N grouping of traffic and pattern-free internet worm response system and method using N grouping of traffic
First Claim
1. A computerized method for N grouping of traffic and a pattern-free Internet worm response method using the N grouping of traffic, the computerized method comprising:
- grouping various worms into N groups by a processor where similar traffic factors generated by the worms are grouped;
involving a worm appearing afterward with a traffic characteristic of a corresponding group defined in advance to allow a network or a system to control a forecast/alarm and a countermeasure for a danger of the network or system (here, N is a natural number equal to or greater than
2); and
wherein determining of the traffic characteristic of the corresponding group defined in advance comprises;
executing various worms and collecting generated traffic data to perform grouping on traffic factors that generate similar results;
creating N groups using the grouping results;
inserting data of a real network as noises with consideration of a circumstance where noises and worms of various communication networks are generated simultaneously in a bundle;
applying a neural network algorithm to the inserted data and performing the grouping of various worms to allow the group to converge;
quantitatively analyzing the groups;
dividing a damage influence of the quantitatively analyzed group into a plurality of hierarchies; and
matching a countermeasure with each hierarchy.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of Information may be effectively understood and a worm generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and forecasting and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most worms not detected using a conventional rule is increased.
166 Citations
6 Claims
-
1. A computerized method for N grouping of traffic and a pattern-free Internet worm response method using the N grouping of traffic, the computerized method comprising:
-
grouping various worms into N groups by a processor where similar traffic factors generated by the worms are grouped; involving a worm appearing afterward with a traffic characteristic of a corresponding group defined in advance to allow a network or a system to control a forecast/alarm and a countermeasure for a danger of the network or system (here, N is a natural number equal to or greater than
2); andwherein determining of the traffic characteristic of the corresponding group defined in advance comprises; executing various worms and collecting generated traffic data to perform grouping on traffic factors that generate similar results; creating N groups using the grouping results; inserting data of a real network as noises with consideration of a circumstance where noises and worms of various communication networks are generated simultaneously in a bundle; applying a neural network algorithm to the inserted data and performing the grouping of various worms to allow the group to converge; quantitatively analyzing the groups; dividing a damage influence of the quantitatively analyzed group into a plurality of hierarchies; and matching a countermeasure with each hierarchy. - View Dependent Claims (2, 3, 4)
-
-
5. N grouping of traffic and a pattern-free Internet worm response system using the N grouping of traffic, the system comprising:
-
a traffic classification unit on a processor executing various worms, collecting generated traffic data to put together the worms having the same traffic data as collected, creating N groups where traffic factors that generate similar results are grouped, dividing a damage influence of the group into a plurality of hierarchies, and matching a countermeasure with each hierarchy and thus defining a traffic characteristic, wherein the traffic classification unit comprises; a primitive grouping element executing various worms, collecting generated traffic data, and creating N groups using a neural network for final classification of a worm that generates a similar result; a processing grouping element inserting data of a real network as noises with consideration of a circumstance where noises and worms of various communication networks are generated simultaneously in a bundle, and applying a new neural network algorithm to allow the worms to converge to N groups; a group quantitative analysis element quantitatively analyzing the groups; a hierarchy dividing element dividing a damage influence of the quantitatively analyzed group into a plurality of hierarchies; and a countermeasure matching element matching a countermeasure for a damage for each hierarchy; a traffic collection unit on a processor collecting newly generated worm traffic using the traffic characteristic of a relevant group that is defined by the traffic classification unit; and a forecast/alarm and countermeasure unit on a processor comparing similarity of each group with that of the newly generated worm traffic with reference to the traffic classification unit and making a forecast/alarm and a countermeasure according to a countermeasure scheme for each hierarchy of a most similar group (here, N is a natural number equal to or greater than
2). - View Dependent Claims (6)
-
Specification