460-4054/05 – Computer Viruses and Security of Computer Systems (PVBPS)

Gurantor departmentDepartment of Computer ScienceCredits4
Subject guarantorprof. Ing. Ivan Zelinka, Ph.D.Subject version guarantorprof. Ing. Ivan Zelinka, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year1Semesterwinter
Study languageEnglish
Year of introduction2016/2017Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
PLU042 Ing. Jan Plucar, Ph.D.
ZEL01 prof. Ing. Ivan Zelinka, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2
Part-time Credit and Examination 10+0

Subject aims expressed by acquired skills and competences

The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.

Teaching methods

Lectures
Tutorials
Project work

Summary

The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems. The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.

Compulsory literature:

1.Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184 2. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543 3. Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441 4. Ligh, M., Hartstein, B. and Adair, S., 2010. Malware analyst's cookbook and DVD: tools and techniques for fighting malicious code. John Wiley & Sons Inc. 5. Dunham, K., Hartman, S., Quintans, M., Morales, J.A. and Strazzere, T., 2014. Android malware and analysis. CRC Press. 6. Zelinka I., Merhaut F., OPVK_Computer viruses and security, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018

Recommended literature:

7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939

Way of continuous check of knowledge in the course of semester

E-learning

Other requirements

It is required the ability to create programs in arbitrary programming language and apply lecture knowledge into algorithms. Additional requirements are not defined.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems. 2. History of computer malware, emergence, and gradual development. 3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view. 4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten. 5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory Infections, Interrupt Uses, Swap Viruses. 6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload. 7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features. 8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators. 9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly. 10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and flock virus. 11. The basics of phishing, spam and antispam. Spam, definitions and history. Anti-spam tools. Antispam strategies and tools for Windows and Linux. Bayesian classifier and SpamAssassin. Mail client and filters. Phishing. Phishing as Spam Subcategory, Phishing, and Spyware. False Identity, Redirection, and False Identity. Phishing and Malware. 12. Cyber Security and Introduction to Hacking - Basic concepts and procedures. 13. Backup. Basic backup systems and procedures 14. Bitcoins and dark web. Exercises in PC classrooms 1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger. Get to know the keylogger issue. 2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming. Use Windows Registry to ensure that your keylogger runs at system startup. 3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle. Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding. 4. DLL injection: Malware runtime masking using this technique. Through your application, do the DLL injection of the created library into the intended (running) process. 5. Symmetric encryption: Malware encryption files - for example, use of ransomware. Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored. 6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction. Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/. 7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques. Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header. 8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler. Debugging and Cracking: Learn about debugging binary files. Crack the app. 9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge. Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions. 10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools. Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise. 11) Student Presentations

Conditions for subject completion

Full-time form (validity from: 2016/2017 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 30  15
        Examination Examination 70  35
Mandatory attendence parzicipation: To pass thorough laboratory exercises: 80% presence in laboratories, submission of all protocols and passing the exam according to the lecturer conditions.

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2022/2023 (N0688A140015) Industry 4.0 P English Ostrava 2 Optional study plan
2022/2023 (N0613A140035) Computer Science P English Ostrava 2 Optional study plan
2021/2022 (N0688A140015) Industry 4.0 P English Ostrava 2 Optional study plan
2021/2022 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2020/2021 (N0688A140015) Industry 4.0 P English Ostrava 2 Optional study plan
2020/2021 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2019/2020 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2019/2020 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K English Ostrava 2 Optional study plan
2018/2019 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2018/2019 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K English Ostrava 2 Optional study plan
2017/2018 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 1 Compulsory study plan
2017/2018 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2017/2018 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K English Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology K English Ostrava 2 Optional study plan
2016/2017 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 1 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner