Hello,
There is a guide that might be of some help to you for writing custom signatures it can be found at:
http://www.cisco.com/web/about/security/intelligence/ips_custom_sigs.html
If you continue to have questions you can email ipssig-customer-request to get some guidance on writing your custom signature. Include a complete description of what you are trying to fire on and not fire on, a good traffic sample. Please note the signature you are trying to write will probably fire a lot and may cause performance degradations or may false positive.