A Course Module on Malware Analysis
Start Date
12-10-2019 2:00 PM
End Date
12-10-2019 2:25 PM
Location
KSU Center Rm 460
Abstract
According to a 2019 mid-year report by Check Point Research, a cyber-intelligence firm, malware-related security attacks are as pervasive as ever and have paralyzed numerous organizations worldwide. Increasingly, malware authors are developing and incorporating more complex techniques into their code to offset known cyber-security defense mechanisms. As such, it is critical for students to analyze the low-level structure of Malware's and their run-time effects on a system in order to develop a precise understanding of threats. The department of Computer Science at North Carolina A&T designed two Hand-on Labs that help students learn Malware Analysis. In the first lab, students conducted a dynamic analysis by actively infecting a virtual machine with a backdoor Trojan. In the second lab, students conducted a static analysis of the Trojans executable file. They used open-source tools to extract parameters from its source code in order to do a lightweight review of code capabilities. The analysis of survey data shows that students learned to build an accurate picture of a malware-infected system using the disentangled data collected by the various analyzing instruments. Additionally, the lightweight review of the malware's source code demystified malware engineering to participants. Overall, our observations hold that lightweight source-code presentation is a good approach for in-depth teaching of malware analysis and is a dominant contributing factor for increasing student knowledge of the subject matter.
A Course Module on Malware Analysis
KSU Center Rm 460
According to a 2019 mid-year report by Check Point Research, a cyber-intelligence firm, malware-related security attacks are as pervasive as ever and have paralyzed numerous organizations worldwide. Increasingly, malware authors are developing and incorporating more complex techniques into their code to offset known cyber-security defense mechanisms. As such, it is critical for students to analyze the low-level structure of Malware's and their run-time effects on a system in order to develop a precise understanding of threats. The department of Computer Science at North Carolina A&T designed two Hand-on Labs that help students learn Malware Analysis. In the first lab, students conducted a dynamic analysis by actively infecting a virtual machine with a backdoor Trojan. In the second lab, students conducted a static analysis of the Trojans executable file. They used open-source tools to extract parameters from its source code in order to do a lightweight review of code capabilities. The analysis of survey data shows that students learned to build an accurate picture of a malware-infected system using the disentangled data collected by the various analyzing instruments. Additionally, the lightweight review of the malware's source code demystified malware engineering to participants. Overall, our observations hold that lightweight source-code presentation is a good approach for in-depth teaching of malware analysis and is a dominant contributing factor for increasing student knowledge of the subject matter.