cyber security M.Sc. Dissertation Proposal Form

1. Your Details:
M.Sc. Course Programme:
(Delete as applicable)
Cybersecurity
Proposed Dissertation Title:
Behavioural analysis of available windows malware using reverse engineering tools
2. Your Area of Investigation:
Briefly [maximum of 200 words per section] outline the key features of your proposed research using the following guidelines:
 Context: What area are you interested in? What does the literature say about the field? What is the rationale for your research?
Malware Analysis
Malware is a malicious code that is created to run on a system to get some unauthorised tasks performed on target. There are various kind of malware that includes viruses, worms and Trojan Horses. Each of these works quite differently as per its type, Trojans are kind of malware that contains some hidden functionality in its code and apparently it seems like a legitimate piece of software. Worms targets the entire network devices jumping from device to device. Ransomware is a type of malware that encrypts the data of the machine on which it is executed and demanded a hefty amount for decryption and sometimes after receiving ransom the data is shared on dark web by the attackers.
The rationale or purpose of this research is to study different type of malware their functionalities and potential sources. Static analysis of various malwares including Olympics Destroyer, Adylkuzz, Jaff Ransomware sourced from open sources like (virustotal.com, virusbay.io, hybrid-analysis.com) through various available tools.
Aims and Objectives: What is your hypothesis? What questions do you want to ask? What do you want to find out/demonstrate? What is the scope of your research? What steps will you take to carry out your investigation?
Aims and Objectives:
The main objectives are:
1. To examine different types of malware and potential mitigations.
2. To understand the need of malware analysis and how it helps to solve real world issue related to computer security.
3. To explore available types of malware analysis and up-to-date tools
4. To practically analysing some well-known malware using static and dynamic type of malware analysis techniques and doing comparative analysis of both techniques.
Hypothesis and scope of this research:
The hypothesises of this thesis are:
Hypothesis:
“The first hypothesis of this thesis is that signature based malware detection is easier approach in comparison to the behavioural based malware detection”
Scope:
This project would be carried out on a virtual environment that would be created using a hypervisor, no physical machine would be used throughout this whole process. The work would be initiated by reading available literature related to malware to explore types of malware and possible mitigations. It will also cover the need of malware analysis and in today’s world, including different ways of analysing malware.
This project would strictly base in a virtual environment without internet access.
Methodology: How will you formally test your hypothesis, or demonstrate that your proposed solution is effective? What methods will you use (e.g. data gathering, data analysis, system testing)? Are there any foreseeable major issues – e.g. with ethics or logistics – and if so, how (in outline) do you plan to resolve them?
Using previously (in literature review section) discussed methods of analysing malware would be utilised to analyse different available malwares
 Olympics Destroyer
 Adylkuzz
 Jaff Ransomware
A virtual environment of REMnux and windows 7 would be created and some the following tools would be used.
File System and Registry Monitoring: Process Monitor with ProcDOT (both of these can assist you recognise in what way malware tries to embed into the system upon infection),
Process monitoring: Process Explorer and Process Hacker (these tools are more advanced than traditional windows task manager it helps to monitor malicious processes and local network ports attempt to open.
Network Monitoring: Wireshark. a packet sniffing tool that can observe network traffic for malicious communication attempts, such as DNS resolution requests, command and control traffic or downloads.
For code-analysis, Disassembler and debuggers are used X64dbg and Ghidra are useful for parsing compiled windows executables and acting as disassemblers, display their code as assembly instructions. Such tools may also have debugging capabilities, which allow you to execute the most interesting parts of the malicious program slowly and under highly controlled conditions, so you can better understand the purpose of the code.
For Memory dumper: Scylla and OllyDumpEx help obtain protected code located in the lab system’s memory and dump it to a file. This technique is particularly useful when analysing packed executables, which are difficult to disassemble because they encode or encrypt their instructions, extracting them into RAM only during run-time.
These tools would help in performing analysis and understanding the behavioural analysis and how does it performs unauthorized activities and data exfiltration.
Assignment Brief
For more information on the details of this module, please see the teaching materials, module forum and other files and information posted on the CO7100 Moodle space. These will include (among many other useful things) details which change from year to year, such as lists of supervisor-student allocations, information about the department and faculty seminar series, and links to information about the university’s study skills web pages and training events.
You are required to undertake an approved dissertation in an area relevant to your programme of study (i.e., Cybersecurity, Computer Science or Advanced Computer Science). This must involve a major study on an area not covered by previous modules, or an application of something already learned to a new situation. You will be allocated a member of staff to supervise your dissertation work, who will offer guidance and expertise. However, a Level 7 dissertation is an independent piece of work, and you will have to do a substantial amount of work on your own initiative.
A dissertation is a report, written in a set academic style, describing work undertaken to solve a defined problem. It should be 10,800 to 13,500 words in length, excluding all appendices, illustrations and software. All citations and references must be in APA style. For further details, see the CO7100 Moodle page and Study Skills pages on Portal.
Cybersecurity and Advanced Computer Science students please note: your degrees are accredited by the British Computer Society (BCS), who have specific requirements about what kinds of project are acceptable. In their words, “Projects must include the students undertaking practical work of some sort using computing/IT technology. This is most frequently achieved by the creation of an artefact as the focus for covering all or part of an implementation lifecycle. Dissertations based solely on literature review activity and/or user/market surveys are not acceptable.” This does not mean that your project has to be highly technical, but it does mean that it must at least include (e.g.) detailed software designs and / or prototypes, using a recognised software development methodology. Students on other courses should note that although the BCS requirements do not apply to you, in practice it is very difficult to produce a dissertation of the standard required to pass at Level 7 if you do not include any practical computer science work.
The Structure of a Dissertation
A dissertation is normally made up of three main parts:
• Preliminaries (Do not count these in the overall word limit)
• Main Body (10,800 – 13,500 words)
• Appendices (Do not count these in the overall word limit)
In a dissertation, each of these main parts may consist of several sections; the addition of appendices and the division of the main parts into sub-parts require common sense and good taste. To get a feel for what is required, read as many academic papers and academic textbooks as you can. Your supervisor can help you with advice about layout and formatting, as can staff from the Study Skills team.
Preliminaries
The preliminaries may be subdivided into:
Title Page
Use the standard title page document for this year, which is available from Aula.
Abstract
The abstract is normally included with, but not numbered with, the preliminaries and no page number is displayed. The Abstract is a statement of the aims, method and results of your research i.e. it is a short summary of the dissertation, designed to help the reader know whether the rest of the document is likely to be useful to them.
Disclaimer
The following statement must be included on the page after your abstract: “This work is original and has not been previously submitted in support of any other course or qualification”. This must be signed and dated.
Dedication
When present the dedication should be no more than a few lines and should be placed upon its own page.
Acknowledgments
This is an opportunity to thank the people who have made your dissertation possible. Acknowledgments should be placed upon their own page and may take up several paragraphs, but should not be too effusive.
Table of Contents
This should illustrate the document structure as well as providing pointers into the document. After the abstract, the ToC is the first thing your reader will look at. It should help them to understand what information your dissertation contains, and how it is structured.
Main Body
Subsections
Within a chapter, sections, subsections, and sub-subsections are given titles called sub-headings, which are designated respectively First-, second-, third-level, sub-headings.
The different levels of sub-heading are usually visually differentiated from one another, e.g. using the different formatting levels available in MS Word. The purpose of sub-sections (and sub-headings) is to help both you and your reader see and understand the structure of your document, and to make the document as a whole easier to read and understand.
Introduction
Your first full chapter should be an introduction to the dissertation as a whole.
It should include brief descriptions of the following:-
 Why was the work undertaken?
 What scope was given?
 What were the limits imposed?
 What work has already been done in the field (without duplicating your literature review, which comes later)?
 An outline the problem being investigated, leading up to a statement of your hypothesis
 Finish your introduction with a list of the remaining chapters of your dissertation, with a brief description of the contents of each.
Chapters or their equivalents:
The main body of the dissertation is usually divided into chapters, each chapter beginning on a new page and having a title. Every chapter should have its own short introduction section, which explains how it follows on from the previous chapter, as well as a paragraph at the end which summarises the contents of the current chapter, and explains how it relates to the next one.
The structure of the rest of your dissertation should be structured as follows:-
 The Literature Review, which must be clearly relevant to the hypothesis, and cover your research methodology as well as the technical background to your project. Depending on your topic, you may need to include literature from other fields, covering social, legal, ethical, business or psychological aspects (for instance).
 The Methodology chapter explains what methods you will use to prove or disprove your hypothesis. You need to provide evidence that the methodology you have chosen is appropriate for your type of project, and will allow you to prove or disprove your hypothesis.
 The Implementation chapter (which might be divided into several chapters if the length requires it) describes the artefact you have created. This could involve programming,
scripting, databases, web technology, or a more analytical / human-centred approach such as systems analysis or user-centred design. It should contain a clear description of what you have built / created and how, along with references back to the information in your literature review. You must make it clear how your artefact is relevant to your hypothesis. It is also important to demonstrate how you have used the computer science / cybersecurity skills you have learned during your M.Sc. Do not rely only on a literature review or survey without first consulting your supervisor, as these approaches are not allowed for BCS-accredited courses, and are extremely difficult to carry out to Level 7 standard in any case.
 Testing & Results: You can only prove or disprove your hypothesis if you have done testing and / or theoretical analysis of some sort. Your testing methodology, test plan, results, and analysis of those results, are very important. They should have their own chapter.
 The Discussion and Conclusion chapter brings together information from your whole dissertation. You should remind the reader of the reasons why you undertook the project, your hypothesis, and key points from your literature review and methodology chapters. You should then summarise the work described in your implementation chapter, and refer back to the results described in your testing & results chapter. You can then discuss whether you have completely proved your hypothesis, partly proved it (or proved part of it), or completely disproved it. The chapter should be completed with a reflection on the importance of your results, what you have learned, and recommendations what next steps should be taken by other researchers building on your work.
References – Citations in the text
You must follow the APA Guidelines, or you will lose marks.
Reference List
As with in-text citations, you must follow the APA Guidelines, or you will lose marks. Do not include references which have not been cited in your text.
Appendices
The appendices should be reserved for detailed material that would spoil the flow of the presentation that is found in the main text. They are traditionally labelled using letters e.g. Appendix K, or roman numerals, Appendix XI. As usual, follow the APA referencing guidelines.
Examples of the kind of material usually put into appendices include:-
 Program code
 Ethical approval documents
 Large Tables for example:
o Raw data
o Raw results
o Statistical analysis
o Original qualitative analysis
o Extensive quotations from other authors, e.g. description of some methodological tool from a research paper
Generic Marking Criteria for Level 7
Explanatory Notes
The University classifies Level 7 Postgraduate Degrees with Distinction, Merit and Pass. Classifications are made at the point of award, using a formula set out in the Principles and Regulations. Further details and examples may be found on the Registry Services Portal pages.
The criteria offer descriptions of standards of achievement relating to six types of learning outcomes:
1. Knowledge and Understanding of the academic discipline, field of study, or area of professional practice
2. Research 1. Reading and Use of Appropriate Sources
3. Research 2. Methodology
4. Critical Analysis & Interpretation
5. Communication Skills: Creative, Written & Presented
6. Reflection: Critical Reflection and/or Personal and Professional Application
There are various descriptors under these headings, describing different aspects of understanding or skill and in marking bands of 0-100%. Assessors use the ones that apply to the particular outcomes you should demonstrate: if the learning outcomes of your module do not require (for example) critical self-reflection and professional skills, then those criteria do not apply. Distinction 90–100% Evidence of… Distinction 80-89% Evidence of… Distinction 70-79% Evidence of… Merit 60-69% Evidence of… Pass 50-59% Evidence of… Fail 40-49% Evidence of… Fail 30-39% Evidence of… Fail 20-29% Evidence of… Fail 10-19% Evidence of… Fail 0-9% Evidence of…
Knowledge
Knowledge and understanding of the academic discipline, field of study, or area of professional practice.
SCOPE: critical engagement with the primary and secondary
sources used to answer the
question.
Insightful and sophisticated
engagement with research
and/or practice pertaining to
field(s) and disciplines of study;
Sophisticated demonstration
and application of knowledge,
offering innovative and/or
original insights, possibly
unparalleled in their
application;
A sophisticated degree of
synthesis, quite likely of
complex and disparate
material.
Advanced engagement with
research and or practice
pertaining to the field(s) and
disciplines of study;
Accomplished demonstration of
knowledge, contributing
towards innovative and/or
original insights;
Extremely high degree of
synthesis of research material.
A high degree of engagement
with research and/or practice
pertaining to field(s) and
disciplines of study;
Excellent demonstration of
knowledge, with the possibility
for new insights;
A high degree of synthesis
relating to research material.
Sustained engagement with
research and/or practice
pertaining to disciplines of
study;
An assured understanding of
current problems, supported by
critical analysis with the
potential for new insights;
A sustained application and
depth of research material and
accuracy in detail.
Engagement with relevant
knowledge pertaining to
discipline and key issues;
Satisfactory understanding and
conceptual awareness enabling
critical analysis;
Response is appropriate and
addresses the range of
learning outcomes; where the
knowledge is accurate. Work
may lack sustained depth.
Unsatisfactory engagement
with relevant knowledge
pertaining to discipline and key
issues;
Insufficient understanding and
conceptual awareness of
knowledge(s) pertaining to the
field;
Response does not address
the full range of learning
outcomes, inaccurate and/or
missing knowledge at times.
Inadequate coverage of
relevant issues, inconsistent
understanding shown;
Inadequate understanding of
underpinning issues, weak and
underdeveloped analysis;
Response does not address
learning outcomes, inaccurate
and missing knowledge.
Lack of relevant research and
little understanding shown;
Very weak understanding of
key issues, work lacks critical
oversight;
Substandard engagement with
research material,
misunderstanding evident.
Severely lacking in relevant
research and underpinning
knowledge;
Slight understanding of key
issues, little attempt at critical
analysis;
Slight engagement with
research material, inaccurate
knowledge and misunderstanding throughout.
Negligible understanding of key
issues, which is likely to show
no critical analysis or
engagement with the learning
brief;
No engagement with research
tasks.
Distinction 90–100% Evidence of… Distinction 80-89% Evidence of… Distinction 70-79% Evidence of… Merit 60-69% Evidence of… Pass 50-59% Evidence of… Fail 40-49% Evidence of… Fail 30-39% Evidence of… Fail 20-29% Evidence of… Fail 10-19% Evidence of… Fail 0-9% Evidence of…
Sources
Reading and use of appropriate sources.
SCOPE: accurate and consistent
acknowledgment and referencing of sources.
Extensive range and
sophisticated use of
appropriate sources;
Unparalleled standard of
research both in breadth and
depth, which demonstrates a
very high intellectual
engagement and rigor.
Extensive range and use of
appropriate sources;
Extremely well referenced
research both in breadth and
depth, which demonstrates
high intellectual engagement
and rigor.
Substantial range and
sophisticated use of sources;
Well-referenced research both
in breadth and depth, which
demonstrates clear intellectual
rigor.
An assured range of reading,
with sustained reference to
key and core texts. The work
may include current research
at the leading edge of the
discipline;
Very good referencing in
breadth and/or depth, which
shows a very good level of
intellectual rigor;
Sources acknowledged
appropriately according to
academic conventions of
referencing.
A satisfactory range of core
and basic texts, which
references current research in
the discipline;
Sources acknowledged
appropriately according to
academic conventions of
referencing. The work may
contain minor errors and be
limited in breadth, depth and
intellectual rigor.
Insufficient range of source
reading of core and basic
texts;
Sources not acknowledged in
line with academic
conventions of referencing.
Reading material is
inadequate and may not
include core and basic texts;
Sources inaccurately
referenced.
Very weak engagement with
source reading of core and
basic texts;
Inconsistent and/or limited
referencing of sources.
Severely lacking source
reading;
Sources either not present
and/or not referenced.
Negligible attempt to identify
source material;
No indication of source
reading.
Methodology
SCOPE: critical engagement with
methodologies underpinning
original research or current
developments in the discipline.
Insightful and sophisticated
interpretation, application and
evaluation of the possibilities
and limitations of the
methodologies used by the
student and key
scholars/ practitioners
Advanced interpretation,
application and evaluation of
the possibilities and limitations
of the methodologies used by
the student and key
scholars/ practitioners
Excellent interpretation,
application and evaluation of
the possibilities and limitations
of the methodologies used by
the student and key
scholars/ practitioners
A comprehensive
understanding shown and a
sustained application of
established methodologies and methods applicable to the student’s own research;
A satisfactory application of
research techniques and
enquiry that are used to create
and interpret knowledge in the
discipline;
Research work planned
Unsatisfactory application of
research techniques pertaining
to the discipline;
Unsatisfactory research
undertaken, resulting in
underdeveloped and poorly
An underdeveloped
understanding of established
methodologies and those used
by the student;
Research work is weak and
executed inaccurately.
Very weak understanding of
established methodologies and
those used by student;
Substandard research,
methods mainly erroneous.
Research works show very
little planning and
understanding;
Erroneous use of methods to
explain the work.
Negligible understanding of
established research methods
and those used by the student;
No research methods evident.
Distinction 90–100% Evidence of… Distinction 80-89% Evidence of… Distinction 70-79% Evidence of… Merit 60-69% Evidence of… Pass 50-59% Evidence of… Fail 40-49% Evidence of… Fail 30-39% Evidence of… Fail 20-29% Evidence of… Fail 10-19% Evidence of… Fail 0-9% Evidence of…
pertaining to the field(s) of
study;
Methods used offer new
insights and contributions to
knowledge.
pertaining to the field(s) of
study;
Methods used contribute
towards new insights to
knowledge.
pertaining to the field(s) of
study;
Methods used may offer new
insights or contributions to
knowledge.
Research work planned in
scale and scope so that robust
and appropriate evidence can
be gathered and articulated.
systematically in scale and
scope so that appropriate
evidence can be gathered.
executed work.
Analysis
Critical analysis and interpretation.
SCOPE:
appropriate analytical
discussion and interpretation of source material.
A sophisticated command of
imaginative, insightful, original
or creative interpretations;
An unparalleled level of
analysis and evaluation;
A sophisticated cogent
argument offering new and
original contributions to
knowledge.
Advanced command of
imaginative, insightful, original
or creative interpretations;
Accomplished level of analysis
and evaluation;
A highly developed cogent
argument with the potential to
bring new and original
contributions to knowledge.
An excellent command of
imaginative, original or creative
interpretations;
A high degree of analysis and
evaluation;
A sustained argument with the
possibility for new insights to
knowledge.
A convincing and sustained
command of accepted critical
positions;
A developed conceptual
understanding that enables the student to find new meanings in established hypotheses;
A developed and sustained
argument with the possibility
for new insights to knowledge.
An ability to deal with complex
issues both systematically and
creatively;
A satisfactory evaluation of
current research and critical
scholarship in the discipline;
Ability to devise a coherent
critical/ analytical argument is
supported with evidence.
A lack of ability to deal with
complex issues;
Judgements not fully
substantiated and understood;
The ability to construct an
argument is underdeveloped
and not supported fully with
evidence.
A lack of ability to deal with
complex issues;
Judgements are not
substantiated or understood
and the critical position is not
made clear;
Weak interpretation of
research and work is not
supported with evidence.
Very weak analysis, possibly
limited to a single perspective;
Substandard argument, work
lacks scholarly analysis and
interpretation;
Episodes of self-contradiction
and/or confusion.
Slight indication of ability to
deal with key issues;
Slight analytical engagement
and reflection, work lacks
criticality throughout;
Lacks evidence, work shows
self-contradiction and
confusion.
Negligible coverage of learning
outcomes;
No attempt to interpret
research material.
Communication
Communication skills: creative, written and presented.
SCOPE: communication of intent, adherence to academic
A sophisticated response, the
academic form matches that
expected in published and
professional work;
Mastery and command of
specialist skills pertaining to the
Persuasive articulation, where
the academic form largely
matches that expected in
published work;
Accomplished command of
specialist skills pertaining to the
A high degree of skill, the
academic form shows
exceptional standards of
presentation or delivery;
A high command of specialist
Secure and sustained
expression, observing
appropriate academic form;
Fluent and persuasive
expression of ideas, work
shows flair;
Good expression, observing
appropriate academic form;
Predominantly accurate in
spelling and grammar, ideas
communicated appropriately
Unsatisfactory demonstration
and application of key
communication skills;
Recurring errors in spelling and
grammar, ideas limited and
underdeveloped, possibly poor
Significant errors evident in the
academic form;
Weaknesses in spelling and
grammar, lacks coherence and
structure, possibly poor
paraphrasing;
Very weak observation of
academic conventions;
Severe deficiencies in spelling
and grammar and expression
undermines meaning, possibly
Slight observation of academic
conventions;
Weak expression, mostly
incoherent and fails to secure
meaning, poor paraphrasing;
Slight engagement with the
Negligible observation of
academic conventions;
Incoherent and confused
expression, poor paraphrasing;
No discernible demonstration
Distinction 90–100% Evidence of… Distinction 80-89% Evidence of… Distinction 70-79% Evidence of… Merit 60-69% Evidence of… Pass 50-59% Evidence of… Fail 40-49% Evidence of… Fail 30-39% Evidence of… Fail 20-29% Evidence of… Fail 10-19% Evidence of… Fail 0-9% Evidence of…
subject discipline protocols.
academic form;
Idiomatic and highly coherent,
scholarly expression.
academic form, discipline and
context(s);
skills pertaining to the academic
form, discipline and context(s).
Assured interpretation of the
style and genre, content, form
and technique for specialist and
non-specialist audiences as
appropriate.
and satisfactorily;
Satisfactory application of
specialist skills with effective
technical control.
paraphrasing;
Skills demonstrated are
insufficient for the task and work
may lack technical judgement.
Work lacks technical
judgement.
poor paraphrasing;
Substandard relationship
between content, form and
technique.
work.
of key skills (pertaining to the
discipline);
No engagement with the work.
Reflection
Critical reflection and/or
personal and professional application.
SCOPE: Intellectual engagement with the processes by which the work is realised.
Insightful response to
critical self-evaluation,
reflecting exemplary
professional and/or
personal standards of
engagement and conduct
throughout;
Sophisticated application
of new insights (or highly
advanced application of
established ways of
working pertaining to the
discipline).
Advanced level of critical
self-evaluation, reflecting
professional and/or
personal standards of
engagement and conduct
throughout;
Accomplished application
of new insights (or
advanced application of
established ways of
working pertaining to the
discipline).
A high degree of critical
self-evaluation, reflecting
professional and/ or
personal standards of
engagement and conduct;
Excellent application of
new insights (or a highly
skilled application of
established ways of
working pertaining to the discipline).
An assured level of self-evaluation, reflecting
sustained professional
and/or personal standards
of engagement and
conduct;
Assured application of new
or established ways of
working;
Work evidences thorough
independent planning and
execution of key tasks.
A satisfactory self
evaluation, reflecting
appropriate standards of
professional and/or
personal engagement and
conduct;
Satisfactory engagement
with established ways of
working pertaining to the
discipline;
Independent planning and
execution.
Unsatisfactory self-evaluation
of professional
and/or personal
engagement and conduct;
Unsatisfactory
engagement with
established ways of
working pertaining to the
discipline;
Insufficient planning, work
not executed in full.
Weak self-evaluation of
professional and/or
personal engagement and
conduct;
Weak engagement with
established ways of
working pertaining to the
discipline;
Inadequate planning.
Very weak self-evaluation
of professional and/or
personal engagement and
conduct;
Substandard engagement
with established ways of
working;
Inappropriate execution of
work.
Slight evidence of self-evaluation of professional
and/or personal
engagement and conduct;
Inappropriate execution of
key tasks and work may
be a cause for concern.
Negligible evidence of self-evaluation of professional
and/or personal
engagement and conduct;
No engagement with
established ways of
working;
In professional or
equivalent contexts the
work will be cause for
concern.
Order Now

Calculate a fair price for your paper

Such a cheap price for your free time and healthy sleep

1650 words
-
-
Place an order within a couple of minutes.
Get guaranteed assistance and 100% confidentiality.
Total price: $78
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?