Researchers/Application | Type of Malware | Type of Approach | Description |
Wespi et al. [25] | Intrusions | Semantic | Variable length patterns from training data consisting of system call traces of commands under normal execution were analyzed by a sequence-based algorithm called Teiresias for intrusion detection. |
Honeycomb [26] , Autograph [27] and Early Bird [28] | Worms | Syntactic | Generate signatures that constitute individual adjoining byte strings (tokens). |
Polygraph [29] | Polymorphic worms | Syntactic | Generates an array of tokens, a subsequence of tokens and Bayes signatures based on probabilistic methods to detect polymorphic worms. |
Nemean [30] | Worms | Semantic | Focus on generating signatures that defend against worms. |
PAYL [31] | Worms | Semantic | Produces subsequence signature tokens that associate ingress/egress payload notifications to detect the initial replication of worms. |
Hamsa [32] | Polymorphic worms | Semantic | Produces a set of signature tokens that can deal with polymorphic worms by investigating their invariant activity. |
ShieldGen [33] | Worms | Semantic | Generates network signatures for unseen vulnerabilities (worms) that are based on protocol-aware for instance. |
AutoRE [34] | Botnets | Semantic | Produces a spam signature creation architecture from spam emails that use botnets to detect them. |
Coull and Szymanski [35] | Masquerade | Semantic | Sequence alignment was used to identify masquerade detection by comparing “audit data” with legitimate user signatures extracted from their actual command line entries. |