Auto-Sign: An automatic signature generator for high-speed malware filtering devices

Gil Tahan, Chanan Glezer, Yuval Elovici, Lior Rokach

Research output: Contribution to journalArticlepeer-review

13 Scopus citations


This research proposes a novel automatic method (termed Auto-Sign) for extracting unique signatures of malware executables to be used by high-speed malware filtering devices based on deep-packet inspection and operating in real-time. Contrary to extant string and token-based signature generation methods, we implemented Auto-Sign an automatic signature generation method that can be used on large-size malware by disregarding signature candidates which appear in benign executables. Results from experimental evaluation of the proposed method suggest that picking a collection of executables which closely represents commonly used code, plays a key role in achieving highly specific signatures which yield low false positives.

Original languageEnglish
Pages (from-to)91-103
Number of pages13
JournalJournal in Computer Virology
Issue number2
StatePublished - 1 Jan 2010

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Hardware and Architecture


Dive into the research topics of 'Auto-Sign: An automatic signature generator for high-speed malware filtering devices'. Together they form a unique fingerprint.

Cite this