Skip to main content
Skip header

Computer Viruses and Security of Computer Systems

* Exchange students do not have to consider this information when selecting suitable courses for an exchange stay.

Course Unit Code460-4054/04
Number of ECTS Credits Allocated4 ECTS credits
Type of Course Unit *Optional
Level of Course Unit *Second Cycle
Year of Study *Second Year
Semester when the Course Unit is deliveredWinter Semester
Mode of DeliveryFace-to-face
Language of InstructionCzech
Prerequisites and Co-Requisites Course succeeds to compulsory courses of previous semester
Name of Lecturer(s)Personal IDName
ZEL01prof. Ing. Ivan Zelinka, Ph.D.
PLU042Ing. Jan Plucar, Ph.D.
Summary
The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems.
The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.
Learning Outcomes of the Course Unit
The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.
Course Contents
Lectures:

1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory Infections, Interrupt Uses, Swap Viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and flock virus.
11. The basics of phishing, spam and antispam. Spam, definitions and history. Anti-spam tools. Antispam strategies and tools for Windows and Linux. Bayesian classifier and SpamAssassin. Mail client and filters. Phishing. Phishing as Spam Subcategory, Phishing, and Spyware. False Identity, Redirection, and False Identity. Phishing and Malware.
12. Cyber Security and Introduction to Hacking - Basic concepts and procedures.
13. Backup. Basic backup systems and procedures
14. Bitcoins and dark web.

Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get to know the keylogger issue.

2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming.
Use Windows Registry to ensure that your keylogger runs at system startup.

3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle.
Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding.

4. DLL injection: Malware runtime masking using this technique.
Through your application, do the DLL injection of the created library into the intended (running) process.

5. Symmetric encryption: Malware encryption files - for example, use of ransomware.
Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored.

6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction.
Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/.

7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques.
Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header.

8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler.
Debugging and Cracking: Learn about debugging binary files. Crack the app.

9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge.
Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions.

10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise.

11) Student Presentations
Recommended or Required Reading
Required Reading:
1.Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184
2. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543
3. Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441
4. Ligh, M., Hartstein, B. and Adair, S., 2010. Malware analyst's cookbook and DVD: tools and techniques for fighting malicious code. John Wiley & Sons Inc.
5. Dunham, K., Hartman, S., Quintans, M., Morales, J.A. and Strazzere, T., 2014. Android malware and analysis. CRC Press.
6. Zelinka I., Merhaut F., OPVK_Computer viruses and security, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018
1. Zelinka I., Merhaut F., Úvod do počítačové bezpečnosti, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018
2. Peter Szor, Počítačové viry - analýza útoku a obrana, Zoner Press

Recommended Reading:
7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939
3. Pokorný J., Hacking - umění exploitace, Zoner Press
Lance J., Phishing bez záhad, Grada, 2007
Planned learning activities and teaching methods
Lectures, Tutorials, Project work
Assesment methods and criteria
Task TitleTask TypeMaximum Number of Points
(Act. for Subtasks)
Minimum Number of Points for Task Passing
Credit and ExaminationCredit and Examination100 (100)51
        CreditCredit30 15
        ExaminationExamination70 35