Spring 2016

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: Tuesday and Thursday 2-3pm, or by appointment (subject to changes which I will try to announce in advance)

Course information

Monday and Wednesday, 4-5:15pm
ITE 366

Prerequisites:

Graduate standing in CMSC, CYBR, or a related discipline. A course in malware analysis, such as CMSC 491/691 Malware Analysis, or network security, or equivalent experience, is expected. To be specific, I will expect you to have experience with network traffic tools such as Wireshark, debuggers such as Olly or x64, and a disassembler such as IDA.

Overview

Notes

Notes from each class session

Reading List

We will develop the reading list as we go. Students should know how to use the UMBC Library research port and other facilities to get access to papers they want. I suggest using a paper management system such as Mendeley. Suggestions for improving this list are welcome.

Textbook(s): None

The following books are not required, but may be helpful:

Advanced Malware Analysis
Christopher Elisan
McGraw-Hill, 2015
ISBN: 978-0-07-181975-6

Practical Malware Analysis
Sikorski and Honig
ISBN 978-1-59327-290-6
Publisher: no starch press
(zipfile of labs for UMBC only)

Malware Analyst's Cookbook and DVD
Ligh, Adair, Harstein and Richard
Publisher: Wiley
this book is not required, but it may be helpful
(tarfile of DVD for UMBC only)

Reversing: Secrets of Reverse Engineering
Eldad Eilam
Publisher: Wiley
this book is not required, but it may be helpful

Be careful when dowloading "free" copies of these books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Objectives:

We explore advanced topics in static and dynamic malware analysis. Along the way, students will:

Course Policies

Grading

Students enrolled in CMSC 691 will be expected to write a term paper and present it to the class as a poster. Students will also take turns reading and presenting research papers from the literature. (Probably two papers per person, roughly 5-6 weeks apart.) The points will be allocated as follows: 20% class participation, 50% term paper, 10% poster, 10% for each research paper presented.

The term paper will be a mock Ph.D. thesis proposal. The components of such a paper are usually an (10%) introduction and problem statement, (20%) a survey of related work, (10%) an experimental design, and (10%) a research plan. I will discuss each in more detail. For the sake of grading, we'll break this up into parts with separate due dates.

Abuse of Resources

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

Academic Honesty

Academic dishonesty of any kind will be handled in accordance with University policy.

"By enrolling in this course, each student assumes the responsibilities of an active participant in UMBC's scholarly community, in which everyone's academic work and behavior are held to the highest standards of honesty. Cheating, fabrication, plagiarism, and helping others to commit these acts are all forms of academic dishonesty, and they are wrong. Academic misconduct could result in disciplinary action that may include, but is not limited to, suspension or dismissal. To read the full Student Academic Conduct Policy, consult the UMBC Student Handbook, the Faculty Handbook, or the UMBC Policies section of the UMBC Directory." [Statement adopted by UMBC's Undergraduate Council and Provost's Office.]

 

Resources

A collection of malware analysis resources, such as web sites, downloads, and so forth. Suggestions are welcome!