ORNL licenses malware detection technology

ORNL licenses malware detection technology

Oak Ridge National Lab recently announced that malware forensics detection and software assurance technology it had developed was licensed to the private sector.

The lab’s Hyperion tool, which can recognize malicious software even if a specific program has not been previously identified as a threat, was licensed to R&K Cyber Solutions LLC of Manassas, Va., Oak Ridge said.

By computing and analyzing behaviors associated with harmful intent, ORNL’s Hyperion can look inside an executable program to determine the software’s behavior without using its source code or running the program, according to one of its inventors, Stacy Prowell of ORNL’s Cyber Warfare Research team.

“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “This technology helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”

Hyperion, which has been under development for a decade, offers more comprehensive scanning capabilities than existing cyber security methods.

Its malware analysis features can be applied to multiple cybersecurity problems, including software assurance in the absence of source code, hardware and software data exploitation and forensics, supply chain security, anti-tamper analysis and potential first intrusion detection based on behavior semantics, said R&K Cyber Solutions CEO Joseph Carter.

“Software behavior computation is an emerging science and technology that will have a profound effect on malware analysis and software assurance,” Carter said.  “Computed behavior based on deep functional semantics is a much-needed cybersecurity approach that has not been previously available.”

R&K Cyber Solutions specializes in information assurance services and certified security processes for federal government and selected commercial customers.  The company expects to make the technology available in January.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected