Program Overview

Malware (COMP0060)

Key Information

• Faculty: Faculty of Engineering Sciences
• Teaching department: Computer Science
• Credit value: 15
• Restrictions: Module delivery for UG Masters (FHEQ Level 7) available on MEng Computer Science; MEng Mathematical Computation. Module delivery for PGT (FHEQ Level 7) available on MSc Information Security; MSc Software Systems Engineering.

Alternative Credit Options

There are no alternative credit options available for this module.

Description

Aims

The module aims to provide students with specialist understanding of the issues and techniques in malware detection and classification; and broad understanding of the human, social, economic, and historical context in which malware occurs.

Intended Learning Outcomes

On successful completion of the module, a student will be able to:

1. Have specialist understanding of the nature of malware, its capabilities, and how it is combatted through detection and classification.
2. Understand what the underlying scientific and logical limitations on society's ability to combat malware are.
3. Have an appreciation and broad understanding of the social, economic and historical context in which malware occurs.

Indicative Content

The following are indicative of the topics the module will typically cover:

• Introduction:
  • The taxonomy of malware and its capabilities: viruses, Trojan horses, rootkits, backdoors, worms, targeted malware.
  • History of malware.
• The social and economic context for malware:
  • Crime, anti-malware companies, legal issues, the growing proliferation of malware.
• Basic Analysis:
  • Signature generation and detection.
  • Clone detection methods.
• Static analysis theory:
  • Program semantics.
• Static Analysis:
  • System calls: dependency analysis issues in assembly languages. semantic invariance of system call sequences.
  • Taint-based analyses.
  • Semantic clones.
• Dynamic Analysis:
  • Virtualization- semantic gap.
  • Reverse engineering.
  • Hybridisation with static analysis.
• Similarity metrics:
  • (Kolmogorov Complexity.)
  • Association metrics.
  • Other entropy-based metrics.
• NLP based approaches. Problems in large scale classification:
  • Scalability.
  • Triage methods.
  • Required FP rate.
• Hiding:
  • Polymorphism. compression, encryption, virtualization.
  • Metamorphism. high level code obfuscation engines, on-board metamorphic engines, semantics-preserving rewritings.
  • Frankenstein.
• The theory of malware:
  • Rice's theorem and the undecidability of semantic equivalence.
  • Adleman's proof of the undecidability of the presence of a virus.
  • Cohen's experiments on detectability and self-obfuscation.

Requisites

To be eligible to select this module as optional or elective, a student must:

1. be registered on a programme and year of study for which it is a formally available; and
2. have taken modules in logic and discrete mathematics, assembly, and imperative programming at FHEQ level 4 or higher.

Module Deliveries for 2026/27 Academic Year

Intended Teaching Term: Term 2, Postgraduate (FHEQ Level 7)

Teaching and Assessment

• Mode of study: In person
• Methods of assessment:
  • 80% Exam
  • 20% Coursework
• Mark scheme: Numeric Marks

Other Information

• Number of students on module in previous year: 28
• Module leader: Professor Lorenzo Cavallaro

Intended Teaching Term: Term 2, Undergraduate (FHEQ Level 7)

Teaching and Assessment

• Mode of study: In person
• Methods of assessment:
  • 80% Exam
  • 20% Coursework
• Mark scheme: Numeric Marks

Other Information

• Number of students on module in previous year: 6
• Module leader: Professor Lorenzo Cavallaro