Course - Reverse Engineering and Malware Analysis - IMT4116
IMT4116 - Reverse Engineering and Malware Analysis
About
New from the academic year 2016/2017
Examination arrangement
Examination arrangement: Home examination
Grade: Letters
Evaluation | Weighting | Duration | Grade deviation | Examination aids |
---|---|---|---|---|
Home examination | 100/100 | 72 timer |
Course content
Malware methodology
Basic analysis
Advanced static analysis
Advanced Dynamic analysis
Anonymous and stealthy analysis
Malware classification and functionality
Anti Reverse-engineering
Malware lab
Learning outcome
Knowledge:
The candidate possess knowledge of methodology, technology and application of malware analysis and reverse engineering
The candidate possess thorough knowledge of anonymous analysis
The candidate possess advanced knowledge of static malware analysis
The candidate possess advanced knowledge of dynamic malware analysis
The candidate possess thorough knowledge of malware classification and functionality
The candidate possess knowledge of anti-reverse engineering techniques
The candidate possess thorough knowledge of building and using a malware lab
Skills:
The candidate is capable of applying malware analysis methodology and technology
The candidate is capable of applying advanced static malware analysis
The candidate is capable of applying advanced dynamic malware analysis
The candidate is able to identify basic and some advanced malware functionality
The candidate is able to identify known anti-reverse engineering techniques
The candidate is able to conduct an analysis without revealing that the investigation is taking place and/or revealing their identity.
General competence:
The candidate is capable of analyzing relevant professional and research problems in malware analysis
The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis
The candidate is capable of working independently as a malware analyst and is familiar with terminology.
The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience
The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
The candidate is capable of contributing to innovation and innovation processes
Learning methods and activities
Forelesninger
Lab.øvelser
Nettstøttet læring
Obligatoriske oppgaver|Annet
Utfyllende informasjon:
The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded. Intensive lab exercises are offered. Participation in the lab on campus is recommended even for remote students. Nevertheless, the lab exercises are also recorded, so that the course is open for both campus and remote students.
Obligatoriske arbeidskrav:
All exercises must be approved in order to take the home and oral exam.
Compulsory assignments
- Coursework Requirements
Further on evaluation
Utfyllende om kontinuasjon:
For the final home exam: Re-sit examination in August, followed by a new oral exam.
Vurderingsformer:
The home exam is given a temporary grade.
Individual oral examination/presentation may adjust the grade up or down to the final grade, according to performance.
Students must obtain a passing grade on the home exam to be able to present themselves for the oral examination/presentation.
Students must pass both parts to pass the course
For off campus students the oral exam will be arranged through web conference.
In specific circumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.
Specific conditions
Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Required previous knowledge
Laboratory activities will involve analyzing and handling malicious code on your computer system. Virtual machines and due caution will be used, but it is nevertheless not recommended to use your organizations laptop in laboratory activity.
Course materials
Books/standards, conference/journal papers and web resources, such as
M.Sikorski and A. Honig: Practical Malware Analysis, The hands on guide to dissecting Malicious Software
M. Ligh, S Adair, B Hartstein and M.Richard: Malware Analyst¿s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code.
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: SPRING 2017
Language of instruction: English
-
- Information Security
- Geir Olav Dyrkolbotn
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Home examination
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
-
Spring
ORD
Home examination
100/100
Release
2017-06-01Submission
2017-06-05 -
Room Building Number of candidates - Summer KONT Home examination 100/100
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"