In an attempt to determine if autonomous programs can single-handedly fight cybercriminals by finding and patching software vulnerabilities, DARPA (Defense Advanced Research Projects Agency) has set up a capture-the-flag challenge at Def Con, Vegas to find out if this can be achieved without human intervention.
While this is the first event of its kind ever, organizers have also invited the winning automated system to challenge a human team comprised of top capture-the-flag security researchers. With security vulnerabilities remaining unpatched for months at a time, security experts have long said security needs to evolve much faster.
“The Cyber Grand Challenge (CGC) seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance,” reads the official Cyber Grand Challenge website. “If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.”
The team that designs the best automated system and wins the competition will receive a $2 million prize, followed by $1 million second place and $750K third place. While the machine-to-machine competition is scheduled for August 4th 2016 at the Paris Hotel & Conference Center, Las Vegas, on August 5th 2016 the man-vs-machine challenge will be kick started.
“Unlike the case with self-driving cars, where the path to full autonomy, while challenging, is now just a matter of technological advances, we still don’t know if autonomy involving the kind of reasoning that’s required for cyber defense makes conceptual sense,” said Mike Walker, the DARPA program manager who launched the Cyber Grand Challenge in 2013. “We certainly don’t expect any machine to win against humans at DEF CON this year. But at a minimum we’ll learn a lot from seeing how the systems fare against each other, and if we can even provide a clear proof of concept for autonomous cyber defense, that would be revolutionary.”
Walker also said that, while he does not believe machines will win this year against their human “sparring” partners, he compared this event with the Wright brothers’ first flight that opened up a new era in space aviation. Hoping attackers will be stopped far faster by automated systems than actual researchers, Walker hopes for a major paradigm shift in the world of cybersecurity by using such systems.
The CGC event in Vegas is free and open to the press and it will be accompanied by live commentaries.