Pierluigi Paganini July 18, 2016

DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.

The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting of chimpanzee testicles to human scrotum (Talk about unleashing the beast).

But the Olympics have been a frontier for individuals flexing their physical muscles and achieving greatness. Well, it’s time for it to move over to the Cyber Grand Challenge (CGC) is here.  Individuals wanting to showcase their brain muscles in a competition could change how we defend against cyber attacks.

The challenge organized by the Defense Advanced Research Projects Agency (DARPA) of the United States where the seven finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.

In a press statement they stated their desire to automate the entire computer cycle to respond to flaws. At an average, a hacker has approximately 312 days to exploit a zero-day vulnerability before it gets patched by human experts. This could potentially change the face of vulnerability detection in a huge way.

“Today’s approach to cybersecurity depends on computer security experts: experts identify new flaws and threats and remediate them by hand. This process can take over a year from first detection to the deployment of a solution, by which time critical systems may have already been breached. This slow reaction cycle has created a permanent offensive advantage.” states the DARPA

“The Cyber Grand Challenge (CGC) seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance. If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.”

In an article on LinkedIn Robocop on your Security Team, a basic discussion on how Machine Learning could help embed human-like intuition  to aid in Cyber Defence is tells how today’s cyber security defence relies on manual scanning and finding out vulnerable processes . This is a tedious affair and is reliant on the security teams snap judgement based on incomplete data. The coming of AI could aid in this task better.

The seven finalist teams hope to stand apart and raise the bar for AI in security. The cash prizes for the top three would be a walloping U.S. $2 million prize for first place, $1 million for second place, and $750,000 for third place. DEF CON, the worlds largest hacker conference held in Las Vegas yearly, has had many Capture The Flag (CTF) games, but the CGC could be the hardest version of a CTF challenge in its history.

The participant hackers would be competing against  the AI to attack and defend against attacks. The participants would be scanning the network and servers for vulnerabilities and report to the referee. The vulnerability and an estimate of when a software crash might happen would be reported and relevant points would get allocated. Competing with the AI would bring major insights into Cyber Defence automation.

Speculating the future capabilities of such AI would benefit both commercial and military use. The downside of this would be the misuse of such AI to cause massive cyber attacks. Thus an Open Source version of a defence AI would then be available for users , much of what Elon Musk had recently spoken about at Code 2016. His OpenAI venture is to give users an equal opportunity to have an AI of their own and not be at the whims of commercial AI.

AI for Cyber Security is still in its infancy and has to overcome many challenges . In recent reports which stated how automation in the industry was eating up jobs, the existence of an automated flaw finder does cause worry. Thankfully, it seems that it might not replace human experts anytime  soon but would be a valued member on your team.

The CGC might not get a similar viewership like the Rio Olympics, but it could set new records in finding flaws and show a digital spirit of sportsmanship and ballsy approach to security minus the chimp testicles.

Let the Games Begin !!

About the Author: Joshua Bahirvani

Cyber Security Enthusiast and believer of Privacy in this Digital Age.

LinkedIn : https://in.linkedin.com/in/jbahirvani15

Peerlyst: https://www.peerlyst.com/users/joshua-bahirvani

Twitter : @B15joshua

Medium : @jbahirvani15

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Artificial Intelligence, threat intelligence)