CYBR 482 Malware Analysis

Malware infections have reached epidemic proportions with over 600 million types of infection reported to date. Traditional antivirus techniques are not sufficient to stem the tide. This course will introduce students to the fundamentals of malware analysis techniques which will allow them to recognize, analyze and remediate infections. Basic static analysis techniques using antivirus scanning, hashing, string searching and other automated analysis tools will be reviewed. Dynamic approaches using system and network monitoring will be employed to detect snooping and attempts to exfiltrate data. Students will set up virtual workspaces, download tools and malware and analyze software in a secure environment. Reverse engineering will be introduced. Overlap: ICS 486.

Prerequisites

Special information

First day attendance is mandatory.
Overlap: ICS 486. Note: Students are responsible to both be aware of and abide by prerequisites for CFS/CYBR/ICS courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.

4 Undergraduate credits

Effective May 6, 2020 to present

Learning outcomes

General

Understand characteristics of malware, motivations of creators, and impacts on recipients
Demonstrate ability to set up and utilize virtual environments for analyzing malicious software in a controlled environment
Analyze malware using multiple static analysis techniques such as antivirus scanning, hashing, and string searching
Analyze malware behavior dynamically using appropriate network and system monitoring tools
Analyze malware behavior to detect and remove threats posed by macros in PDF and Microsoft Office files
Select appropriate approaches to detecting and removing malware
Formulate Indicators of Compromise (IoCs) from malware samples