The Defense Advanced Research Projects Agency (DARPA) says that in the time it takes to identify new flaws and threats and patch them up – a process that can take over a year – bad guys can exploit them. Our slow reaction cycle gives hackers an offensive advantage.
As Naked Security reported, DARPA wants to speed up the reaction time by moving to automated cyber defense with machines that can "discover, prove and fix software flaws in real-time, without any assistance." Hence, the "world's first all-machine hacking tournament. On August 4th, DARPA's Cyber Grand Challenge (CGC) finals will take place in Las Vegas in the middle of the two of the biggest hacking conventions: Black Hat USA and DEF CON.
The goal is to find out whether artificial intelligence-fueled machines can beat even the best human hackers, according to Mike Walker, program manager for the CGC.
Seven finalist teams will be competing at the security shows. On June 3rd, finalists fielded an autonomous system that found and fixed enough vulnerabilities to gain an invitation to this final event. DARPA gave each team a computer that it had constructed. The teams' job was to recognize and understand the software on that system, sniff out flaws, and fix them.
But in the actual tournament, it's hands-off: the teams' artificial intelligence systems will be left to do those tasks, without human intervention. The machines have to comprehend the language of the software, author the logic for that software, write their own network clients, and arrive at the path of the new vulnerabilities entirely on their own.
The teams' AI systems can scan other machines, but they'll only be flagging any vulnerabilities they find, rather than exploiting them. The AI systems will flag the flaws to a DARPA referee, who will verify whether the vulnerability is correct and whether an exploit would bring down a machine.
The payouts are impressive: The first prize will be $2 million, while second and third will get $1 million and $750,000, respectively. A lot of AI enthusiasts (yes, me too) will be watching this pioneering moment.
Hat tip to Dave Ries.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology