“We’ve proven that this automation is possible”, said Mike Walker, program manager for the Cyber Grand Challenge. Mayhem is the unit own by him which was declared as the preliminary victor in the contest.
Advertisement
Mayhem is expected to be invited to compete against humans on Friday at DEF CON.
“I’m confident it will speed the day when networked attackers no longer have the inherent advantage they enjoy today”, Walker said. At a live event Thursday evening in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag”.
During the 12-hour “capture the flag” tournament, the teams were scored on how well their systems “protected hosts, scanned the network for vulnerabilities and maintained the correct function of software”.
“Our software scientists are world-class experts in bug and vulnerability discovery, binary analysis, security monitoring, and software transformations”, explained David Melski, Vice President of Research at GrammaTech.
The competition itself has actually been running for the last 3 years, and by the time of the conference this year, only 7 competitors were left in the running. “The Cyber Grand Challenge was a ideal opportunity for us to integrate our technologies and demonstrate their combined potential to defend the world’s critical software infrastructure”.
In Thursday’s competition, Xandra, a computer system designed by TechX, a team from Ithaca, N.Y. and the University of Virginia, took second place, winning $1 million. As medical equipment, automobiles and home appliances increasingly connect to public networks to create the so-called Internet of things, cyber attacks could become even more risky. Keeping all of that software secure has become an overwhelming scenario for humans acting alone.
However, they stressed the importance of DARPA’s research on automated cybersecurity systems. Organizers said they would review the results overnight and confirm the results on Friday.
“It’s a much faster way of searching through programs than by hand”, said Tyler Nighswander, a software engineer with ForAllSecure.
Brumley, however, doesn’t foresee computers, even autonomous systems, replacing people in all areas of cybersecurity.
Advertisement
Each year human hackers have played this game and this year the human hackers was replaced with computers and the computers played the game on their own while they did not take any help from their human creators. “You always want that human spark of creativity, and that’s something the computer will never have”. The end of a three year competition, the CGC’s grand prize of $2 million cash pushed some of the best minds in cybersecurity to give it their all.
