Intrusion and Malware Detection
General
| Semester | Winter 2014/15 |
| Lecturer | Prof. Dr. Konrad Rieck |
| Assistants | Fabian Yamaguchi, Daniel Arp, Hugo Gascon, Christian Wressnegger |
| Course type | Seminar (UniVZ) |
| Module | M.Inf.1128 (previously 1226) |
| ECTS (SWS) | 5 (2) |
| Date | Introduction: 29.10.2014, 16:00-18:00 Presentations: 17.02.2015, 10:00-16:00 |
| Location | Introduction: Informatik 1.101 Presentations: Informatik 1.101 |
| Audio recording | No. Physical attendance required. |
| Audience | Applied Computer Science MSc Applied Computer Science BSc |
Description
The seminar is concerned with the detection of computer attacks and malicious software (malware). Different techniques for analysis, detection and prevention of attacks are presented. Topics of the course include attack types, intrusion detection, honeypots, malware and botnet analysis.
Presentations
| Time | Paper |
| 10:00 - 10:30 | Polygraph: Automatically Generating Signatures for Polymorphic Worms |
| Presenter: Kevin Freeman | |
| 10:30 - 11:00 | Limits of Static Analysis for Malware Detection |
| Presenter: Hauke Kaulbersch | |
| 11:00 - 11:30 | Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages |
| Presenter: John Linde | |
| 11:30 - 12:00 | Q: Exploit Hardening Made Easy |
| Presenter: Seshagiri Prabhu | |
| 12:00 - 12:30 | Dissecting Android Malware: Characterization and Evolution |
| Presenter: Heiko Scheel | |
| 12:30 - 13:30 | — Lunch Break |
| 13:30 - 14:00 | Anomalous User Behaviour Detection in Online Social Networks |
| Presenter: Fabian Trautsch | |
| 14:00 - 14:30 | An Automated Approach to Detection of Evasive Web-based Malware |
| Presenter: Marc-Andre Zöller | |
| 14:30 - 15:00 | TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones |
| Presenter: Gurjinder Singh |
Seminar Steps
| Date | Step |
| 29.10.2014, 16:00-18:00 | Introduction and registration |
| 05.01.2015 | Arrange appointment with assistant |
| 12.01.2015 | Discuss draft with assistant |
| 01.02.2015 | Register with examination office (FlexNow) |
| 16.02.2015 | Send slides (PDF) to assistant |
| 17.02.2015, 10:00-15:00 | Final presentation |
Topics
- Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna USENIX Security 2013 [Paper 1] - Limits of Static Analysis for Malware Detection
Andreas Moser, Christopher Kruegel, and Engin Kirda ACSAC 2007 [Paper 2] - TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Enck et al. USENIX Security 2010 [Paper 3] - Polygraph: Automatically Generating Signatures for Polymorphic Worms
James Newsome, Brad Karp, and Dawn Song IEEE S&P 2005 [Paper 4] - BitShred: Feature Hashing Malware for Scalable Triage and Semantic Analysis
Jang et al. CCS'11 [Paper 5] - Prudent Practices For Designing Malware Experiments
Rossow et al. IEEE S&P 2012 [Paper 6] - Precise Client-side Protection against DOM-based Cross-Site Scripting
Stock et al. USENIX'14 [Paper 7] - Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages
Stringhini et al. CCS'13 [Paper 8] - Towards Detecting Anomalous User Behavior in Online Social Networks
Viswanath et al. USENIX'14 [Paper 9] - PeerPress: Utilizing Enemies' P2P Strength against Them
Xu et al. CCS'12 [Paper 10] - Dissecting Android Malware: Characterization and Evolution
Zhou et al. IEEE S&P 2012 [Paper 11]
Results
| MD5 of matriculation number | Grade |
| d31962e50a7e53ce219b2f378d271f13 | 1.0 |
| b75b32cfce0e6accf5c204f5fe129cae | 1.3 |
| fff9eeef3df7ad3d00d6757b4def9630 | 1.0 |
| 0c0e782d3945aa4c943a050c3da92adc | 1.7 |
| 2a064b2f6116a94ea53bffd156ecb1c3 | 1.3 |
| d230477d7aaed40dceed4f085ffea71a | 1.0 |
| cb00a1778034cc4f8ee7ca0b5836e7bf | 1.0 |
| 858404ea4d683900f4efa2027fef9c03 | 3.0 |
Mailing List
There is a mailing list for the seminar. News and updates regarding the schedule are posted to this list. Furthermore, the list allows students to discuss topics of the seminar. You can register for the mailing list here.
IRC Channel
All students of the course are encouraged to join the IRC channel #goesec on EFnet. The channel is used as a platform for discussing and chatting about computer security in a casual atmosphere.