Logistics

• Lectures: Thursday 6:00PM-8:50PM Mountain Time (MST)
• Location: CCSB 1.0202
• Class and Grading: 40% lectures, 60% in-class activity.
• Office hours:
  • Monday 02.30PM - 03.30 PM Mountain Time (MST)
• Grading:
  • Labs, Hands-On Activities, and In-Class Exercises (50%)
  • Research Paper Review and Presentation (10%)
  • Final Research Project and Presentations (40%)
  • Bonus Lab Activities/Quizzes (5%)
• Contact: In addition to the office hour meeting, students are encouraged to ask all course-related questions on our Microsoft Teams Channel so that your peers can benefit from the answers. If you have a specific question that requires privacy, you may email directly.
• Academic accommodations: If you need an academic accommodation based on a disability, you should initiate the request with the Center for Accommodations and Support Services (CASS). The CASS will evaluate the request and recommend accommodations. Students should contact the CASS as soon as possible since timely notice is needed to coordinate accommodations.
• Honor code and Academic Integrity: Very very important. See Honor code and Academic Integrity.

Overview

Course Overview

This graduate-level course is both hands-on and research-intensive, designed to prepare students to become next-generation experts in malware analysis and research. Throughout the course, students will acquire in-depth knowledge of various analysis techniques that uncover malware behavior on infected machines. They will also learn about the methods malware uses to evade detection, utilizing classical tools such as Wireshark, Ghidra, IDA Pro, Dshell, Cuckoo Sandbox, Volatility, Metasploit Framework, Armitage, and Google Rapid Response.

Additionally, students will learn advanced automated reverse engineering techniques assisted by large language models (LLMs). The course also covers cutting-edge tools and techniques for conducting red teaming exercises on Artificial Intelligence (AI) systems, treating these systems as black boxes.

Furthermore, students will explore state-of-the-art research in the malware domain and advancements in machine learning to design intelligent malware classification and detection systems. This will provide them with a perspective on various problems discussed in the literature and the solutions being proposed.

Why Software Reverse Engineering (SRE)?

SRE involves deconstructing software to understand its components, functionality, and behavior without access to the original source code. As cyber threats become more sophisticated, SRE provides the tools needed to effectively dissect and mitigate cyber threats, ensuring the integrity and security of software systems across various industries. SRE is essential for identifying security vulnerabilities, understanding malware, ensuring compliance, and recovering lost or legacy code.

The Perfect Time to Study Automated Reverse Engineering with LLM and AI

The rapid advancements in artificial intelligence (AI) and large language models (LLMs) have revolutionized many fields, including software reverse engineering. Automated reverse engineering powered by AI and LLMs can significantly enhance the efficiency and accuracy of analyzing complex software. These technologies can automate repetitive tasks, identify patterns, and provide insights that might be missed by human analysts. Now is the perfect time to study these advanced techniques because the tools and resources are more accessible than ever, and the demand for professionals skilled in automated reverse engineering is on the rise. As AI and LLMs continue to evolve, their applications in reverse engineering will become even more integral, making early adopters of these technologies invaluable assets to their organizations.

The Crucial Role of AI Red Teaming

AI red teaming is an emerging field that focuses on testing and evaluating the robustness of AI systems. As AI becomes increasingly integrated into critical infrastructure and decision-making processes, ensuring its security and reliability is paramount. AI red teaming involves simulating attacks on AI systems to identify weaknesses and improve their defenses. This is crucial now more than ever because AI systems are being deployed in high-stakes environments where failures or vulnerabilities can have significant consequences. By studying AI red teaming, students can learn how to anticipate and mitigate potential threats to AI systems, making them more resilient and trustworthy.

The Importance of Studying State-of-the-Art Malware Analysis Research

Malware is continuously evolving, with new variants and sophisticated attack techniques emerging regularly. Staying ahead of these threats requires a deep understanding of the latest research and developments in malware analysis. By studying state-of-the-art malware analysis research, students can learn about the newest tools, techniques, and methodologies used to detect, analyze, and combat malware. This knowledge is critical for developing effective defense strategies and keeping up with the fast-paced nature of cyber threats. Engaging with cutting-edge research ensures that students are well-prepared to tackle current and future challenges in the field of cybersecurity.

Prerequisites

Students are expected to have the following background:

• Knowledge of basic computer science principles and skills, at a level sufficient to write a reasonably non-trivial computer program.
• Understanding of basic cybersecurity threats, attacks, and countermeasures.
• Basic understanding of machine learning algorithms.
• Familiarity with at least one machine learning framework, such as TensorFlow or PyTorch, is a plus.

Honor Code and Academic Integrity

Permissive but strict. If unsure, please ask the course staff!

• OK to search for information and ask questions publicly about the systems we’re studying.
  • Always cite all resources you reference, including papers, online articles, and any information obtained from AI tools.
  • When using AI tools, include a link to your tool's search history (e.g., share your ChatGPT workspace) and mention this in your reports, labs, and final projects.
  • If you engage in public discussions, such as on Reddit, include the link to the discussion.
• NOT OK to copy solutions directly from AI tools or other sources.
  • Solutions should be your original work, reflecting your understanding and analysis.
• NOT OK to ask someone else to complete your assignments, labs, or projects.
  • Academic integrity requires that all submitted work is your own.
• OK to discuss questions and ideas with classmates.
  • Collaborative learning is encouraged, but you must disclose your discussion partners in your submissions.
• NOT OK to copy solutions from classmates.
  • While discussion is permitted, all submitted work must be completed independently.
• OK to incorporate existing solutions as part of your projects or assignments.
  • Properly cite these solutions and clearly distinguish your contributions from those of others.
• NOT OK to present someone else’s solution as your own.
  • Always attribute credit where it is due, and clearly identify your original work.
• OK to publish your final project after the course is over.
  • We encourage you to share your work with the broader community, contributing to the field's body of knowledge.
• NOT OK to post your assignment solutions online during or after the course.
  • This protects the integrity of the course for future students and maintains academic standards.

As an institution of higher learning, UTEP expects its students to uphold honesty and ethical behavior in all academic endeavors. This is especially important when submitting work for evaluation in any course or degree requirement. Students are strongly encouraged to adhere to the UTEP Standards of Student Conduct and Academic Integrity.

Audit Policy

We welcome auditing requests from UTEP students and staff. As an auditor, you will have access to all course lectures but will not receive grades for labs, homework, or final projects. Due to limited resources, we are unable to provide feedback on assignments or projects for auditors. If you are interested in auditing this course, please contact the Computer Science department to make the necessary arrangements.

Please note that external requests for auditing will not be considered, as the course is conducted in-person on campus.

All course materials, including lecture slides, detailed notes, assignments, and final project instructions, will be made publicly available on the course website for your reference.

Reference Resources

The course does not require any textbook.

Relevant books to the course (Optional):

• Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software, Michael Sikorski and Andrew Honig. ISBN-13: 9781593272906. [Available on UTEP Library]
• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters. ISBN: 978-1118825099. [Available on UTEP Library]
• The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System,Bill Blunden. ISBN: 978-1598220612.