Robocop is (almost) here : Artificial Intelligence in your Security Team

DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.

The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting of chimpanzee testicles to human scrotum (Talk about unleashing the beast).

But the Olympics have been a frontier for individuals flexing their physical muscles and achieving greatness. Well, it’s time for it to move over to the Cyber Grand Challenge (CGC) is here. Individuals wanting to showcase their brain muscles in a competition could change how we defend against cyber attacks.

The challenge organized by the Defense Advanced Research Projects Agency (DARPA) of the United States where the seven finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.
Artificial Intelligence CGC EventFirstAutomatedNetDefense-600

In a press statement they stated their desire to automate the entire computer cycle to respond to flaws. At an average, a hacker has approximately 312 days to exploit a zero-day vulnerability before it gets patched by human experts. This could potentially change the face of vulnerability detection in a huge way.

“Today’s approach to cybersecurity depends on computer security experts: experts identify new flaws and threats and remediate them by hand. This process can take over a year from first detection to the deployment of a solution, by which time critical systems may have already been breached. This slow reaction cycle has created a permanent offensive advantage.” states the DARPA

“The Cyber Grand Challenge (CGC) seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance. If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.”

In an article on LinkedIn Robocop on your Security Team, a basic discussion on how Machine Learning could help embed human-like intuition to aid in Cyber Defence is tells how today’s cyber security defence relies on manual scanning and finding out vulnerable processes . This is a tedious affair and is reliant on the security teams snap judgement based on incomplete data. The coming of AI could aid in this task better.

The seven finalist teams hope to stand apart and raise the bar for AI in security. The cash prizes for the top three would be a walloping U.S. $2 million prize for first place, $1 million for second place, and $750,000 for third place. DEF CON, the worlds largest hacker conference held in Las Vegas yearly, has had many Capture The Flag (CTF) games, but the CGC could be the hardest version of a CTF challenge in its history.

The participant hackers would be competing against the AI to attack and defend against attacks. The participants would be scanning the network and servers for vulnerabilities and report to the referee. The vulnerability and an estimate of when a software crash might happen would be reported and relevant points would get allocated. Competing with the AI would bring major insights into Cyber Defence automation.

Speculating the future capabilities of such AI would benefit both commercial and military use. The downside of this would be the misuse of such AI to cause massive cyber attacks. Thus an Open Source version of a defence AI would then be available for users , much of what Elon Musk had recently spoken about at Code 2016. His OpenAI venture is to give users an equal opportunity to have an AI of their own and not be at the whims of commercial AI.

AI for Cyber Security is still in its infancy and has to overcome many challenges . In recent reports which stated how automation in the industry was eating up jobs, the existence of an automated flaw finder does cause worry. Thankfully, it seems that it might not replace human experts anytime soon but would be a valued member on your team.

The CGC might not get a similar viewership like the Rio Olympics, but it could set new records in finding flaws and show a digital spirit of sportsmanship and ballsy approach to security minus the chimp testicles.

Let the Games Begin !!

About the Author: Joshua Bahirvani

Cyber Security Enthusiast and believer of Privacy in this Digital Age.

LinkedIn : https://in.linkedin.com/in/jbahirvani15

Peerlyst: https://www.peerlyst.com/users/joshua-bahirvani

Twitter : @B15joshua

Medium : @jbahirvani15

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Artificial Intelligence, threat intelligence)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.