Introduction to Malware Analysis · e-Masters in Cyber Security IIT-K

Proposal for a Course

Indian Institute of Technology Kanpur

Course Title: Introduction Malware Analysis

Course No: CS985

Credits: 3-0-0-0- [9]

Prerequisite: CS973 (Machine Learning for Cyber Security) or exposure to a machine learning course and hands-on project development, familiarity with Machine Learning libraries are a necessary requirement for this course.

Propose: Sandeep Kumar Shukla,

Course Rationale: A recent report by the IDC for smartphone operating system global market share shows that in the 3^rd quarter of the year 2018, the total market share of Android was 86.8%. In May 2019, Google revealed that there are now more than two and half billion Android devices that are being used actively in a month. With the increase in popularity of Android, the number of active users and the day to day activity of each user on Android devices have also increased a lot. This allows malware authors to target Android devices more and more. It is reported by Gadgets360 that 8400 new instances of Android malware are found every day. This implies that a new malware surfaces every 10 seconds. Malware is one of the serious cyber threats which evolve daily, and can disrupt various sectors like online banking, social networking, etc. According to the reports published by AV-Test institute, across various platforms – android, windows, Linux etc., there has been a tremendous growth in the number of malicious samples registering over 250,000 new malicious samples every day. Analyzing these samples manually using reverse engineering and disassembly is a tedious and cumbersome task. It is therefore not convenient for the security analysts. Thus, there is a dire need for automated malware analysis systems which produce effective results with minimal human intervention. Antivirus systems use the most common and primitive approach, which involves the generation of signatures of known malware beforehand and then comparing newly downloaded executables against these signatures to predict its nature. This technique drastically fails in case of any zero-day malware, a malware which has been newly created and thus a signature is not available. Other common techniques are static analysis and dynamic analysis. Static analysis analyzes the executables without executing it and predicts the results. It is generally used because it’s relatively fast but fails if the malware is packed, encrypted or obfuscated. To overcome the limitations of static approaches another approach, i.e., dynamic analysis is used. It involves collecting behavioral data by executing the sample in a sandboxed environment and then using it for detection and classification. The dynamic analysis also has some limitations such as the detection of virtual environment and code coverage issues. As a result, researchers have started using the combination of both the approaches known as a hybrid approach.

For those wanting to pursue a career in Cyber Security – knowing the techniques for malware analysis and ability to develop tools to carryout such analyses is very important.

Course Objectives: On completion of this course, a student should be able to: (i) Explain the vast scope of the malware borne cyber-attacks, various malware types, and platform-specific variations of malware; (ii) Explain the basic signs of malware infection and signs of intrusion from a security analyst’s point of view; (iii) Explain various machine learning techniques and tools used for malware analysis, and techniques such as memory forensics; (iv) Implement tools for malware analysis employing machine learning tools and libraries and measure the efficacy of their tools on labelled and unlabeled data;

Course Content:

Topic	Details	No. of Hours
Introduction	Malware classification, types, and platform specific issues with malware, Intrusion into IT and operational network (OT) and their signs	3
Basic Malware Analysis	Manual Malware Infection analysis, signature-based malware detection and classification – pros and cons, and need for machine learning based techniques	5
Advanced Techniques Malware Analysis	Static Analysis, Dynamic Analysis and Hybrid Analysis of Windows Malware, Linux Malware and Android Malware	6
Case Studies	Study papers in Malware Analysis from most recent conferences, Presentations and Discussions, and Implementations	6
Total Lecture hours		20 hours

Text:

There is no textbook for such a course yet. Research Papers will be the main sources of study material.

There will be other resources put on the web by the instructor.

Lecture notes, assignments, supplemental readings, and other resources will be provided via the course website

Proposer: Sandeep K. Shukla