460-4054/04 – Computer Viruses and Security of Computer Systems (PVBPS)
Gurantor department | Department of Computer Science | Credits | 4 |
Subject guarantor | prof. Ing. Ivan Zelinka, Ph.D. | Subject version guarantor | prof. Ing. Ivan Zelinka, Ph.D. |
Study level | undergraduate or graduate | Requirement | Optional |
Year | 2 | Semester | winter |
| | Study language | Czech |
Year of introduction | 2016/2017 | Year of cancellation | |
Intended for the faculties | FEI | Intended for study types | Follow-up Master |
Subject aims expressed by acquired skills and competences
The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.
Teaching methods
Lectures
Tutorials
Project work
Summary
The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems.
The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.
Compulsory literature:
Recommended literature:
7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939
Way of continuous check of knowledge in the course of semester
E-learning
Other requirements
It is required the ability to create programs in arbitrary programming language and apply lecture knowledge into algorithms.
Additional requirements are not defined.
Prerequisities
Subject has no prerequisities.
Co-requisities
Subject has no co-requisities.
Subject syllabus:
Lectures:
1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory Infections, Interrupt Uses, Swap Viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and flock virus.
11. The basics of phishing, spam and antispam. Spam, definitions and history. Anti-spam tools. Antispam strategies and tools for Windows and Linux. Bayesian classifier and SpamAssassin. Mail client and filters. Phishing. Phishing as Spam Subcategory, Phishing, and Spyware. False Identity, Redirection, and False Identity. Phishing and Malware.
12. Cyber Security and Introduction to Hacking - Basic concepts and procedures.
13. Backup. Basic backup systems and procedures
14. Bitcoins and dark web.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get to know the keylogger issue.
2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming.
Use Windows Registry to ensure that your keylogger runs at system startup.
3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle.
Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding.
4. DLL injection: Malware runtime masking using this technique.
Through your application, do the DLL injection of the created library into the intended (running) process.
5. Symmetric encryption: Malware encryption files - for example, use of ransomware.
Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored.
6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction.
Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/.
7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques.
Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header.
8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler.
Debugging and Cracking: Learn about debugging binary files. Crack the app.
9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge.
Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions.
10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise.
11) Student Presentations
Conditions for subject completion
Occurrence in study plans
Occurrence in special blocks
Assessment of instruction