Auto-Sign: An automatic signature generator for high-speed malware filtering devices

Gil Tahan, Chanan Glezer, Yuval Elovici, Lior Rokach

Research output: Contribution to journalArticlepeer-review

13 Scopus citations

Abstract

This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

Original languageEnglish
Pages (from-to)91-103
Number of pages13
JournalJournal in Computer Virology
Volume6
Issue number2
DOIs
StatePublished - 2010
Externally publishedYes

Fingerprint

Dive into the research topics of 'Auto-Sign: An automatic signature generator for high-speed malware filtering devices'. Together they form a unique fingerprint.

Cite this