Idc. IDC Enterprise Security Survey, 2005.
 M. V. Gundy, D. Balzarotti, and G. V. Fieldschema, “Catch me, if you can: Evading network signatures with web-based polymorphic worms,” Boston, MA: 2007.
 Y. Tang, X. C. Lu, et al., “An automatic generation of attack signatures based on multi-sequence alignment [J],”Chinese Journal of Computers, 2006, 29 (9): 153321541.
 J. Newsome, B. Karp, and D. Song, “Polygraph: Automatically generating signatures for polymorphic worms,” in: Proceedings of the IEEE S &P 2005, Oakland, California, pp. 226-241, 2005.
 Z. Li, M. Sanghi, Y. Chen, et al., “Network-based and attack-resilient length signature generation for zero-day polymorphic worms[C],” 2007.
 T. Smith and M. Waterman, “Identification of common molecular subsequences,” Journal of Molecular Biology,
 S. B. Needleman and C. D. Wunsch, “A general method applicable to the search for similarities in the amino acid sequence of two proteins,” Journal of Molecular Biology, 48(3): pp. 443-453, 1970.
 P. K. Murphy, “Biological sequence comparison: An overview of techniques,” Technical Report, University of Arizona, Department of Computer Science, 1994.
 S. Uliel, A. Fliess, A. Amir, and R. Unger., “A simple algorithm for detecting circular permutations in proteins,” Bioinformatics, Vol. 15, No. 11: pp. 930-936, 1999.
 J . R. Crandall, S. F. Wu, and F. T. Chong, “Experiences using Minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities,” in: Proceedings of the GI SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Vienna, pp. 32-50, 2005.
 J. R. Crandall, Su Zhen Dong, S. F. Wu, and F. T. Chong, “On deriving unknown vulnerabilities from Zero Day polymorphic and metamorphic worm exploits,” in: Proceedings of the ACM CCS 2005, Alexandria, Virginia, pp. 235-248, 2005.
 J. Xu, P. Ning, C. Kil, Y. Zhai, and C. Bookholt, “Automatic diagnosis and response to memory corruption vulnerabilities,” in: Proceedings of the ACM CCS 2005, Alexandria, Virginia, pp. 223-234, 2005.
 Symantec Security Response: CodeRed Worm. http://www. sarc.com/avcenter/venc/data/codered.worm.html.
 C. CAN-2003-0245. Apache apr-psprintf memory corruption vulnerability. http://www.securityfocus.com/bi-d/7723/ discussion/.
 Viruslist.com: Net-Worm. Linux. Adm. http://www.viruslist.com/en/viruses/encyclopedia?virusid=23854.
 SANS Institute: Lion worm. http://www.sans.o-rg/y2k/ lion.htm.
 R. P. Lippmann, D. J. Fried, I. Graf, et al., “Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation,” in: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, Hilton Head, SC, 2: pp. 1012-1035, 2000.