\setcounter{numTAs}{0} \setcounter{totalSections}{2} \def\secNum{{"001","DL1",""}} \def\tenSchFileName{{"","",""}} \def\classTime{{"M from 06:10 pm to 08:50 pm Location: CEER 307","M from 06:10 pm to 08:50 pm Location: TBA",""}} \def\classRm{{"","",""}} \def\classLive{{"","",""}} \def\classInstructor{{"Hasshi L. Sudler","Hasshi L. Sudler",""}} \def\classInstrContact{{"","",""}} \def\classInstrOffHrs{{"","",""}} \def\classInstrLive{{"","",""}} \def\TA{{{""},{""},{""}}} \def\TAEmail{{{""},{""},{""}}} \def\TAOffHrs{{{""},{""},{""}}} \def\TARoom{{{""},{""},{""}}} \newcommand\semester{Fall 2021} \newcommand\rsemester{202220} \newcommand\courseNum{ECE 8489} \newcommand\courseName{Malware Analysis and Defense} \newcommand\courseCoordinator{Hasshi L. Sudler} \newcommand\credits{3} \newcommand\contactHrs{3} \newcommand\lecture{1} \newcommand\lab{0} \newcommand\undergradCourse{0} \newcommand\isFreshmanCourse{0} \newcommand\isCustomElecPolicy{0} \newcommand\isClassLive{0} \newcommand\isLabLive{0} \newcommand\meetingMiscExists{0} \newcommand\isClassInstrLive{0} \newcommand\isLabInstrLive{0} \newcommand\instrMiscExists{0} \newcommand\hasTARoom{0} \newcommand\meetingDesc{Example: (Two 75-minute lectures)} \newcommand\meetingMisc{Special notes on meeting info go here, if specified} \newcommand\instructorMisc{Special notes on instructor(s), TA(s) go here, if specified} \newcommand\textBookExists{1} \newcommand\textBookReqd{0} \newcommand\textBookMiscExists{0} \newcommand\referencesExist{0} \newcommand\txtBkAuthExists{1} \newcommand\txtBkPublExists{1} \newcommand\txtBkYrExists{1} \newcommand\txtBkISBNExists{1} \newcommand\textBookTitle{Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware} \newcommand\textBookAuth{Monnappa K A.} \newcommand\textBookPub{Packt Publishing} \newcommand\textBookYr{2018} \newcommand\textBookISBN{ISBN 978-1-78839-250-1} \newcommand\supplMaterials{The course will require you to either download or access web tools for exercises. Readings will be provided and should be read prior to class discussions. } \newcommand\refPapers{References go here, if specified} \newcommand\textBookMisc{Special notes on textbook(s) go here, if specified} \newcommand\catalogDesc{Malicious software detection and defenses including Static Analysis, Dynamics Analysis and other techniques such as using IDAPro, Viruses, worms and Trojan horses, logic bombs, malicious web server scripts and software. Anatomy of well-known viruses and worms. Methodologies used by the anti-virus/spyware vendors and freeware.} \newcommand\preReqs{None} \newcommand\coReqs{None} \newcommand\coreRequirement{} \newcommand\courseExpectation{Course Objective: To provide an analysis of malicious software functionality and architecture, and to investigate the structure of various malware code. The course studies a variety of analysis tools and defense options, including basic static and dynamic analysis, advanced static and dynamic analysis, reverse engineering and memory forensics.} \newcommand\ABETOutOne{0} \newcommand\ABETOutTwo{0} \newcommand\ABETOutThree{0} \newcommand\ABETOutFour{0} \newcommand\ABETOutFive{0} \newcommand\ABETOutSix{0} \newcommand\ABETOutSeven{0} \newcommand\covTopics{\item Anonymous Researching \item Designing a Lab for Malware Analysis \item Basic Static Analysis \item Basic Dynamic Analysis \item Advanced Static Analysis \item Using IDA Pro \item Advanced Dynamic Analysis \item Analyzing Malicious Programs and Files \item Malware Behavior and Network Signatures \item Reverse Engineering \item Packers and Unpackers \item Memory Forensics} \newcommand\isScheduleExternal{0} \newcommand\isScheduleCommon{1} \newcommand\scheduleRows{17} \newcommand\scheduleCols{3} \newcommand\scheduleHeight{1} \newcommand\schedule{\begin{table}[h!] \centering \caption*{Tentative Schedule for \textbf{All Sections}} \vspace{0.05in} {\renewcommand{\arraystretch}{1.5} \small \begin{tabularx}{\linewidth}{c|l|X} \toprule \large \textbf{Date} & \large \textbf{Topic} & \large \textbf{Assignment}\\ \midrule \midrule Aug 26 & Overview of Malware and Anonymous Researching, Designing a Lab for Malware Analysis & \\ Sept 2 & Standing Up Physical and Virtual Machines for Malware Analysis & P-Set 1\\ Sept 9 & Basic Static Analysis & \\ Sept 16 & Basic Dynamic Analysis & P-Set 2\\ Sept 23 & Advanced Static Analysis, Midterm Review & \\ Sept 30 & Using IDA Pro , Midterm Review & \\ Oct 7 & MIDTERM EXAM & Midterm\\ Oct 13 & NO CLASSES – SPRING BREAK & \\ Oct 20 & Advanced Dynamic Analysis, Students Declare Semester Design Projects & \\ Oct 27 & Analyzing Malicious Programs and Files & \\ Nov 3 & Malware Behavior and Network Signatures & P-Set 3\\ Nov 10 & Reverse Engineering & \\ Nov 17 & Packers and Unpackers & \\ Nov 24 & Memory Forensics & Draft Paper\\ Dec 1 & Research discussions & \\ Dec 8 & Semester Design Presentation & Semester Presentation\\ \bottomrule \end{tabularx} } \end{table}} \newcommand\gradingPolicy{Grading policy here \\ \\ Letter grade scale: A(94--100), A--(90--93), B+(87--89), B(83--86), B--(78--82), C+(74--77),\\ C(70--73), F(<70)} \newcommand\HWandLabPolicy{Homework and/or reading policies All homework should be completed and uploaded to Blackboard by the due date. Unexcused late submissions are penalized. Assigned readings should be complete before attending class. All students should be prepared to discuss readings in details.} \newcommand\AttendancePolicy{\textcolor{red}{Attendance is mandatory for the Midterm exam and for the Semester Design Presentation on the final day of the course. Both Midterm and Semester Presentations will be conducted fully online. All students should sign on 15 minutes before start of class to perform audio and video/screen sharing tests. }} \newcommand\ElectronicsPolicy{\textcolor{red}{Since you opted for a customize electronics policy, you should edit this part. Your policy should address your general stance on recording of class sessions and the circumstances under which recording will be allowed or prohibited. If you generally prohibit recording, yet allow recording of certain classes for some reason, then ypu should notify all students that those classes will be recorded. If recording is permitted as an ADA accommodation for a student, you obviously should not identify that student(s).)}}