Course number (code): 314012020
Course name (in English): malicious code analysis technology
Science Score: 2
total period: 32
Assessment method: examination
Prerequisites: Basics of programming, data structures and algorithms, C , C ++ , assembly language, operating system, operating system security, network security programming
Applicable object: Third year undergraduate student in cyberspace security
Textbook (name, author, publisher, publication time) :
[ US ] By Michael Sikorsk , Translated by Zhuge Jianwei , Malicious Code Analysis in Action , Electronic Industry Press, 2014
Reference books (title, author, publisher, publication date):
[ 1 ] Ed. Skoudis, LennyZelter, Decisive Malicious Code, Electronics Industry Press
[ 2 ] PeterSzor , Computer Virus Prevention Technology, Machinery Industry Press
[ 3 ] Duan Gang, Encryption and Decryption ( Third Edition ) , Electronic Industry Press
This practical course is a professional basic course independently set up for information security and other majors. It is an independent, systematic, professional basic course focusing on explaining analysis technology. The purpose is to hope that through the teaching activities of this course, students will be able to grasp the basic knowledge framework of malicious code more comprehensively , how and when to use malicious code analysis technology , to master the core functions of malicious code analysis tools , and have practical Forensic analysis and security protection practice technical capabilities , achieve the effect of accurate diagnosis, timely breakthrough, and rapid response. Through the teaching of this course, students can apply and master the basic and practical technologies of network security, consolidate and expand the basic theoretical knowledge of information security professional courses, and have a deeper understanding of information security architecture and various security services and security mechanisms. Master and train students 'practical ability to independently think, analyze and solve problems, so that students not only have professional theoretical knowledge of information security, but also master the basic application technology of information security, and cultivate students' theory-to-practice style. Seek truth from facts, strictly and seriously. Scientific attitude and good work habits.
nIntroduction to malicious code analysis technology establishes the basic methodology of the overall process of malicious code analysis.
n Static analysis basic technology, teaches methods to obtain information from executable files without execution.
n Analyze malicious code in virtual machines and teach students to set up virtual machines as a safe environment for running malicious code;
nDynamic analysis basic technology, explain some easy to use but very efficient technical methods to analyze by executing malicious programs;
n Malicious code behavior, explain common malicious code functions, and teach students how to identify malicious code functions when analyzing malicious code;
n Hidden malicious code startup, discusses how to analyze a class of special malicious code that hides its execution into another process.
nData encryption, demonstrates how malicious code encrypts data, making it more difficult to find on network traffic or victim hosts.
n Network features of malicious code, teach students how to create network detection features through malicious code analysis, and demonstrate that such features are superior to features extracted from captured network traffic alone.
n Fight against disassembly, explain how some malicious code writers design their own malicious code, make them difficult to disassemble, and explain how to identify and defeat these technologies.
n Anti-debugging techniques, describing the tricks that malicious code writers can use to make their code difficult to debug, and ways to overcome these obstacles.
n Anti-virtual machine technology, demonstrates the anti-virtual machine technology used by malicious code, which makes it difficult for analysts to analyze these malicious code in virtual machines, and introduces methods to bypass these technologies.
n Packing and unpacking, how to use packer to hide your true purpose when malicious code is provided, and then provide step-by-step unpacking technical methods.