T-110.6220 Special Course in Communications Security

Spring 2008: Malware Analysis and Antivirus Technologies (5 ECTS) P V

Announcements

29.4.2008 Please give us course feedback: Finnish form, English form or Swedish form.
18.4.2008 Extra homework is published.
10.4.2008 Instructions for the course project are published. Check also material from the last lecture.
31.3.2008 Homework 3 is published. Notice also new deadline: Tuesday 8.4.
10.3.2008 Homework 2 is published.
18.2.2008 Homework 1 is published.
13.2.2008 Sign up computer sessions in Maari by using WebTopi. Content of the sessions 1 and 2 are same, so sign up only for one of the sessions.
13.2.2008 Home assignment deadlines are delayed. Homework 1: 24.2. -> 26.2. and homework 2: 16.3. -> 18.3.
30.1.2008 Schedule is updated (see Wed 20.2.), also newsgroup for the course is created.
28.1.2008 Course sign up is closed.
Note: official announcements of this course are posted to course newsgroup opinnot.tik.t1106220.

Course information

The course teaches students what malicious code is and how it can be detected and analyzed. Topics of the course include malware taxonomy, reverse engineering, code emulation fundamentals, basic cryptoanalysis of malicious crypto, and antivirus engine basics. Course includes a homework project that requires programming skills.

Prerequirements

T-110.4100 Computer networks
T-106.1220 Data Structures and Algorithms
Basic understanding of Windows OS or other OS internals (e.g. "T-106.5150 Operating Systems Project")
Computer architecture (e.g. "S-87.3190 Computer Architecture")
C or Assembly programming skills

Sign up

Sign up is done by email according to these instructions.
Only 40 students will be accepted to the course based on the completed prerequirement courses and study major/minor/master programme if necessary.

Course in Spring 2008

Lectures are on Wednesdays at 16-18 in lecture hall TU1 (TUAS-building).

All lectures, lecture slides, assignments and course reading will be in English.

Taking the course consists of two parts:

Passing home works
Passing course project/assignment

Grade is based on the grade of the project and points from the homework assignments.

Schedule

Date	Time	Place	Topic	Speaker
Fri 18.1.	16-18	Lecture hall T2	General introduction of the course Slides	Antti Tikkanen
Tue 22.1.	16-18	Lecture hall T1	Lecture: Fighting Online Crime Slides	Mikko Hyppönen
Wed 30.1.	16-18	TU1 (TUAS-building)	Lecture: Windows operating system: Antivirus perspective. Slides	Antti Tikkanen
Wed 6.2.	16-18	TU1 (TUAS-building)	Lecture: Legal aspects of reverse engineering. Reverse engineering I Slides (Intro to reverse engineering) Slides (Intro to malware)	Gergely Erdelyi
Wed 13.2.	16-18	TU1 (TUAS-building)	Lecture: Reverse engineering II Slides	Gergely Erdelyi
Wed 20.2.	14-16	Maari-B	Reverse engineering tools hands on classes (Session 1) Shortcuts for IDA Pro WebTopi sign up. Sign up only for session 1 or 2!
Wed 20.2.	16-18	TU1 (TUAS-building)	Lecture: Mobile malware. Slides	Jarno Niemelä
Thu 21.2.	16-18	Maari-B	Reverse engineering tools hands on classes (Session 2) Shortcuts for IDA Pro WebTopi sign up. Sign up only for session 1 or 2!
Tue 26.2.	24:00	Notice new date!	Deadline for returning homework 1: Reverse engineering with IDA Pro Homework description
Wed 27.2.	16-18	TU1 (TUAS-building)	Lecture: Using debuggers to analyze malware Slides	Antti Tikkanen
Wed 5.3.	16-18	TU1 (TUAS-building)	Lecture: Emulators and disassemblers Slides	Jarkko Turkulainen
6.3.-12.3.			Exam period
Tue 18.3.	24:00	Notice new date!	Deadline for returning homework 2: Debugging with WinDbg/Olly Homework description
Wed 19.3.	16-18	TU1 (TUAS-building)	Lecture: Reverse engineering III Slides	Gergely Erdelyi
20.3.-26.3.			Eastern holiday
Wed 2.4.	16-18	TU1 (TUAS-building)	Lecture: Unpacking and decrypting malware Slides	Jarkko Turkulainen
Tue 8.4.	24:00	Notice new date!	Deadline for returning homework 3: Malware taxonomy and malware in 2008 Homework description
Wed 9.4.	16-18	TU1 (TUAS-building)	Lecture: Antivirus engine design, slides Course Assignment, slides	Mika Ståhlberg
Sun 4.5.	24:00		Deadline for returning course assignments. Assignment description

Lecture Material

The Art of Computer Virus Research and Defense
Peter Szor (Author)
ISBN 978-0321304544, Addison-Wesley Professional, 2005

Course staff

Lecturer: Antti Tikkanen, Research Manager, F-Secure Corporation
Assistant: Laura Takkinen

Please, use course email address T-110.6220(at)tml.hut.fi when contacting the course staff. Send all general questions related to the course arrangements, homeworks and project to the course newsgroup opinnot.tik.t1106220 (link to TKY webnews).

The responsible author of this page is course staff, <T-110.6220tml.hut.fi>.
Page last updated on Mon, 17 Dec 2007 11:00:31 +0200.
URL: http://www.tml.tkk.fi/Opinnot/T-110.6220/index.html