The Defense Advanced Research Projects Agency (DARPA) will host the first all-machine cyber defense tournament this fall to improve research in the advancement and automation of cyber defense systems.
The goal of the Cyber Grand Challenge (CGC), which will be held on Aug. 4, is to automate cyber threat detection processes by creating machines that can identify and fix software flaws in real-time.
Mike Walker, program manager for CGC, said the current reaction to unknown software flaws is entirely manual. It typically takes about a year to identify, comprehend and react to an unknown system flaw. The competition aims to reduce this timeline down to minutes or seconds.
“We want to build autonomous systems that can arrive at their own insights about unknown flaws, do their own analysis, make their own risk-equity decisions about when to field a patch and how to image that patching process autonomously,” Walker said.
DARPA is an agency within the US Department of Defense responsible for investing in technologies pivotal to improving national security, with a focus on the nation’s military services. DARPA first launched the challenge in 2013 and has so far spent $55 million on the effort.
Seven finalists–who were selected through a qualifying competition in June–will compete in this year’s 10-hour long event.
Cyber Security and Development Solutions (CSDS) is among the finalists and is the only system that was built entirely from scratch, according to the company. Other finalists include: Deep Red, Disekt, ForAllSecure, Shellphish, TECHx, and CodeJitsu.
The teams will compete for nearly $4 million in prizes during the Capture-the-Flag game. The machines competing are DARPA-constructed high-performance computers and will operate on a system only used for computer security research.
During the contest, artificial intelligence systems created by each of the teams will reverse-engineer software, identify weaknesses and deeply hidden flaws and create replacements on the spot. DARPA officials said every piece of software created by the machines during the competition will be accessible on a public server.
The event is co-located with DEF CON, one of the world’s largest hacker conventions. Both events will be held in Las Vegas.
DEF CON organizers have invited the winner of the CGC competition to compete against the world’s best human hackers in their own Capture the Flag competition on Aug. 5. This is the first time a mechanical contestant will be included in DEF CON’s event.
“We certainly don’t expect any machine to win against humans at DEF CON this year. But at a minimum we’ll learn a lot from seeing how the systems fare against each other,” Walker said. “And if we can even provide a clear proof of concept for autonomous cyber defense, that would be revolutionary.”