Assignment description

Part A (35%)
You are required to write a report in which you critically evaluate a range of anti-virus techniques. The selection of which
techniques to cover in the critical appraisal and the amount of coverage given to each individual technique is left to you as
part of the judgement that you are expected to use in completing the assignment.

 What is to be handed in?

You are expected to hand in a report that contains the following:

Report Section Content guidelines Length guidelines

Critical review of A critical review of the anti-virus techniques i.e. explain how they Approx. 1000 words
anti-virus techniques work, and explain their strengths and weaknesses, etc.

 Report Structure

Logical organisation of thoughts and arguments, brevity, clarity, effective presentation of deliverables, word processed
report using recent and relevant and peer-reviewed literature, and appropriate style, punctuation and spelling. You will not
be penalised for having fewer or more words than is stated in the guideline - it is just a guide. Note quality is more
important than quantity. However, a well-structured and properly referenced report along with level 6 writing style is
expected from you.

Here is a suggested report structure (5 marks):

1. Introduction (5 marks)
2. Description of Viruses/Malware (5)
3. AV techniques (types of Viruses, Detection methods, defence strategy (10 marks)
4. Critical Evaluation (10 marks)
5. Conclusion – Summary of your findings – self-reflection of the tasks (5 marks)
6. References
7. Appendices

Part B (30%)
Sample Analysis

This part of the assignment is weighted at 30% of the overall mark. It is expected that this part of the assignment will be in
the region of 1000 words, discussing how a malware analyst, once given an unknown software will analyse it in order to
decide whether it is malicious or not. As such, Part B will assess your practical skills of analysing an unknown software. An
archived file is available on blackboard including the unknown program that you have to analyse.
You are expected to use the tools and techniques that are covered during this module and decide whether the unknown
software should be classified as malware or not.
  Requirements:
a. Include all the steps that are necessary to contain the unknown software (5 Marks)
b. Describe your analysis methodology in term of static, dynamic or reverse engineering (5 Marks).
c. Disassemble the provided code/program using tools/techniques that are covered in this module (10 Marks)
 You must provide evidence (examples, screenshots, etc...) of the disassembly steps with clear and
concise explanation.
d. Describe the behaviour of the program (5 Marks).
e. Evaluate your findings (5 Marks).
 To achieve higher mark, include a logical diagram of the ’provided’ program behaviour.
Although there are no allocated marks for references and bibliography you are expected to use appropriate peer reviewed
sources for developing your arguments, and an appropriate referencing style as per the University regulations.

Part C (35%)

Pick a physical-world "system" designed to achieve some security, privacy, or access control property. For example, pick a
physical-world security, privacy, or access control mechanism that you might have seen on campus, at work, at the bank, at
the museum, at the doctor’s office or pharmacy, at the gym, or even on the street (like an armoured car). Try to be creative;
don't pick something "standard" like a door or window lock. Now conduct a "security review" of that physical-world
system.

Security reviews. Your goal with the security review articles is to evaluate the potential security and privacy issues with
new technologies, evaluate the severity of those issues, and discuss how those technologies might address those security and
privacy issues. These articles must be tagged under the “security review” category. These articles should reflect deeply on
the technology that you’re discussing, and should therefore be significantly longer than your current events articles.

Each security review should contain:

 Summary of the technology that you’re evaluating. This summary should be at a high level, around one or two
paragraphs in length. State the aspects of the technology that are relevant to your observations below (5 Marks)
 State the security goals of using the selected technology. Please explain why the security goal is important. (5
Marks)
 Explain at least two potential adversaries and threats for the selected technology (5 Marks)
 Explain at least two potential weaknesses. Again, justify your answer using appropriate statements (10 Marks)
 State potential defences. Describe potential defences that the system could use or might already be using to address
your potential weaknesses above. (5 Marks)
 Conclusions. Give some conclusions based on your discussions above. In your conclusions you should reflect
thoughtfully on your results above (5 Marks)

Assessment Quality evaluation criteria

Report Marking criteria
section. Note - The criteria below are not individually weighted. Marks will be attributed by considering all relevant
assessment evaluation criteria. Some criteria may be inapplicable depending upon the extent to which certain
other criteria have been met.
Critical i) the nature and reliability of the evidence used
appraisal of ii) the extent to which assertions are the conclusion to a valid argument based on relevant and cogent
anti-virus evidence.
techniques. iii) the extent to which evaluative criteria used/chosen as the basis of criticism/evaluation support the
achievement of computer system security.
iv) the extent to which the analysis of the techniques explains their properties/behaviour
v) the extent to which comparisons are valid deductions from the application of evaluative criteria to the
characteristics/properties of the techniques
vi) the extent to which the selection of techniques examined covers appropriate standard techniques,
although some less usual techniques may be considered where appropriate
Sample A clear and useful analysis theme is developed. Understanding of the issues and the type of methodology is
Analysis used for malware analysis. Clear evaluation of the subject and conclusion findings.
Security
Review