A computer-implemented method for mitigating attacks of malicious traffic in a computer network includes receiving a set of attack sequences, including first traffic sequences suspected of containing the malicious traffic, analyzing the attack sequences so as to automatically extract a regular expression that matches at least a portion of the attack sequences in the set, and comparing second traffic sequences to the regular expression in order to identify the second traffic sequences that contain the malicious traffic.