Most of known attack signature generation systems took either black-box method or white-box method,both of which were limited in several aspects,such as costing a long time to capture sufficient samples,demanding arduous manual analysis and requiring source code of the vulnerable program.An attack signature generation method based on an innovative traceable dynamic taint analysis framework was proposed.By monitoring the vulnerable process execution,the executing trace and the constrain conditions exactly related to input data exploiting the vulnerability was extracted.Finally,by restoring the execution context and supplementing the determinant statements an executable Turing machine signature was attained.A prototype system was implemented and evaluated with different attack samples,which proved that the proposed method was able to generate accurate attack signature fast.
