460-4054/07 – Computer Viruses and Security of Computer Systems (PVBPS)

Gurantor departmentDepartment of Computer ScienceCredits6
Subject guarantorprof. Ing. Ivan Zelinka, Ph.D.Subject version guarantorprof. Ing. Ivan Zelinka, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year2Semesterwinter
Study languageEnglish
Year of introduction2018/2019Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
PLU042 Ing. Jan Plucar, Ph.D.
ZEL01 prof. Ing. Ivan Zelinka, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2

Subject aims expressed by acquired skills and competences

The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.

Teaching methods

Lectures
Tutorials
Project work

Summary

The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems. The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.

Compulsory literature:

1.Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184 2. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543 3. Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441 4. Ligh, M., Hartstein, B. and Adair, S., 2010. Malware analyst's cookbook and DVD: tools and techniques for fighting malicious code. John Wiley & Sons Inc. 5. Dunham, K., Hartman, S., Quintans, M., Morales, J.A. and Strazzere, T., 2014. Android malware and analysis. CRC Press. 6. Zelinka I., Merhaut F., OPVK_Computer viruses and security, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018

Recommended literature:

7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939

Way of continuous check of knowledge in the course of semester

The examination is based on the elaboration of the protocols of the subject, by which the student demonstrates not only the understanding of the lecture information but also the ability to implement them in the given programming environment. To obtain credit, you must hand over all the required protocols and have at least 80% of physical attendance at the laboratories. Credit is a vital condition for admission to the exam. The exam is oral.

E-learning

Other requirements

It is required the ability to create programs in arbitrary programming language and apply lecture knowledge into algorithms. Additional requirements are not defined.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems. 2. History of computer malware, emergence, and gradual development. 3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view. 4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten. 5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses. 6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload. 7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features. 8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators. 9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly. 10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus. 11. Computer worm and its construction. 12. Spyware and cyber weapons. 13. Backup. Basic backup systems and procedures 14. Dark web. Exercises in PC classrooms 1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger. Get acquainted with the issue of creating a keylogger. 2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries. Use the Windows registry to ensure that your keylogger starts at system startup. 3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell. Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding. 4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system. 5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection. 6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction. Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/. 7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware. Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers. 8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler. Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application. 9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge. Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions. 10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools. Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise. 11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network. 12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware. 13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.

Conditions for subject completion

Full-time form (validity from: 2018/2019 Summer semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of pointsMax. počet pokusů
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45  21
        Examination Examination 55  30 3
Mandatory attendence participation: To pass thorough laboratory exercises: 80% presence in laboratories, submission of all protocols and passing the exam according to the lecturer conditions.

Show history

Conditions for subject completion and attendance at the exercises within ISP: Completion of all mandatory tasks within individually agreed deadlines.

Show history

Occurrence in study plans

Academic yearProgrammeBranch/spec.Spec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2024/2025 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2023/2024 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2023/2024 (N0714A060021) Communication and Information Technology P English Ostrava 2 Optional study plan
2022/2023 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2022/2023 (N0714A060021) Communication and Information Technology P English Ostrava 2 Optional study plan
2021/2022 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2020/2021 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2020/2021 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2019/2020 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Compulsory study plan
2019/2020 (N0612A140005) Information and Communication Security IKB P English Ostrava 2 Compulsory study plan
2018/2019 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 1 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner

Assessment of instruction

Předmět neobsahuje žádné hodnocení.