89-438 Seminar in Malware communication and detection

Department of computer science, Bar Ilan University

Lecturer: Prof. Amir Herzberg

Comments and suggestions welcome!

In this seminar, we will discuss bleeding-edge research in network security, focusing on malware, and specifically, bot detection and covert and other malware communication channels. The seminar is mainly targeted for the graduate students in the BIU-CS Network Security Group, and to facilitate our research in these areas; some of the meetings may be dedicated to presentations by students in the group of their research to be presented in conferences. Other students and guests are welcome, however, kindly requested to check with the lecturer in advance, to ensure the room and seminar are not too crowded. All are welcome to join and use the mailing-list for announcements and discussions.

Sessions and requirements: we meet weekly, Thursdays 8:15-9:50am, in room 8, 1st floor, in our building (408). Each student will lead (at least) one session, where she will present one topic (usually, one paper). All students are expected to read all papers before the session; the lead-student is expected to read the paper in-depth, be ready to answer any questions, present examples, raise issue, etc. ; before the seminar, the lead student should send me and the mailing list any extra material she prepared to help others, and possibly update it after the seminar; I'll post it here. The papers are available by following the links in the schedule below (some work only from within the university network).

Prerequisites: knowledge in networking (at least 89-350) and in security/crypto (at least one of 89-690, 89-550, 89-656).

Additional recommened reading (overview papers):

Barford, Paul, and Vinod Yegneswaran. "An inside look at botnets." Malware Detection (2007): 171-191. Discusses mechanims of few bots (unfortunately, a bit outdated, but still useful imho)

A very gentle, basic, short introduction to malware: Sharp, Robin. "An Introduction to Malware." (2007; updated 2012)

Schedule:

Note: schedule is subject to change, in particular as we may find more relevant papers, etc.; and students are also encouraged to identify and suggest other papers (esp., papers related to their own research). I will not change a paper less than three weeks in advance, to give student sufficient time to prepare.

Students registered to the course that did not allocate a week yet, are requested to do this asap; if you want to cancel please let me know asap since some students asked to join but can't since there is no room!! Specifically: Tal Shmueli, Alexei Weil, Priel Levy, Ofer Cohen. Please notice, there are actually only 4 available lecture slots in the term - one extra student was registered by an administrative mistake (not mine this time!). So, we'll have to see; maybe one student will cancel, maybe I'll have to force one to cancel, and maybe we'll simply have an extra week after the term ends (in practice, we'll probably continue after the term anyway).