At the Def Con hacker conference in Las Vegas this week, a program dubbed “Mayhem” won the DARPA Cyber Grand Challenge, a competition set up by the Defense Advanced Research Projects Agency (DARPA) aimed at generating interest and innovation in autonomous security systems.
The winning program was created by eight computer experts from San Francisco and Pittsburgh, Pennsylvania. They are affiliated with Carnegie Mellon University, whose teams often earn top scores in the annual Def Con hacking contest. Team Forallsecure, the group that created Mayhem, received $ 2 million to continue work on the program.
Mayhem is also set compete today against Carnegie Mellon students and other top-shelf hackers, marking the first time a computer has competed in a Def Con tournament. Mayhem took an early lead in the tournament and overcame a late crash that held it scoreless in some rounds.
Crowded Field
Second place in the DARPA Cyber Grand Challenge went to a program called Xandra that was created by security experts from the University of Virginia and GrammaTech Inc. That team earned $ 1 million. The third-place finisher, Mech Phish, was developed by students at the University of California, who received $ 750,000.
A series of preliminary competitions resulted in seven finalist teams that competed at Def Con. The teams of competitors came from universities, software engineering firms and security startups.
The top prizes in the competition go to software that does the best job of automatically defending against cyberattacks. The event was intended to encourage techniques that can find and fix bugs in code far faster than humans can.
While it can potentially take months or even years for humans to root out bugs, automated programs can do the job much more quickly, leaving systems vulnerable for less time while patches are created. Those types of smart security systems will be more crucial as the world’s dependence on computer systems continues to grow, according to the event’s organizers.
95 Rounds
Held in a ballroom in the Paris Casino on the Las Vegas strip, the Cyber Grand Challenge is based on the so-called “Capture the Flag” hacker tournaments often run at conventions of security experts. Those competitions call for small teams to analyze code to find bugs, which they then attempt to patch to protect their own virtual territories while trying to exploit those same bugs to attack competing teams.
All told, this year’s Cyber Challenge ran for eight hours over 95 separate rounds, with a live audience for the closing rounds. Some of the rounds used such infamous software bugs as Heartbleed, SQL Slammer and Crackaddr, to determine whether automated programs could do a better job of finding fixes than humans did when those bugs first appeared.
“The [Cyber Grand Challenge] seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance,” according to DARPA. “If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.”