课程概况
日前,网络犯罪变得越来越普遍,打击难度越来越大,研究及轶事经验表明网络犯罪越来越具组织性和稳固性,与传统犯罪网络的联系也越来越强,现代攻击是隐形的,并且是被利益导向的。
恶意软件是一种传统的网络入侵方式,网络犯罪者通过病毒侵入个体用户和企业使用者,获取他们的个人、金融和知识产权资料,这些信息一旦被盗就会导致更加复杂的网络袭击,获取非法利益,为网络间谍活动提供可钻之机。
通过将实际方法与其背后的理论技术融合,本课程将对该领域目前的学术和研究进行讨论,试图回答有关恶意软件和地下经济的最主要问题,即“我们应该去关心吗?”。
学生将学到传统及移动恶意软件的运作模式,分析及监察恶意软件的方式,并探寻驱动这一非法盈利生意背后的经济体系。 对于专家、老师、研究员和实践者来说,掌握恶意软件的操作方式极为重要,只有这样才能拥有反击的力量,并且能帮助我们及时了解恶意软件系统及其威胁,这对于设计新颖、有效、切合实际的缓和技术非常必要。
Learn about traditional and mobile malware, the security threats they represent, state-of-the-art analysis and detection techniques, and the underground ecosystem that drives such a profitable but illegal business.
Malicious Software and its Underground Economy: Two Sides to Every Story is a short, introductory, and experimental (i.e., pilot) course featuring 6 lectures. Each lecture lasts roughly anything between 1h and 1.5h and is logically divided in a number of ~15 mins self-contained units. Although a non-negligible effort has been made to fulfill this breakdown, some units last definitely longer and require a bit more effort—just pause the video and take a break ;-)
In addition, the course features 6 multiple-choices mandatory quizzes (i.e., 1 per lecture) and 1 bonus quiz. Passing all the mandatory quizzes awards a “pass” mark of the course, while passing all the mandatory quizzes and the bonus one awards a “distinction” mark.
课程大纲
周1
完成时间为 3 小时
Introduction
After reporting on the insights of a real-world research about a botnet takeover, students will learn about malicious software, with a particular glimpse at botnets and their detection to finally conlude brielfy with rootkits.
Lecture outline
1. Should we care? A botnet takeover storytelling
2. Admin blabbing
3. Malicious software
4. (a glimpse at)Botnets
5. (a glimpse at) Botnets detection & Rootkits
12 个视频 (总计 115 分钟), 1 个阅读材料, 1 个测验
周2
完成时间为 3 小时
Static analysis and its limitations
Students will look at the malware landscape of the early days and what effort and challenges the AV industry was facing to fight malware threats. The lecture covers static analysis as a first technique to analyze and detect malware; (basic) assembly and reverse engineering notions are provided with a look at basic techniques to fool the state-of-the-art disassembly algorithm, quickly highlighting the limits of static analysis, especially when focused on analyzing malware. A walk-through to reverse engineer an example program concludes the lecture.
Given the complexity of the topic and the fact the course is a short and introductory class on a vast topic, the aim of the lecture is to provide a broad overview, with a few detailed insights wherever appropriate.
Lecture outline
1. Early days, AV industry
2. (a glimpse at) Reverse engineering (part 1)
3. (a glimpse at) Reverse engineering (part 2)
4. (a glimpse at) Polymorphism, code obfuscation
5. IDA Pro—a very simple example. . .
8 个视频 (总计 99 分钟), 1 个阅读材料, 1 个测验
周3
完成时间为 3 小时
Dynamic analysis and its limitations
While looking at how the malware landscape has been evolving, students will be given an introduction at dynamic analysis, a complementary technique to static analysis to fight malware threats. Packing and algorithmic-agnostic unpacking is introduced as an initial step toward full dynamic analysis. The lecture quickly mentions sandboxes and limits of dynamic analysis and sandboxes, to finally conclude with a brief overview of a particular academic research state-of-the-art for malware protection.
Given the complexity of the topic and the fact the course is a short and introductory class on a vast topic, the aim of the lecture is to provide a broad overview, with a few detailed insights wherever appropriate.
Lecture outline
1. Toward dynamic analysis
2. (a glimpse at) Dynamic analysis (part 1)
3. (a glimpse at) Dynamic analysis (part 2)
4. (a glimpse at) Limits of dynamic analysisM
5. AccessMiner—system-centric models
7 个视频 (总计 87 分钟), 1 个阅读材料, 1 个测验
周4
完成时间为 2 小时
Mobile malware
The lecture introduces the students to mobile malware threats; in particular, the lecture focuses on Android malware, providing a quick overview of Android applications and describing a virtual machine-based dynamic analysis research carried out in the ISG at Royal Holloway University of London in collaboration with the LaSER at University of Milan.
Lecture outline
1. Introduction
2. Background
3. CopperDroid: dynamic analysis of Android malware (part 1)
4. CopperDroid: dynamic analysis of Android malware (part 2)
4 个视频 (总计 49 分钟), 1 个阅读材料, 1 个测验
周5
完成时间为 2 小时
Cybercriminal underground economy
After having skimmed throughout different malware-related threats, week 5 will introduce students to the specialized underground cybercrime that surrounds this malware-driven profitable but illicit business. After an initial recap on an early evidence of such phenomena, pay-per-install and exploit-as-a-service cybercriminal-oriented business model will be overviewed. Finally, as most of the (exploit-as-a-service) attacks nowadays happen because of memory error exploitations, the lecture will provide a succinct overview on the issue, backed up by statistics to understand whether such a quite dated software vulnerability is still an issue or not (and where should research be focusing on).
Lecture outline
1. Introduction
2. Pay-per-Install
3. Exploit-as-a-service
4. Memory errors: the past, the present, and the future
5 个视频 (总计 72 分钟), 1 个阅读材料, 1 个测验
周6
完成时间为 2 小时
The cost of cybercrime
This final lecture will introduce students to another aspect of the cybercriminal underground economy; we will first discuss an interesting report that recently outlined one of the biggest online underground economy, followed by a discussion on how big is the cost of cybercrime (not just in terms of revenue for the cybercriminal). The lecture will conclude the course and provide a few final remarks.
Lecture outline
1. China's online underground economy (part 1)
2. China's online underground economy (part 2)
3. The cost of cybercrime (part 1)
4. The cost of cybercrime (part 2)
5. Conclusion and final remarks
预备知识
操作系统,计算机结构,计算机安全课(选修)
常见问题
该课程与计算机安全课程有何区别?
“计算机安全”更加注重教授学生如何设计和建立安全系统以及书写安全编码,为了达到这个目的,我们将介绍传统软件缺陷及开发技术,并最终开展有关恶意软件的讨论,因此计算机安全课程过分关注软件缺陷和开发技术(目前这些是恶意软件传染的主要原因),而本课程的关注点是传统及移动恶意软件的分析和监察,及其背后相关的经济体系,因此这两门课程是完全相互补充的。
如果之前没有从事过编程,有资格参加本课程吗?
基本是不可以的。
从哪里可以获取有关本课程和伦敦大学项目的更多信息?
伦敦大学国际项目是伦敦大学国际学院和12个院系联合举办的项目,包含一系列灵活的学习项目,本课程所有内容均来自于这些灵活学习项目的组合,涵盖范围广,具有高度世界知名度。伦敦大学国际项目始建于1858年,是全球最早提供灵活学习的学校,今天来自全球180个国家的52000名学生通过这一国际项目,修读100多种学士学位等高等教育学位。除此之外,伦敦大学还同世界各地许多提供教育、辅导和关怀的独立教育中心合作。欲知更多消息,请访问:http://www.londoninternational.ac.uk/coursera
