby detecting the worm traffic and previously recognizing influence by the worm traffic, and dealing with it. A system for detecting Internet worm traffic through traffic characteristic classification by types comprises the followings: a traffic collecting and synthesizing unit(100) which collects, analyzes, and stores network traffic during a certain period; a traffic characteristic vector generating unit(200) which generates a traffic characteristic vector by using a characteristic filter from traffic collected during the certain period; a similarity analyzing unit(300) which generates a similarity point between the generated traffic characteristic vector and each type of a predefined worm traffic characteristic profile(310); a traffic type determining unit(400) which determines a traffic type by using the generated similarity point for a type of the predefined worm traffic characteristic profiles; a seriousness determining unit(500) which compares the similarity point of the determined traffic type with a predefined seriousness determination point range and determines a seriousness grade.