-TML logo-

T-110.6220 Special Course in Communications Security

Spring 2008: Malware Analysis and Antivirus Technologies (5 ECTS) P V

Opinnot > T-110.6220 > index.html


29.4.2008 Please give us course feedback: Finnish form, English form or Swedish form.
18.4.2008 Extra homework is published.
10.4.2008 Instructions for the course project are published. Check also material from the last lecture.
31.3.2008 Homework 3 is published. Notice also new deadline: Tuesday 8.4.
10.3.2008 Homework 2 is published.
18.2.2008 Homework 1 is published.
13.2.2008 Sign up computer sessions in Maari by using WebTopi. Content of the sessions 1 and 2 are same, so sign up only for one of the sessions.
13.2.2008 Home assignment deadlines are delayed. Homework 1: 24.2. -> 26.2. and homework 2: 16.3. -> 18.3.
30.1.2008 Schedule is updated (see Wed 20.2.), also newsgroup for the course is created.
28.1.2008 Course sign up is closed.
Note: official announcements of this course are posted to course newsgroup opinnot.tik.t1106220.

Course information

The course teaches students what malicious code is and how it can be detected and analyzed. Topics of the course include malware taxonomy, reverse engineering, code emulation fundamentals, basic cryptoanalysis of malicious crypto, and antivirus engine basics. Course includes a homework project that requires programming skills.


Sign up

Sign up is done by email according to these instructions.
Only 40 students will be accepted to the course based on the completed prerequirement courses and study major/minor/master programme if necessary.

Sign up is now closed.

Course in Spring 2008

Lectures are on Wednesdays at 16-18 in lecture hall TU1 (TUAS-building).

All lectures, lecture slides, assignments and course reading will be in English.

Taking the course consists of two parts:

  1. Passing home works
  2. Passing course project/assignment

Grade is based on the grade of the project and points from the homework assignments.


Date Time Place Topic Speaker
Fri 18.1. 16-18 Lecture hall T2 General introduction of the course
Antti Tikkanen
Tue 22.1. 16-18
Lecture hall T1 Lecture: Fighting Online Crime
Mikko Hyppönen
Wed 30.1. 16-18 TU1 (TUAS-building) Lecture: Windows operating system: Antivirus perspective.
Antti Tikkanen
Wed 6.2. 16-18 TU1 (TUAS-building) Lecture: Legal aspects of reverse engineering. Reverse engineering I
Slides (Intro to reverse engineering)
Slides (Intro to malware)
Gergely Erdelyi
Wed 13.2. 16-18 TU1 (TUAS-building) Lecture: Reverse engineering II
Gergely Erdelyi
Wed 20.2. 14-16 Maari-B Reverse engineering tools hands on classes (Session 1)
Shortcuts for IDA Pro
WebTopi sign up. Sign up only for session 1 or 2!
Wed 20.2. 16-18 TU1 (TUAS-building) Lecture: Mobile malware.
Jarno Niemelä
Thu 21.2. 16-18 Maari-B Reverse engineering tools hands on classes (Session 2)
Shortcuts for IDA Pro
WebTopi sign up. Sign up only for session 1 or 2!
Tue 26.2. 24:00 Notice new date! Deadline for returning homework 1: Reverse engineering with IDA Pro
Homework description
Wed 27.2. 16-18 TU1 (TUAS-building) Lecture: Using debuggers to analyze malware
Antti Tikkanen
Wed 5.3. 16-18 TU1 (TUAS-building) Lecture: Emulators and disassemblers
Jarkko Turkulainen
6.3.-12.3. Exam period
Tue 18.3. 24:00 Notice new date! Deadline for returning homework 2: Debugging with WinDbg/Olly
Homework description
Wed 19.3. 16-18 TU1 (TUAS-building) Lecture: Reverse engineering III
Gergely Erdelyi
20.3.-26.3. Eastern holiday
Wed 2.4. 16-18 TU1 (TUAS-building) Lecture: Unpacking and decrypting malware
Jarkko Turkulainen
Tue 8.4. 24:00 Notice new date! Deadline for returning homework 3: Malware taxonomy and malware in 2008
Homework description
Wed 9.4. 16-18 TU1 (TUAS-building) Lecture: Antivirus engine design, slides
Course Assignment, slides
Mika Ståhlberg
Sun 4.5. 24:00 Deadline for returning course assignments.
Assignment description

Lecture Material

The Art of Computer Virus Research and Defense
Peter Szor (Author)
ISBN 978-0321304544, Addison-Wesley Professional, 2005

Course staff

Lecturer: Antti Tikkanen, Research Manager, F-Secure Corporation
Assistant: Laura Takkinen

Please, use course email address T-110.6220(at)tml.hut.fi when contacting the course staff. Send all general questions related to the course arrangements, homeworks and project to the course newsgroup opinnot.tik.t1106220 (link to TKY webnews).

The responsible author of this page is course staff, <T-110.6220(ät)tml.hut.fi>.
Page last updated on Mon, 17 Dec 2007 11:00:31 +0200.
URL: http://www.tml.tkk.fi/Opinnot/T-110.6220/index.html