view counter

CybersecurityInformation assurance specialist licenses ORNL malware detection technology

Published 21 January 2015

Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cybersecurity technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat. By computing and analyzing program behaviors associated with harmful intent, Hyperion technology can look inside an executable program to determine the software’s behavior without using its source code or running the program.

Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cybersecurity technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat.

By computing and analyzing program behaviors associated with harmful intent, ORNL’s Hyperion technology can look inside an executable program to determine the software’s behavior without using its source code or running the program, according to one of its inventors, Stacy Prowell of ORNL’s Cyber Warfare Research team.

“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “This technology helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”

An ORNL release says that Hyperion, which has been under development for a decade, offers more comprehensive scanning capabilities than existing cyber security methods.

“This approach is better than signature detection, which only searches for patterns of bytes,” Prowell said. “It’s easy for somebody to hide that — they can break it up and scatter it about the program so it won’t match any signature.”

R&K Cyber Solutions expects to make the technology available this month.

“Software behavior computation is an emerging science and technology that will have a profound effect on malware analysis and software assurance,” said R&K Cyber Solutions CEO Joseph Carter. “Computed behavior based on deep functional semantics is a much-needed cyber security approach that has not been previously available. Unlike current methods, behavior computation does not look at surface structure. Rather, it looks at deeper behavioral patterns.”

Carter adds that technology’s malware analysis capabilities can be applied to multiple related cyber security problems, including software assurance in the absence of source code, hardware and software data exploitation and forensics, supply chain security analysis, anti-tamper analysis and potential first intrusion detection systems based on behavior semantics.

R&K Cyber Solutions specializes in information assurance services and certified security processes for federal government and selected commercial customers.

The release notes that the licensed intellectual property includes two patent-pending technologies invented by Kirk Sayre of the Computational Sciences and Engineering Division and Richard Willems and former ORNL employee Stephen Lindberg of the Electrical and Electronics Systems Research Division. Others contributing to the technology were David Heise, Kelly Huffer, Logan Lamb, Mark Pleszkoch and Joel Reed of the Computational Sciences and Engineering Division.

ORNL says that Hyperion further strengthens the cybersecurity of critical energy infrastructure by providing evidence of the secure functioning of energy delivery control system devices without requiring disclosure of the source code. This advances the vision of resilient energy delivery systems designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions, as articulated in the energy sector’s Roadmap to Achieve Energy Delivery Systems Cybersecurity.

view counter
view counter