460-4054/04 – Computer Viruses and Security of Computer Systems (PVBPS)

Gurantor departmentDepartment of Computer ScienceCredits4
Subject guarantorprof. Ing. Ivan Zelinka, Ph.D.Subject version guarantorprof. Ing. Ivan Zelinka, Ph.D.
Study levelundergraduate or graduateRequirementOptional
Year2Semesterwinter
Study languageCzech
Year of introduction2016/2017Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
PLU042 Ing. Jan Plucar, Ph.D.
ZEL01 prof. Ing. Ivan Zelinka, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2
Combined Credit and Examination 10+0

Subject aims expressed by acquired skills and competences

The goal is to familiarize the students with problems of computer viruses, their definition and classification, distribution method in computer and misuse of intrusion into computer systems. The course is also the definition of the issue phishing, spam, hacking and cracking and penetration with a demonstration of pre-installed operating systems. Graduate Students will: • Learn the modern techniques of computer intrusion and the possibility of their limitations. • Understand the area of malware sample analysis, functionality and structure. • Will be able to apply cyber defense methods against malware samples. Upon successful completion of the course will be able to graduate to apply the measures of computer systems security.

Teaching methods

Lectures
Tutorials

Summary

The course will discuss a broader range of techniques known as malware. They discussed both historically classic techniques and modern techniques and algorithms. There will also be discussed at the introductory level computer viruses, their classification and distribution methods, the best-known hacker techniques, including the phishing, spam, etc. Students should have a comprehensive knowledge of the course of above mentioned areas, including the possibility of countermeasures applications, increasing security of computer systems. Course will include individual assignments (presentations or projects). Their review and presentation will be part of lectures.

Compulsory literature:

Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184 Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543 Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441 Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939 Volitelná Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939

Recommended literature:

Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939

Way of continuous check of knowledge in the course of semester

E-learning

Další požadavky na studenta

It is required the ability to create programs in arbitrary programming language and apply lecture knowledge into algorithms. Additional requirements are not defined.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems. 2. History of computer malware, emergence, and gradual development. 3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view. 4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten. 5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory Infections, Interrupt Uses, Swap Viruses. 6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload. 7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features. 8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators. 9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly. 10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and flock virus. 11. The basics of phishing, spam and antispam. Spam, definitions and history. Anti-spam tools. Antispam strategies and tools for Windows and Linux. Bayesian classifier and SpamAssassin. Mail client and filters. Phishing. Phishing as Spam Subcategory, Phishing, and Spyware. False Identity, Redirection, and False Identity. Phishing and Malware. 12. Cyber Security and Introduction to Hacking - Basic concepts and procedures. 13. Backup. Basic backup systems and procedures 14. Bitcoins and dark web. Exercises in PC classrooms 1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger. Get to know the keylogger issue. 2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming. Use Windows Registry to ensure that your keylogger runs at system startup. 3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle. Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding. 4. DLL injection: Malware runtime masking using this technique. Through your application, do the DLL injection of the created library into the intended (running) process. 5. Symmetric encryption: Malware encryption files - for example, use of ransomware. Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored. 6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction. Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/. 7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques. Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header. 8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler. Debugging and Cracking: Learn about debugging binary files. Crack the app. 9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge. Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions. 10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools. Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise. 11) Student Presentations

Conditions for subject completion

Combined form (validity from: 2016/2017 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 30  15
        Examination Examination 70  35
Mandatory attendence parzicipation: To pass thorough laboratory exercises: 80% presence in laboratories, submission of all protocols and passing the exam according to the lecturer conditions.

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.FormStudy language Tut. centreYearWSType of duty
2019/2020 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P Czech Ostrava 2 Optional study plan
2019/2020 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K Czech Ostrava 2 Optional study plan
2018/2019 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P Czech Ostrava 2 Optional study plan
2018/2019 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K Czech Ostrava 2 Optional study plan
2017/2018 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P Czech Ostrava 1 Compulsory study plan
2017/2018 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P Czech Ostrava 2 Optional study plan
2017/2018 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K Czech Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P Czech Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K Czech Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P Czech Ostrava 1 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner