Skip to main content

R&K Cyber Solutions licenses ORNL malware detection technology

OAK RIDGE, Tenn., Jan. 16, 2015—Washington, D.C.-based R&K Cyber Solutions LLC (R&K) has licensed Hyperion, a cyber security technology from the Department of Energy's Oak Ridge National Laboratory that can quickly recognize malicious software even if the specific program has not been previously identified as a threat.

By computing and analyzing program behaviors associated with harmful intent, ORNL’s Hyperion technology can look inside an executable program to determine the software’s behavior without using its source code or running the program, according to one of its inventors, Stacy Prowell of ORNL’s Cyber Warfare Research team.

“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “This technology helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”

Hyperion, which has been under development for a decade, offers more comprehensive scanning capabilities than existing cyber security methods.

“This approach is better than signature detection, which only searches for patterns of bytes,” Prowell said. “It’s easy for somebody to hide that—they can break it up and scatter it about the program so it won’t match any signature.”

R&K Cyber Solutions expects to make the technology available in January.

“Software behavior computation is an emerging science and technology that will have a profound effect on malware analysis and software assurance,” said R&K Cyber Solutions CEO Joseph Carter. “Computed behavior based on deep functional semantics is a much-needed cyber security approach that has not been previously available.  Unlike current methods, behavior computation does not look at surface structure. Rather, it looks at deeper behavioral patterns.”

Carter adds that technology’s malware analysis capabilities can be applied to multiple related cyber security problems, including software assurance in the absence of source code, hardware and software data exploitation and forensics, supply chain security analysis, anti-tamper analysis and potential first intrusion detection systems based on behavior semantics.

R&K Cyber Solutions ( specializes in information assurance services and certified security processes for federal government and selected commercial customers.

The licensed intellectual property includes two patent-pending technologies invented by Kirk Sayre of the Computational Sciences and Engineering Division and Richard Willems and former ORNL employee Stephen Lindberg of the Electrical and Electronics Systems Research Division. Others contributing to the technology were David Heise, Kelly Huffer, Logan Lamb, Rick Linger, Mark Pleszkoch and Joel Reed of the Computational Sciences and Engineering Division.

DOE’s Cybersecurity for Energy Delivery Systems program within the Office of Electricity Delivery and Energy Reliability funded portions of this technology.

Hyperion further strengthens the cybersecurity of critical energy infrastructure by providing evidence of the secure functioning of energy delivery control system devices without requiring disclosure of the source code. This advances the vision of resilient energy delivery systems designed, installed, operated and maintained to survive a cyber incident while sustaining critical functions, as articulated in the energy sector’s Roadmap to Achieve Energy Delivery Systems Cybersecurity.

UT-Battelle manages ORNL for the Department of Energy's Office of Science. The Office of Science is the single largest supporter of basic research in the physical sciences in the United States, and is working to address some of the most pressing challenges of our time. For more information, please visit