course-details-portlet

IMT4116 - Reverse Engineering and Malware Analysis

About

New from the academic year 2016/2017

Examination arrangement

Examination arrangement: Home examination
Grade: Letters

Evaluation Weighting Duration Grade deviation Examination aids
Home examination 100/100 72 timer

Course content

Malware methodology

Basic analysis

Advanced static analysis

Advanced Dynamic analysis

Anonymous and stealthy analysis

Malware classification and functionality

Anti Reverse-engineering

Malware lab

Learning outcome

Knowledge:

The candidate possess knowledge of methodology, technology and application of malware analysis and reverse engineering

The candidate possess thorough knowledge of anonymous analysis

The candidate possess advanced knowledge of static malware analysis

The candidate possess advanced knowledge of dynamic malware analysis

The candidate possess thorough knowledge of malware classification and functionality

The candidate possess knowledge of anti-reverse engineering techniques

The candidate possess thorough knowledge of building and using a malware lab

 

Skills:

The candidate is capable of applying malware analysis methodology and technology

The candidate is capable of applying advanced static malware analysis

The candidate is capable of applying advanced dynamic malware analysis

The candidate is able to identify basic and some advanced malware functionality

The candidate is able to identify known anti-reverse engineering techniques

The candidate is able to conduct an analysis without revealing that the investigation is taking place and/or revealing their identity.

 

General competence:

The candidate is capable of analyzing relevant professional and research problems in malware analysis

The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis

The candidate is capable of working independently as a malware analyst and is familiar with terminology.

The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience

The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner

The candidate is capable of contributing to innovation and innovation processes

Learning methods and activities

Forelesninger

Lab.øvelser

Nettstøttet læring

Obligatoriske oppgaver|Annet

 

Utfyllende informasjon:

The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded. Intensive lab exercises are offered. Participation in the lab on campus is recommended even for remote students. Nevertheless, the lab exercises are also recorded, so that the course is open for both campus and remote students.

 

Obligatoriske arbeidskrav:

All exercises must be approved in order to take the home and oral exam.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

Utfyllende om kontinuasjon:

For the final home exam: Re-sit examination in August, followed by a new oral exam.

 

Vurderingsformer:

The home exam is given a temporary grade.

Individual oral examination/presentation may adjust the grade up or down to the final grade, according to performance.

Students must obtain a passing grade on the home exam to be able to present themselves for the oral examination/presentation.

Students must pass both parts to pass the course

For off campus students the oral exam will be arranged through web conference.

In specific circumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Specific conditions

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Required previous knowledge

Laboratory activities will involve analyzing and handling malicious code on your computer system. Virtual machines and due caution will be used, but it is nevertheless not recommended to use your organizations laptop in laboratory activity.

Course materials

Books/standards, conference/journal papers and web resources, such as

M.Sikorski and A. Honig: Practical Malware Analysis, The hands on guide to dissecting Malicious Software

M. Ligh, S Adair, B Hartstein and M.Richard: Malware Analyst¿s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code.

More on the course

No

Facts

Version: 1
Credits:  7.5 SP
Study level: Second degree level

Coursework

Term no.: 1
Teaching semester:  SPRING 2017

Language of instruction: English

-

Subject area(s)
  • Information Security
Contact information
Course coordinator:
  • Geir Olav Dyrkolbotn

Department with academic responsibility
Department of Information Security and Communication Technology

Examination

Examination arrangement: Home examination

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Spring ORD Home examination 100/100

Release
2017-06-01

Submission
2017-06-05

Room Building Number of candidates
Summer KONT Home examination 100/100
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
Examination

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU