A system and method for detecting Internet worm traffics through classification of traffic characteristics by types is disclosed. The system and method defines Internet worm as a characteristic profile classified into diverse traffic characteristics, detects Internet worm traffics by comparing the similarity of a collected traffic with that of a defined traffic, classifies the type of the Internet worm, and performs severity judgment and alarming. The detection efficiency of most worms, which cannot be detected based on the existing rule, can be increased. Also, the risk grade of the corresponding worm traffic can be quantitatively provided by judging the severity according to the similarity scores and the predefined severity grade. Accordingly, the survival of the entire communication network can be heightened through the countermeasure and the forecast/alarm in steps, and mass information can be effectively seized.