|Course Unit Code||460-4054/06|
|Number of ECTS Credits Allocated||6 ECTS credits|
|Type of Course Unit *||Compulsory|
|Level of Course Unit *||Second Cycle|
|Year of Study *||Second Year|
|Semester when the Course Unit is delivered||Winter Semester|
|Mode of Delivery||Face-to-face|
|Language of Instruction||Czech|
|Prerequisites and Co-Requisites ||Course succeeds to compulsory courses of previous semester|
|Name of Lecturer(s)||Personal ID||Name|
|ZEL01||prof. Ing. Ivan Zelinka, Ph.D.|
|PLU042||Ing. Jan Plucar, Ph.D.|
|The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems.
The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.
|Learning Outcomes of the Course Unit|
|The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.|
1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus.
11. Computer worm and its construction.
12. Spyware and cyber weapons.
13. Backup. Basic backup systems and procedures
14. Dark web.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.
|Recommended or Required Reading|
|1.Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184
2. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543
3. Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441
4. Ligh, M., Hartstein, B. and Adair, S., 2010. Malware analyst's cookbook and DVD: tools and techniques for fighting malicious code. John Wiley & Sons Inc.
5. Dunham, K., Hartman, S., Quintans, M., Morales, J.A. and Strazzere, T., 2014. Android malware and analysis. CRC Press.
6. Zelinka I., Merhaut F., OPVK_Computer viruses and security, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018
|1. Zelinka I., Merhaut F., Úvod do počítačové bezpečnosti, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018
2. Peter Szor, Počítačové viry - analýza útoku a obrana, Zoner Press
|7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939|
|3. Pokorný J., Hacking - umění exploitace, Zoner Press
Lance J., Phishing bez záhad, Grada, 2007
|Planned learning activities and teaching methods|
|Lectures, Tutorials, Project work|
|Assesment methods and criteria|
|Task Title||Task Type||Maximum Number of Points|
(Act. for Subtasks)
|Minimum Number of Points for Task Passing|
|Credit and Examination||Credit and Examination||100 (100)||51|
| Credit||Credit||45 ||21|
| Examination||Examination||55 ||30|