460-6021/02 – Computer Security (PoB)

Gurantor departmentDepartment of Computer ScienceCredits10
Subject guarantorprof. Ing. Ivan Zelinka, Ph.D.Subject version guarantorprof. Ing. Ivan Zelinka, Ph.D.
Study levelpostgraduateRequirementChoice-compulsory
YearSemesterwinter + summer
Study languageEnglish
Year of introduction2015/2016Year of cancellation
Intended for the facultiesFEIIntended for study typesDoctoral
Instruction secured by
LoginNameTuitorTeacher giving lectures
ZEL01 prof. Ing. Ivan Zelinka, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Examination 28+0
Part-time Examination 28+0
Distance Examination 10+0

Subject aims expressed by acquired skills and competences

The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.

Teaching methods

Individual consultations

Summary

The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems. The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.

Compulsory literature:

1.Peter H. Gregory, Computer Viruses For Dummies, For Dummies, ISBN: 9780764574184 2. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley Professional, ISBN: 0321304543 3. Jon Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press; 2nd edition, ISBN: 1593271441 4. Ligh, M., Hartstein, B. and Adair, S., 2010. Malware analyst's cookbook and DVD: tools and techniques for fighting malicious code. John Wiley & Sons Inc. 5. Dunham, K., Hartman, S., Quintans, M., Morales, J.A. and Strazzere, T., 2014. Android malware and analysis. CRC Press. 6. Zelinka I., Merhaut F., OPVK_Computer viruses and security, Fakulta elektrotechniky a informatiky VŠB-TU Ostrava, 2018

Recommended literature:

7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939

Way of continuous check of knowledge in the course of semester

Student's knowledge will be verified in the form of problem-solving protocol and its publication.

E-learning

Additional requirements for the student are not.

Other requirements

Additional requirements are placed on the student.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems. 2. History of computer malware, emergence, and gradual development. 3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view. 4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten. 5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses. 6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload. 7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features. 8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators. 9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly. 10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus. 11. Computer worm and its construction. 12. Spyware and cyber weapons. 13. Backup. Basic backup systems and procedures 14. Dark web. Exercises in PC classrooms 1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger. Get acquainted with the issue of creating a keylogger. 2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries. Use the Windows registry to ensure that your keylogger starts at system startup. 3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell. Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding. 4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system. 5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection. 6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction. Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/. 7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware. Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers. 8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler. Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application. 9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge. Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions. 10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools. Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise. 11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network. 12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware. 13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.

Conditions for subject completion

Full-time form (validity from: 2015/2016 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Examination Examination  
Mandatory attendence parzicipation:

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2021/2022 (P0613D140006) Computer Science K English Ostrava Choice-compulsory type B study plan
2021/2022 (P0613D140006) Computer Science P English Ostrava Choice-compulsory type B study plan
2020/2021 (P0613D140006) Computer Science P English Ostrava Choice-compulsory type B study plan
2020/2021 (P0613D140006) Computer Science K English Ostrava Choice-compulsory type B study plan
2020/2021 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2020/2021 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan
2019/2020 (P0613D140006) Computer Science P English Ostrava Choice-compulsory type B study plan
2019/2020 (P0613D140006) Computer Science K English Ostrava Choice-compulsory type B study plan
2019/2020 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2019/2020 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan
2018/2019 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2018/2019 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan
2017/2018 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2017/2018 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan
2016/2017 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2016/2017 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan
2015/2016 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics P English Ostrava Choice-compulsory study plan
2015/2016 (P1807) Computer Science, Communication Technology and Applied Mathematics (1801V001) Informatics K English Ostrava Choice-compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner