Auto-Sign: An automatic signature generator for high-speed malware filtering devices

Gil Tahan; Chanan Glezer; Yuval Elovici; Lior Rokach

doi:10.1007/s11416-009-0119-3

Auto-Sign: An automatic signature generator for high-speed malware filtering devices

Gil Tahan, Chanan Glezer, Yuval Elovici, Lior Rokach

Research output: Contribution to journal › Article › peer-review

13 Scopus citations

Abstract

This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

Original language	English
Pages (from-to)	91-103
Number of pages	13
Journal	Journal in Computer Virology
Volume	6
Issue number	2
DOIs	https://doi.org/10.1007/s11416-009-0119-3
State	Published - 1 Jan 2010

ASJC Scopus subject areas

Computer Science (miscellaneous)
Hardware and Architecture

Access to Document

10.1007/s11416-009-0119-3

Cite this

@article{8fa4e3c381dd4cc4a99cf7d017896980,

title = "Auto-Sign: An automatic signature generator for high-speed malware filtering devices",

abstract = "This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.",

author = "Gil Tahan and Chanan Glezer and Yuval Elovici and Lior Rokach",

note = "Funding Information: This work has been supported by Deutsche Telekom AG.",

year = "2010",

month = jan,

day = "1",

doi = "10.1007/s11416-009-0119-3",

language = "English",

volume = "6",

pages = "91--103",

journal = "Journal in Computer Virology",

issn = "1772-9890",

publisher = "Springer Science + Business Media",

number = "2",

}

TY - JOUR

T1 - Auto-Sign

T2 - An automatic signature generator for high-speed malware filtering devices

AU - Tahan, Gil

AU - Glezer, Chanan

AU - Elovici, Yuval

AU - Rokach, Lior

N1 - Funding Information: This work has been supported by Deutsche Telekom AG.

PY - 2010/1/1

Y1 - 2010/1/1

N2 - This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

AB - This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

UR - http://www.scopus.com/inward/record.url?scp=77955090968&partnerID=8YFLogxK

U2 - 10.1007/s11416-009-0119-3

DO - 10.1007/s11416-009-0119-3

M3 - Article

AN - SCOPUS:77955090968

SN - 1772-9890

VL - 6

SP - 91

EP - 103

JO - Journal in Computer Virology

JF - Journal in Computer Virology

IS - 2

ER -

Auto-Sign: An automatic signature generator for high-speed malware filtering devices

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this