Teaching malware analysis: The design philosophy of a model curriculum

Abstract

The field of malware analysis comprises the art and science of dissecting malicious software using diverse tools and techniques in an effort to comprehend their inner workings so as to mitigate the effects. Clearly, the study and analysis of these tools and techniques fall within the general purview of the broad disciplines of Digital Forensics, Information Assurance, Cyber Security and general principles of Computing Science. In this paper, we explore and discuss the current state of malware analysis courses as they are taught in academic institutions in the U.S. and the world. We contend that there are not very many malware analysis (or closely related) courses being offered in many universities across the U.S. Furthermore, there are several for-profit courses that are taught by online institutions that teach reverse engineering, malware analysis and related topics. Based on our research, we conclude that the domain of malware analysis has effectively been relegated from the academic realm to the domain of the practitioner's skill set. It is this exploration that we are interesting in undertaking in this paper. We then proceed to analyze and review some popular textbooks and online training materials for their soundness and efficacy in teaching the subject to substantiate our above mentioned claims. Finally, we conclude by presenting a model curriculum for this subject based on sound pedagogical ideas and methods.