Why we can’t detect all security loopholes and patch them before hackers exploit them?
Because… we know that humans are too slow at finding and fixing security bugs, which is why vulnerabilities like Heartbleed, POODLE and GHOST remained undetected for decades and rendered almost half of the Internet vulnerable to theft by the time patches were rolled out.
Now to solve this hurdle, DARPA has come up with an idea: To build a smart Artificial Intelligence System that will automatically detect and even patch security flaws in a system.
Isn’t it a revolutionary idea for Internet Security?
The Defense Advanced Research Projects Agency (DARPA) has selected seven teams of finalists who will face off in a historic battle, as each tries to defend themselves and find out flaws without any human control.
The DARPA Cyber Grand Challenge will be held at the annual DEF CON hacking conference in Las Vegas next month.
Winner team will be awarded $2 MILLION in Prize Money
The winner team will be awarded a prize money of $2 Million for building a system that can not only detect vulnerabilities but also write its own patches and deploy them without crashing.
“Cyber Grand Challenge [CGC] is about bringing autonomy to the cyber domain,” CGC program manager Mike Walker said in a conference call Wednesday. “What we hope to see is proof that the entire security lifecycle can be automated.”
Walker said software bugs go undetected for an average of 312 days, which hackers can often exploit. In fact, even after detecting the flaws, the human takes much time to understand the bugs, develop patches, and then release them to the broader community.
The CGC aims to make this issue much easier, building a system that can sniff out software vulnerabilities and fix them within minutes, or even seconds, automatically.
Recognize, Detect and Fix Issues without Human Intervention
For Cyber Grand Challenge, the seven teams of finalists will be given a DARPA-constructed computer powered by a thousand Intel Xeon processor cores and 16TB (terabytes) of RAM.
Each team has the task to program their machine with a “cyber reasoning system” that will be able to recognize and understand previously-undisclosed software, detect its flaws, and fix them without human intervention.
Moreover, once the challenge starts, the teams will not be able to jump on their machine’s keyboards and do anything more.
The cyber reasoning systems will be networked in such a way that the teams can also examine their competitors’ systems for issues, but can’t actually hack them, and get extra points if they are able to generate automatically proof-of-concept (POC) exploits for flaws found in their opponents.
The contest will be held at 5 pm on August 4 for over 10 hours in the Paris hotel ballroom in Las Vegas. The first winner team will take home $2 Million in prize money, while the second and third winner will get $1 Million and $750,000, respectively.
After the competition, all the teams’ code, along with DARPA’s own test code, will be made available online under an open-source license.