Course - Reverse Engineering and Malware Analysis - IIK6538
IIK6538 - Reverse Engineering and Malware Analysis
About
Lessons are not given in the academic year 2024/2025
Course content
-Malware methodology -Basic analysis -Advanced static analysis -Advanced Dynamic analysis -Anonymous and stealthy analysis -Malware classification and functionality -Anti Reverse-engineering -Malware lab
The course will be available as a "Lifelong learning"-Course from Spring 2024. Participants will have to pay the regular semester fee, and might in addition be charged a course fee according to regulations life-long learning courses 2024.
Learning outcome
Knowledge: -The candidate possess knowledge of methodology, technology and application of malware analysis and reverse engineering -The candidate possess thorough knowledge of anonymous analysis -The candidate possess advanced knowledge of static malware analysis -The candidate possess advanced knowledge of dynamic malware analysis -The candidate possess thorough knowledge of malware classification and functionality -The candidate possess knowledge of anti-reverse engineering techniques -The candidate possess thorough knowledge of building and using a malware lab
Skills: -The candidate is capable of applying malware analysis methodology and technology -The candidate is capable of applying advanced static malware analysis -The candidate is capable of applying advanced dynamic malware analysis -The candidate is able to identify basic and some advanced malware functionality -The candidate is able to identify known anti-reverse engineering techniques -The candidate is able to conduct an analysis without revealing that the investigation is taking place and/or revealing their identity.
General competence: -The candidate is capable of analyzing relevant professional and research problems in malware analysis -The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis -The candidate is capable of working independently as a malware analyst and is familiar with terminology. -The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience -The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner -The candidate is capable of contributing to innovation and innovation processes
Learning methods and activities
-Lectures -Lab work -E-learning -Compulsory assignments
Additional information: -The course will be made accessible for both campus (Gjøvik) and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus Gjøvik and are recorded. All activities will be coordinated with the course IMT4116 (Master Information Security elective course).
Compulsory requirements: -Two assignments must be approved in order to take the exam. Students will be divided (randomly) into groups of 4, to read and provide feedback on each other’s assignment. Approvement (approved/not approved) will be done by staff.
Compulsory assignments
- Assignments - Oblig
Further on evaluation
The coursework assignments: Students will be divided (randomly) into groups of 4, to read and provide feedback on each other’s assignment. Approvement on two assignments will be done by staff.
Form of assessment: 72 hour home exam (A-F). No re-sit, if not passed grade on the home exam, students need to sign up next time the course is running.
In specific circumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative description of the A-F scale.
Specific conditions
Admission to a programme of study is required:
Information Security (MIS)
Miscellaneous Courses - Faculty of Information Technology and Electrical Engineering (EMNE/IE)
Recommended previous knowledge
Knowledge of windows OS and basic programming skills and assembly is an advantage.
To attend IIK6538 a completed bachelor degree within ICT/Computer Science and/or Cyber Security or similar is required.
Min 2 year work relevant work experience is an advantage, documentation might be requested.
Required previous knowledge
Laboratory activities will involve analyzing and handling malicious code on your computer system. Virtual machines and due caution will be used, but it is nevertheless not recommended to use your organizations laptop in laboratory activity.
To attend IIK6538 a completed bachelor degree within ICT/Computer Science and/or Cyber Security or similar is required.
Min 2 year work relevant work experience is an advantage, documentation might be requested.
Course materials
Books/standards, conference/journal papers and web resources,
- M.Sikorski and A. Honig: Practical Malware Analysis, The hands on guide to dissecting Malicious Software
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT4116 | 7.5 | AUTUMN 2023 |
Version: 1
Credits:
7.5 SP
Study level: Further education, higher degree level
Language of instruction: English
Location: Gjøvik
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Department with administrative responsibility
Section for quality in education and learning environment
Examination
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"