Intelligent automatic malicious code signatures extraction

The computer malicious executable code has been with us for a quite long time. Since computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds. The first is called virus, which always infect other benign programs. The second is called Trojan which always masquerade its malicious executable code inside a usefully utility or freeware program. And the last but not the least is called worm that replicate and distribute itself automatically around the network. According to the literature survey [R.A. Grimes (2001)], current antivirus products cannot detect all the malicious codes, especially for those unseen, polymorphism malicious executable codes. Moreover, there are many virus program generators and mutation engines available on public Web sites that can be downloaded freely make a lot of unseen, polymorphism, and harmful executable malicious code. So how to extract virus signatures efficiently and effectively automatically instead of manually for an antivirus scanner system is quite important and also is the major purpose of this research.