Provided are N grouping of traffic and pattern-free Internet worm response
system and method. According to the method, traffic factors generated by
respective worms are grouped into N groups so that a great quantity of
information may be effectively understood and a worn generated afterward
is involved with characteristics of a relevant group. Damages of a
network or a system predictable through already classified N traffic
characteristics are defined so that corresponding step-by-step measures
are taken. Characteristics of the grouped worms are quantitatively
analyzed so that a danger degree of a new worm is predicted when the new
worm appears afterward and a forecast and alarming through the prediction
are performed. Easiness with which a controlling operator instantly
understands an accident using a visualization method having an
approximate real-time characteristic is increased, so that detection
efficiency for most of worms not detected using a conventional rule is
increased.