A company based in Washington, D.C., has licensed a cyber security technology from Oak Ridge National Laboratory that can quickly recognize malicious software—even if the specific program has not been previously identified as a threat.
Named Hyperion, the cyber security technology has been licensed by R&K Cyber Solutions LLC, or R&K.
The ORNL technology can look inside an executable program to determine the software’s behavior without using its source code or running the program, according to one of its inventors, Stacy Prowell of ORNL’s Cyber Warfare Research team. Hyperion computes and analyzes program behaviors associated with harmful intent, a press release said.
“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “This technology helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”
Hyperion, which has been under development for a decade, offers more comprehensive scanning capabilities than existing cyber security methods.
“This approach is better than signature detection, which only searches for patterns of bytes,” Prowell said. “It’s easy for somebody to hide that—they can break it up and scatter it about the program so it won’t match any signature.”
R&K Cyber Solutions expects to make the technology available in January.
“Software behavior computation is an emerging science and technology that will have a profound effect on malware analysis and software assurance,” said R&K Cyber Solutions Chief Executive Officer Joseph Carter. “Computed behavior based on deep functional semantics is a much-needed cyber security approach that has not been previously available. Unlike current methods, behavior computation does not look at surface structure. Rather, it looks at deeper behavioral patterns.”
Carter adds that technology’s malware analysis capabilities can be applied to multiple related cyber security problems, including software assurance in the absence of source code, hardware and software data exploitation and forensics, supply chain security analysis, anti-tamper analysis, and potential first intrusion detection systems based on behavior semantics.
R&K Cyber Solutions specializes in information assurance services and certified security processes for federal government and selected commercial customers.
The licensed intellectual property includes two patent-pending technologies invented by Kirk Sayre of the Computational Sciences and Engineering Division and Richard Willems and former ORNL employee Stephen Lindberg of the Electrical and Electronics Systems Research Division. Others contributing to the technology were David Heise, Kelly Huffer, Logan Lamb, Mark Pleszkoch, and Joel Reed of the Computational Sciences and Engineering Division.
The U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems program within the Office of Electricity Delivery and Energy Reliability funded portions of this technology. ORNL is a DOE lab.