Print as pdf if you want a pdf! If you want a nicer printout, click off the browser's automatically added header and footer.
Blekinge Institute of Technology
Department of Computer Science
Revision: 3
Reg.no:
Course syllabus
Malware Analysis
Malware Analysis
7.5 credits (7,5 högskolepoäng)
Course code: DV2582
Main field of study: Computer Science
Disciplinary domain: Technology
Education level: Second-cycle
Specialization: A1N - Second cycle, has only first-cycle course/s as entry requirements
Language of instruction: Swedish
Applies from: 2018-03-01
Approved: 2018-03-01
1. Descision
This course is established by Dean 2017-12-20. The course syllabus is approved by Head of Department of Computer Science and Engineering 2018-03-01 and applies from 2018-03-01.
2. Entry requirements
Admission to the course requires completed courses in Programming, 12 credits, Realtime Systems and Operating Systems, 6 credits, Computer Networking, 6 credits. Attended course in Computer Security, 7.5 credits or Network Security, 8 credits.
3. Objective and content
3.1 Objective
The aim of the course is to enable students to learn how to analyse harmful and malicious software in a safe way. Such analysis is the first step in a systematic approach to prevent or neutralise malware. The focus is on analysis of the advanced methods used in the manufacturing of so-called “cyber arms” and the practical countermeasures to detect and neutralise them.
3.2 Content
• Different techniques to attack and infect systems with malware
• Extortion programs (ransomware/scareware)
• Botnets
• Mobile threats to Android and iOS
• Vulnerabilities online and in social networks
• Rootkits and bootkits
• Antivirus techniques
• Data mining for the detection and analysis of malware
4. Learning outcomes
The following learning outcomes are examined in the course:
4.1. Knowledge and understanding
On completion of the course, the students shall be able to
- describe the classification of different types of malware and know their history
- explain and exemplify the behaviour of malicious software, antivirus technologies and security architectures in Windows, Android and iOS
4.2. Competence and skills
On completion of the course, the students shall be able to
- perform reverse engineering of software for ARM and x86 processor architectures
- perform static and dynamic analysis of malicious codes in Windows, Android and iOS
- compile and document analyses of malicious codes in accordance with established standards
4.3. Judgement and approach
On completion of the course, the students shall be able to
- use a completed analysis to assess a threat
- identify and implement appropriate countermeasures
5. Learning activities
The course is given on campus and includes lectures and laboratories (including laboratory reports). Theoretical aspects of the course are presented in the lectures and students should apply the content of the lectures in the course labs.
6. Assessment and grading
Modes of examinations of the course
| Code | Module | Credit | Grade |
| 1810 | Laboratory Exercise 1 | 2.5 credits | GU |
| 1820 | Laboratory Exercise 2 | 1.5 credits | GU |
| 1830 | Laboratory Exercise 3 | 1.0 credits | GU |
| 1840 | Exam | 2.5 credits | AF |
The course will be graded A Excellent, B Very good, C Good, D Satisfactory, E Sufficient, FX Failed result, a little more work required, F Fail.
The information before a course occasion states the assessment criteria and make explicit in which modes of examination that the learning outcomes are assessed.
An examiner can, after consulting the Disability Advisor at BTH, decide on a customized examination form for a student with a long-term disability to be provided with an examination equivalent to one given to a student who is not disabled.
7. Course evaluation
The course evaluation should be carried out in line with BTH:s course evaluation template and process.
8. Restrictions regarding degree
The course can form part of a degree but not together with another course the content of which completely or partly corresponds with the contents of this course.
9. Course literature and other materials of instruction
10. Additional information
This course replaces DV2567
This is not a legal document. If you would like a copy of the legal decision regarding this course plan, contact the registrar at Blekinge Institute of Technology.