COMP47810

Learning Outcomes:

● Describe types of malware, including Viruses, Worms, Trojans, Rootkits, Spyware and Ransomware.
● Perform static and dynamic malware analysis on various malware samples.
● Understand executable formats.
● Learn to apply machine learning techniques for detection and analysis of malware.
● Apply techniques and concepts to unpack, extract, and decrypt malware.
● Common approaches to reverse engineering.
● Practical skills with industry-standard malware analysis tools.

Indicative Module Content:

• Fundamentals of Malware Analysis including: the types of malware, the existing malware analysis techniques and malware analysis tools.
• Static Analysis including: file signature analysis, identifying file dependencies, database of file hashes, string analysis, malware sandboxing, levels of abstraction, x86 assembly, and static analysis tools.
• Dynamic Analysis including: debugging, source level vs. assembly level debuggers, Kernel vs. user-mode debugging, DLL analysis, and dynamic analysis tools.
• Reverse Engineering including: reverse engineering malicious code, identifying malware passwords, bypassing authentication, advanced malware analysis: - case study: Ransomware analysis using ML techniques - and reverse engineering tools: IDA Pro and Ollydbg.
• Malware Functionality including: malware behavior, covert malware launching, data encoding, and malware-focused network signatures.
• Anti-Reverse-Engineering including: anti-disassembly, anti-debugging, packers, and unpacking.
• Machine Learning Techniques for Malware Analysis including: Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Random Forest (RF), Decision Trees (DT), Naive Bayes (NB), and Deep Learning techniques.

Student Effort Hours:

Approaches to Teaching and Learning:

The course material will be delivered as weekly live lectures that will be recorded and made available for students to view afterwards. The lectures will be complemented by 3 face to face workshops where the malware analysis tools used in this course are introduced (first workshop), the assignments are explained and discussed (workshop 2), the assignments are presented and evaluated (workshop 3).

Not applicable to this module.

Not applicable to this module.
 

Assessment Strategy  

 

Please see Student Jargon Buster for more information about remediation types and timing. 

Feedback Strategy/Strategies

• Feedback individually to students, on an activity or draft prior to summative assessment
• Feedback individually to students, post-assessment
• Online automated feedback

How will my Feedback be Delivered?

Assignment results will be notified after submission deadline. Where appropriate (e.g. when answering MCQ tests) the results will be communicated automatically online.

1. Abhijit Mohanta and Anoop Saldanha, "Malware Analysis and Detection Engineering a Comprehensive Approach to Detect and Analyze Modern Malware", 2020, 1th Edition, Apress Berkeley, CA (ISBN No.: 978-1-4842-6193-4),United States.
2. Michael Sikorski and Andrew Honig, "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", 2012, 1th Edition, No Starch Press San Francisco, CA, (ISBN No.: 9781593272906), United States.
3. C. Eagle "The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler", Second Edition