Seminar Malware Analysis and Detection


Semester: Winter 2016/2017
Course type: Block Seminar
Lecturer: Prof. Dr. Konrad Rieck
Audience: Informatik Bachelor, Wirtschaftsinformatik Bachelor
Credits: 5 ECTS
Hours: 2
Capacity: max. 8 Students
Room: BRICS 107/108


 Date  Step    
 19.10 15 - 16:30 h  Kick-off and assignment    
 24.10 - 29.10  Arrange appointment with assistant    
 13.12  Submit paper proposal    
 20.12  Review two other papers    
 15.01  Submit final paper    
 24.01 15 - 18:30 h  Presentation with Pizza    


In this seminar, you will have the chance to dig deep in one of several hot topics in malware and attack research. Through the elaboration of a paper you will learn and get amazed about the complexity and challenges of your topic and at the end of the semester, you will share these insights with your fellow students in an exciting presentation.


The seminar is organized like a real academic conference. You need to prepare a written paper (english) about the selected topic with 8-10 pages in ACM double-column style. After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students' in order to give them feedback about how to improve their paper (you'll get awesome feedback too!). Then, you will have time to improve your own final paper. Finally, you will give a 20-25 minutes talk about your paper and we will provide drinks and pizza to enjoy the talks at our small MAD conference.


The seminar is organized by the Institute of System Security. For questions and further details, please contact

Seminar Topics

The Malware Economy

Mohammad Mahhouk

Just like any other business, cyber criminal activities and opportunities in the malware market are a matter of demand versus supply. This paper will describe how specialized roles have emerged to foster innovation and the issues involved in establishing malware development and distribution as a competitive and successful industry.

Evasive Malware

Johannes Heidtmann

A peek into modern evasion and anti-reverse engineering techniques (anti‐debugging, anti‐disassembly and anti‐vm)

Shellcode Analysis

Paul Schmidt

To successfully take control of a system, malware often exploit vulnerabilities through a specially crafted piece of code -- known as shellcode. This paper will describe the methods and concepts, as well as the challenges behind techniques for effectively analyzing these shellcodes.

Rootkit Detection and Analysis

Niklas Lehnfeld

Well hidden in the booting process, rootkits enable malware to obtain persistence on a system for a long time. They often allow the installation of hidden files, processes or hidden user accounts in the systems OS, being able to intercept data from terminals, network connections, and the keyboard. This paper will analyze their principles, strategies and modern countermeasures.

Honeypots, The Art of Deception

Marcel Dube

Deception as a defense strategy and as a way to collect knowledge from attackers has led to the envision of honeypots. A research field on its own, this paper will explore their foundations, types, goals, limitations and current trends.

Malware for Industrial Control Systems (a.k.a. SCADA)

Industrial control systems are increasingly linked with modern communication technologies. Unfortunately, this link has made them a new target for malware, with their own specific attack vectors, vulnerabilities and potential catastrophic consequences. This paper will explore modern attacks and defences for SCADA systems.

Machine Learning for Malware and Threat Detection

Yandong Cao

Machine learning and artificial intelligence are the new workhorse of the malware research community. Is machine learning an effective solution to detect attacks outside of the lab in the real world? How about user behavioral monitoring? Is anomaly detection an adequate problem to be solved with machine learning in the context of security? This paper will discuss where all this trend is going, its problems, challenges and opportunities.

Targeted Malware Attacks Against Civil Society

Leonard M. Schulze

The Internet represents the largest open space for free expression. Unfortunately in order to repress dissent, many nation-states have strengthened their malware development efforts becoming new threat actors. Such attack techniques are then used to target activists and human rights advocates who challenge the status quo. This paper will explore the problematic, the threat actors and targets, the attack vectors, and their implications for freedom and security.

  aktualisiert am 30.05.2017
TU_Icon_E_Mail_1_17x17_RGB Zum Seitenanfang