| CODE | CPS5134 | ||||||||||||
| TITLE | Advanced Cryptography, Reverse-Engineering, and Intelligent Defences | ||||||||||||
| UM LEVEL | 05 - Postgraduate Modular Diploma or Degree Course | ||||||||||||
| MQF LEVEL | 7 | ||||||||||||
| ECTS CREDITS | 10 | ||||||||||||
| DEPARTMENT | Computer Science | ||||||||||||
| DESCRIPTION | The cyber-world is changing rapidly nowadays, consequently rendering old threats irrelevant, while introducing new threats, including botnets, state actors, and Advanced Persistent Threats (APT). This study-unit emphasises modern malware threats and the corresponding limitations in the state-of-the-art operating system security controls. With all of this, there is an increased demand for highly skilled cybersecurity specialists to cope with this level of threats and to be able to create the next generation of security protection technologies. On the offensive front, these specialists must be well-versed in reverse engineering, with a strong command of the intricacies of binary formats, memory layout, system service call mechanisms, and the given processor's instruction set. On the defensive front, knowledge of implementing robust cryptographic protocols, such as ciphers, digital signatures, elliptic curve cryptography, zero-knowledge proofs, and/or fully homomorphic encryption, is essential. The study-unit also explores the role of Artificial Intelligence in threat and malware detection, offering adaptive solutions to the ever-evolving threat landscape. Study-unit Aims: This study-unit aims to prepare students for the following cybersecurity roles: - Security researchers; - Offensive and defensive security tool developers; - Cryptography specialists. By introducing concepts related to: - Reverse engineering of sophisticated malware techniques; - Advanced cryptographic methods and their applications; - Defense-in-depth mechanisms based on fast regular expression matching and machine learning. Learning Outcomes: 1. Knowledge & Understanding By the end of the study-unit the student will be able to: - Describe, discuss and investigate state-of-the-art OS security controls, their limitations and compromise in various setups, including workstations, data centres and smartphones, e.g. isolated execution, control-flow integrity, CPU protection rings and verified boot; - Explain the principles of modern cryptography, including symmetric and asymmetric ciphers, digital signatures, elliptic curve cryptography and Zero Knowledge Proofs; - Examine malware through static/dynamic/symbolic analysis-based binary reversing (disassembly), covering backdoors delivered through exploits that bypass DEP/ASLR/CFI or else embedded inside other applications, employ tactics such as dynamic code loading, including reflective loading, and migration to processes for stealth or to hook sensitive functionality, and finally attaining persistence to survive reboots; - Implement text/binary pattern matching with Aho-Corasick multi-string matching combined with Thompson鈥檚 NFA regex engine, configure intrusion detection tools followed by detection rule evaluation; - Compare various machine learning models on datasets derived from executable binary samples and host/network logs based on their effectiveness in detecting intrusions, spam, fraud, malware families and malicious web pages. For each given dataset and corresponding application, perform data preparation and transformation suitable for model training, validation and testing while employing appropriate accuracy metrics. 2. Skills By the end of the study-unit the student will be able to: - Reverse engineer and develop sophisticated malware; - Implement cryptographic algorithms and protocols in software applications; - Perform cryptanalysis to identify weaknesses in cryptographic systems; - Define Indicators of Compromise (IoC) for various host/network sources; - Train machine learning models on cybersecurity datasets, and compare their effectiveness to develop intelligent solutions for detecting intrusions, spam, fraud, malware, and malicious web pages. Main Text/s and any supplementary readings: Main Texts - Kleymenov, A., & Thabet, A. (2019). Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks. Packt Publishing Ltd. ISBN-13: 978-1789610789 - Boneh, D., & Shoup, V. (2020). A Graduate Course in Applied Cryptography. Available online: https://crypto.stanford.edu/~dabo/cryptobook/ - Reg茅ciov谩, D., Kol谩艡, D., & Milkovi膷, M. (2021). Pattern Matching in YARA: Improved Aho-Corasick Algorithm. IEEE Access, 9, 62857-62866 - Chio, C., & Freeman, D. (2018). Machine learning and security: Protecting systems with data and algorithms. " O'Reilly Media, Inc.". ISBN-13: 978-1491979907. Reference - Jaswal, N. (2014). Mastering Metasploit. Packt Publishing Ltd. ISBN-13: 978-1838980078 - Cox, R. (2010). Regular expression matching in the wild. URL: http://swtch. com/~ rsc/regexp/regexp3 - Raschka, S., Liu, Y. H., Mirjalili, V., & Dzhulgakov, D. (2022). Machine Learning with PyTorch and Scikit-Learn: Develop machine learning and deep learning models with Python. Packt Publishing Ltd. ISBN-13: 978-1801819312 - Canadian Institute for Cybersecurity Datasets- https://www.unb.ca/cic/datasets/index.html |
||||||||||||
| ADDITIONAL NOTES | Pre-Requisite qualifications: Bachelor's degree with a strong ICT component | ||||||||||||
| STUDY-UNIT TYPE | Lecture, Independent Study and Practical | ||||||||||||
| METHOD OF ASSESSMENT |
|
||||||||||||
| LECTURER/S | Christian Colombo Neville Grech |
||||||||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2025/6. It may be subject to change in subsequent years. |
|||||||||||||