Malware Analysis
| Code | School | Level | Credits | Semesters |
| COMP4101 | Computer Science | 4 | 10 | Spring UK |
- Code
- COMP4101
- School
- Computer Science
- Level
- 4
- Credits
- 10
- Semesters
- Spring UK
Summary
This module looks at the practice of Malware Analysis, looking at how to analyse malicious software to understand how it works, how to identify it and how to defeat or eliminate it. We will look at how to set up a safe environment in which to analyse Malware, as well as exploring both static and dynamic malware analysis. Although malware takes many forms, the focus of this course will primarily be on executable binaries, covering both object file formats, but also the use of tools such as debuggers, virtual machines and disassemblers to explore them. Obfuscation and packing schemes will be discussed, along with various issues related to Windows internals.
The course will be ‘hands-on’, based around the book Practical Malware Analysis by Michael Sikorski and Andrew Honig. Students will be encouraged to (safely) practice the skills they are taught.
Target Students
Available to Level 3 and 4 students in the School of Computer Science. This module is not available to students not listed above without explicit approval from the module convenor(s). This module is part of the Operating Systems, Networks and Security theme in the School of Computer Science.
Assessment
- 50% Practical: Weekly exercises analysing malware. Reassessment is 100% exam.
- 50% Exam 1 (3-hour): Moodle Exam. Reassessment is 100% exam.
Assessed by end of spring semester
Educational Aims
Students will acquire knowledge of relevant system internals and experience in using various malware analysis tools. Students will also acquire insight into emerging trends in malware design, including efforts to deter analysis.Learning Outcomes
Knowledge and Understanding
- An understanding of the issues associated with malware analysis.
- An understanding of the relevant systems internals exploited by malware.
- An appreciation of the strengths and weaknesses of available security techniques.
- Explain the difference between static and dynamic analysis in reverse engineering software.
Intellectual Skills
- The ability to think independently while giving due weight to the arguments of others.
- The ability to understand complex security issues and relate them to specific situations.
- The ability to perform static and dynamic analysis of a computer program to understand and document its function.
- The ability to setup a safe environment for analysing malicious software.
- Ability to relate theory to its real-world applications.
Professional Skills
- Enhanced systems programming skills.
- The ability to evaluate and select appropriate reverse engineering techniques.
Transferable Skills
- An enhanced ability to produce detailed reports.