Masters Thesis Defense “Malware Analysis Skills Taught in University Courses” By Swetha Gorugantu

Tuesday, April 24, 11 am to 1 pm
Campus: 
Dayton
405-C Russ Engineering
Audience: 
Current Students
Faculty

Committee:  Drs. Michelle Cheatham, Advisor, Yong Pei, and Mateen Rizki

ABSTRACT:

Career opportunities for malware analysts are growing at a fast pace due to the evolving nature of cyber threats as well as the necessity to counter them. However, employers are often unable to hire analysts fast though due to a lack of the required skillset. Hence, the primary purpose of the thesis is to conduct a gap analysis between the binary analysis skills taught in universities with those that the recruiters are looking for. Malware can be analyzed using three main types of tools and techniques: high-level profiling, static analysis and dynamic analysis. These methods provide detailed information about the functionality and behavior of the binary executable. To determine the relevant courses taught in universities, three different set of universities were used which consisted of the NSA accredited colleges, top universities in computer science and top cybersecurity colleges across the world. Based on the analysis, it can be observed that there are few universities that offer cybersecurity programs, among which very few offer a course in malware analysis. To shortlist the skills necessary for career opportunities in the field of malware analysis, a list of job descriptions from three employment-related social networking sites, LinkedIn, Indeed and Glassdoor, were collected. From the inventory of job postings, it can be noticed that most of the openings require experience with malware and reverse engineering tools. The dataset of university courses was compared and paralleled with the dataset of job descriptions using three analysis methods: LDAviz tool, a word cloud generator and a pie chart model. Based on the study, it can be concluded that though there are very few universities that teach cyber security analysis as part of their curriculum, they are exceptionally doing well in meeting the current needs of the industry. The only exception is a lack of coverage of topics like threat analysis, incident response, and computer forensics. However, it would be highly beneficial if all the schools could expand their programs and offerings in the field of Malware analysis so that young talent could easily fill these roles.

For information, contact