COMP47810 Malware Analysis

Academic Year 2023/2024

This module introduces the different types of malware (malware taxonomy) and the existing methods to detect and analyse malware. It teaches methods to identify and analyse malware samples using static and dynamic analysis, machine learning and reverse engineering techniques. Furthermore, key reverse engineering tools such as IDA Pro and OllyDbg are introduced.

Show/hide contentOpenClose All

Curricular information is subject to change

What will I learn?

Learning Outcomes:

● Describe types of malware, including Viruses, Worms, Trojans, Rootkits, Spyware and Ransomware.
● Perform static and dynamic malware analysis on various malware samples.
● Understand executable formats.
● Learn to apply machine learning techniques for detection and analysis of malware.
● Apply techniques and concepts to unpack, extract, and decrypt malware.
● Common approaches to reverse engineering.
● Practical skills with industry-standard malware analysis tools.

Indicative Module Content:

• Fundamentals of Malware Analysis including: the types of malware, the existing malware analysis techniques and malware analysis tools.
• Static Analysis including: file signature analysis, identifying file dependencies, database of file hashes, string analysis, malware sandboxing, levels of abstraction, x86 assembly, and static analysis tools.
• Dynamic Analysis including: debugging, source level vs. assembly level debuggers, Kernel vs. user-mode debugging, DLL analysis, and dynamic analysis tools.
• Reverse Engineering including: reverse engineering malicious code, identifying malware passwords, bypassing authentication, advanced malware analysis: - case study: Ransomware analysis using ML techniques - and reverse engineering tools: IDA Pro and Ollydbg.
• Malware Functionality including: malware behavior, covert malware launching, data encoding, and malware-focused network signatures.
• Anti-Reverse-Engineering including: anti-disassembly, anti-debugging, packers, and unpacking.
• Machine Learning Techniques for Malware Analysis including: Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Random Forest (RF), Decision Trees (DT), Naive Bayes (NB), and Deep Learning techniques.

How will I learn?

Student Effort Hours:

Student Effort Type	Hours
Lectures	24
Seminar (or Webinar)	6
Autonomous Student Learning	60
Total	90

Approaches to Teaching and Learning:
The course material will be delivered as weekly live lectures that will be recorded and made available for students to view afterwards. The lectures will be complemented by 3 face to face workshops where the malware analysis tools used in this course are introduced (first workshop), the assignments are explained and discussed (workshop 2), the assignments are presented and evaluated (workshop 3).

Am I eligible to take this module?

Requirements, Exclusions and Recommendations

Not applicable to this module.

Module Requisites and Incompatibles

Not applicable to this module.

How will I be assessed?

Assessment Strategy

Description	Timing	Open Book Exam	Component Scale	Must Pass Component	% of Final Grade
Examination: Written Exam	2 hour End of Trimester Exam	No	Alternative linear conversion grade scale 40%	No	40
Project: This research project focuses on using machine learning techniques to analyse malware. The students are required to write an essay based on the results of their work and to do a 10min presentation.	Throughout the Trimester	n/a	Alternative linear conversion grade scale 40%	Yes	60

Carry forward of passed components
Yes

What happens if I fail?

Resit In	Terminal Exam
Autumn	Yes - 2 Hour

Please see Student Jargon Buster for more information about remediation types and timing.

Assessment feedback

Feedback Strategy/Strategies

• Feedback individually to students, post-assessment
• Online automated feedback

How will my Feedback be Delivered?

Assignment results will be notified after submission deadline. Where appropriate (e.g. when answering MCQ tests) the results will be communicated automatically online.

Reading List

1. Abhijit Mohanta and Anoop Saldanha, "Malware Analysis and Detection Engineering a Comprehensive Approach to Detect and Analyze Modern Malware", 2020, 1th Edition, Apress Berkeley, CA (ISBN No.: 978-1-4842-6193-4),United States.
2. Michael Sikorski and Andrew Honig, "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", 2012, 1th Edition, No Starch Press San Francisco, CA, (ISBN No.: 9781593272906), United States.
3. C. Eagle "The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler", Second Edition

When is this module offered?

Timetabling information is displayed only for guidance purposes, relates to the current Academic Year only and is subject to change.


Spring
Practical	Offering 1	Week(s) - 19, 28, 34	Fri 09:00 - 10:50

UCD Course Search
Malware Analysis (COMP47810)

Academic Year 2023/2024

The information contained in this document is, to the best of our knowledge, true and accurate at the time of publication, and is solely for informational purposes. University College Dublin accepts no liability for any loss or damage howsoever arising as a result of use or reliance on this information.

Malware Analysis (COMP47810)

Subject:: Computer Science
College:: Science
School:: Computer Science
Level:: 4 (Masters)
Credits:: 5.0
Trimester:: Spring
Module Coordinator:: Dr Anca Delia Jurcut
Mode of Delivery:: Blended
Internship Module:: No
How will I be graded?: Letter grades

(Google Chrome is recommended when printing this page)