1. GUC
  2. Course catalogue
  3. Student handbook
  4. Study plans 2016-2017
  5. Courses 2016-2017
  6. Avdeling for informatikk og medieteknikk
  7. IMT4116 Reverse Engineering and Malware Analysis

Reverse Engineering and Malware Analysis
Study plans 2016-2017 - IMT4116 - 7.5 ECTS

Prerequisite(s)

Laboratory activities will involve analyzing and handling malicious code on your computer system. Virtual machines and due caution will be used, but it is nevertheless not recommended to use your organizations laptop in laboratory activity.

Expected learning outcomes

Knowledge:

  • The candidate possess knowledge of methodology, technology and application of malware analysis and reverse engineering
  • The candidate possess thorough knowledge of anonymous analysis
  • The candidate possess advanced knowledge of static malware analysis
  • The candidate possess advanced knowledge of dynamic malware analysis
  • The candidate possess thorough knowledge of malware classification and functionality
  • The candidate possess knowledge of anti-reverse engineering techniques
  • The candidate possess thorough knowledge of building and using a malware lab

Skills:

  • The candidate is capable of applying malware analysis methodology and technology
  • The candidate is capable of applying advanced static malware analysis
  • The candidate is capable of applying advanced dynamic malware analysis
  • The candidate is able to identify basic and some advanced malware functionality
  • The candidate is able to identify known anti-reverse engineering techniques
  • The candidate is able to conduct an analysis without revealing that the investigation is taking place and/or revealing their identity.

General competence:

  • The candidate is capable of analyzing relevant professional and research problems in malware analysis
  • The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis
  • The candidate is capable of working independently as a malware analyst and is familiar with terminology.
  • The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience
  • The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
  • The candidate is capable of contributing to innovation and innovation processes

Topic(s)

  • Malware methodology
  • Basic analysis
  • Advanced static analysis
  • Advanced Dynamic analysis
  • Anonymous and stealthy analysis
  • Malware classification and functionality
  • Anti Reverse-engineering
  • Malware lab

Teaching Methods

Lectures
Laboratory work
Net Support Learning
Mandatory assignments
Other

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded. Intensive lab exercises are offered. Participation in the lab on campus is recommended even for remote students. Nevertheless, the lab exercises are also recorded, so that the course is open for both campus and remote students.

Form(s) of Assessment

Home exam, 72 hours
Oral presentation

Form(s) of Assessment (additional text)

  • The home exam is given a temporary grade.
  • Individual oral examination/presentation may adjust the grade up or down to the final grade, according to performance.
  • Students must obtain a passing grade on the home exam to be able to present themselves for the oral examination/presentation.
  • Students must pass both parts to pass the course
  • For off campus students the oral exam will be arranged through web conference.

In specific circumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically (every four years)

Re-sit examination

For the final home exam: Re-sit examination in August, followed by a new oral exam.

Coursework Requirements

All exercises must be approved in order to take the home and oral exam.

Teaching Materials

Books/standards, conference/journal papers and web resources, such as

  • M.Sikorski and A. Honig: Practical Malware Analysis, The hands on guide to dissecting Malicious Software
  • M. Ligh, S Adair, B Hartstein and M.Richard: Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code.