It is difficult for security experts to generate polymorphic signatures by using traditional string mining and matching techniques.A semantic-aware method is presented to generate a kind of two-level signature that includes both polymorphic semantics and string patterns.It first analyzes the characteristics of polymorphic engines and categorizes the data flows into different clusters and then uses static data flow methods to extract invariable semantic instructions.And then,it combines traditional string methods to generate the signature.In comparison with other methods,experimental results show that it may effectively reduce false positives and false negatives.