460-6021/02 – Computer Security (PoB)
Gurantor department | Department of Computer Science | Credits | 10 |
Subject guarantor | prof. Ing. Ivan Zelinka, Ph.D. | Subject version guarantor | prof. Ing. Ivan Zelinka, Ph.D. |
Study level | postgraduate | Requirement | Choice-compulsory |
Year | | Semester | winter + summer |
| | Study language | English |
Year of introduction | 2015/2016 | Year of cancellation | |
Intended for the faculties | FEI | Intended for study types | Doctoral |
Subject aims expressed by acquired skills and competences
The aim of the course is to acquaint its students with the issue of computer viruses, their definition and classification, the method of spread in computer systems and possible misuse to penetrate computer systems. The course also includes work with sharp malware and construction of sample types of malware and its hybridization with artificial intelligence. The graduate will gain an overview of modern types of malware, their use as spyware and cyber weapons. Upon successful completion of this course, graduates will be able to apply measures to increase the security of computer systems.
Teaching methods
Individual consultations
Summary
The course will discuss a wider range of techniques of so-called malicious code. Both historically classical techniques and modern procedures and algorithms will be mentioned. Furthermore, computer viruses, their classification and methods of spread, work with sharp malware and construction of sample types of malware and their hybridization with artificial intelligence will be discussed at the introductory level. Modern types of malware and its use as spyware and cyber weapons. After completing the course, the student should have comprehensive knowledge of the above areas, including the possibility of countermeasure applications, increasing the security of computer systems.
The course will also include individual tasks arising from lectures (or exercises). Their control and presentation will be part of the lectures.
Compulsory literature:
Recommended literature:
7. Kevin Beaver, Hacking For Dummies, For Dummies; 3 edition, ISBN-10: 9780470550939
Additional study materials
Way of continuous check of knowledge in the course of semester
Student's knowledge will be verified in the form of problem-solving protocol and its publication.
E-learning
Additional requirements for the student are not.
Other requirements
Additional requirements are placed on the student.
Prerequisities
Subject has no prerequisities.
Co-requisities
Subject has no co-requisities.
Subject syllabus:
Lectures:
1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus.
11. Computer worm and its construction.
12. Spyware and cyber weapons.
13. Backup. Basic backup systems and procedures
14. Dark web.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.
Conditions for subject completion
Occurrence in study plans
Occurrence in special blocks
Assessment of instruction