Auto-Sign: an automatic signature generator for high-speed malware filtering devices

Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)

Szor P.: The Art of Computer Virus Research and Defense. Addison–Wesley, Reading (2005)

Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm Signature detection. In: Proceedings of the 13th Usenix Security Symposium (Security 2004), San Diego, CA, August (2004)

Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Recent Advance in Intrusion Detection (RAID), September (2004)

Singh, S., Eitan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: 6th Symposium on Operating Systems Design and Implementation (OSDI), December (2004)

Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An architecture for generating semantics-aware signatures. In: 14th USENIX Security Symposium. Baltimore, Maryland, August (2005)

Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy. Oakland, California, May (2005)

Kreibich C., Crowcroft J.: Honeycomb: creating intrusion detection signatures using honeypots. SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004)

Provos, N.: A virtual honeypot framework. CITI Technical Report 03-1, Center for Information Technology Integration, University of Michigan, Ann Arbor, Michigan, USA, October (2003)

Tang, Y., Chen, S.: Defending against Internet worms: a signature-based approach. In: Proceedings of IEEE INFOCOM’05, Miami, Florida, USA, May (2005)

Filiol E.: Malware pattern scanning schemes secure against black-box analysis. J. Comput. Virol. 2(1), 35–50 (2006)

Morin B., Mé L.: Intrusion detection and virology: an analysis of differences, similarities and complementariness. J. Comput. Virol. 3(1), 39–49 (2007)

Elovici, Y., Shabtai, A., Moskovitch, R., Tahan, G., Glezer, C.: Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic. In: The 30th Annual German Conference on Artificial Intelligence (KI-2007), Lecture Notes in Computer Science, vol. 4667, pp. 44–50. Springer, Osnabrück (2007)

Filiol E., Josse S.: A statistical model for viral detection undecidability. J. Comput. Virol. 3(2), 65–74 (2007)

Filiol, E., Raynal, F.: Malicioux, Malicious Cryptography ... Reloaded and also Malicious Statistics. CanSecWest 2008 Vancouver, pp. 26–28 Mars (2008)

Cormen T.H., Leiserson C.E., Rivest R.L., Stein C.: Introduction to Algorithms. MIT Press, London (2001)

Lawrence C.E., Reilly A.A.: An expectation maximization (EM) algorithm for the identification and characterization of common sites in unaligned biopolymer sequences. Proteins Struct. Funct. Genet. 7, 41–51 (1990)

Lawrence C.E., Altschul S.F., Boguski M.S., Liu J.S., Neuwald A.F., Wootton J.C.: Detecting subtle sequence signals: a Gibbs sampling strategy for multiple alignment. Science 262, 208–214 (1993)

Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: 2005 IEEE Symposium on Security and Privacy (S&P’05), pp. 226–241 (2005)

Hirschberg D.S.: Algorithms for the longest common subsequence problem. J. ACM 244, 664–675 (1977)

DefensePro, Radware. http://www.radware.com/

Abou-Assaleh, T., Cercone, N., Kešelj, V., Sweidan, R.: NGram Based Detection of New Malicious Code. In: 28th Annual International Computer Software and Applications Conference Workshops and Fast Abstracts (COMPSAC’04), pp. 41–42 (2004)

Goldberg L.A., Goldberg, P.W., Phillips, C.A., Sorkin, G.: Constructing Computer virus phylogenies. J. Algorithms 26(1), pp. 188–208

Karim, M.E., Walenstein, A., Lakhotia, A.: Malware Phylogeny Using Maximal πPatterns. In: EICAR 2005 Conference: Best Paper Proceedings, pp. 167–174 (2005)

Le Cam L.: An approximation theorem for Poisson binomial distribution. Pac. J. Math. 10, 1181–1197 (1960)

Lai C.D., Wood G.R., Qiao C.G.: The mean of the inverse of a punctured normal distribution and its application. Biom. J. 46(4), 420–429 (2004)

Rokach L.: Collective-agreement-based pruning of ensembles. Comput. Stat. Data Anal. 53(4), 1015–1026 (2009)

Menahem E., Shabtai A., Rokach L., Elovici Y.: Improving malware detection by applying multi-inducer ensemble. Comput. Stat. Data Anal. 53(4), 1483–1494 (2009)

Moskovitch R., Elovici Y., Rokach L.: Detection of unknown computer worms based on behavioral classification of the host. Comput. Stat. Data Anal. 52(9), 4544–4566 (2008)

Rieck K., Laskov P.: Language models for detection of unknown attacks in network traffic. J. Comput. Virol. 2(4), 243–256 (2007)