Generating malware signature using transcoding from sequential data to amino acid sequence

Signature generation is critical for malware defense. Since the manual operation of signature generation costs too much time and does not guarantee the accuracy, the automatic signature generation has raised great concerns. In this paper, we propose a novel approach for automatic signature generation of malware, which directly leverages bioinformatics algorithms and toolkits based on transcoding. Initially, we convert the malware sequential data, like propagation dataflow, system call sequences, malicious file content, etc. into amino acid sequences by transcoding. Then we leverage multiple sequence alignment software in bioinformatics, such as CLUSTAL, T-COFFEE and MUSCLE to align amino acid sequences. Finally, based on the alignment result of the amino acid sequences, the malware sequential signatures can be obtained through an inverse transcoding procedure. In our experiments, some multiple sequence alignment software based on different algorithms are evaluated and compared for the effect and efficiency of signature generation.