Trading isn’t the only thing that happens in milliseconds nowadays, complicated exploits of computer systems happen just as fast — and
with astounding potential consequences.
The newest competition out of the Defence Advanced Research Projects Agency aims to create “fully automatic network defence systems” in order to mitigate these real-world consequences.
In other words, they want software systems that automatically detect, repair, and repel hacker attacks. Shorter terms: Artificial Intelligence (AI).
“The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” said Dan Kaufman, director of DARPA’s Information Innovation Office, which oversees the Challenge.
Often, hackers employ software exploits — called “Zero Day” exploits — that are custom designed; hacks known only to the hackers themselves. Software engineers, developers and more importantly, cyber security analysts, sometimes go completely unaware their systems are compromised until the damage is done.
“Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second,” said Mike Walker, DARPA program manager.
In less technical terms, DARPA wants software that detects when it’s been exploited, analyses how exactly it was exploited (identifies the Zero Day), and then automatically (writes code that?) patches itself — while red-flagging the problem to technicians.
Also they want the systems scanning themselves for weaknesses automatically, essentially identifying Zero Days before competing hackers.
“What if computers had a “check engine” light that could indicate new, novel security problems? What if computers could go one step further and heal security problems before they happen?”
The Pentagon’s defence research arm has made leaps and bounds recently in robotics due to their competitions, so they figured a competition for AI would yield similar results.
“With the Cyber Grand Challenge, we intend a similar revolution for information security. Today, our time to patch a newly discovered security flaw is measured in days,” said Walker.
DARPA envisions teams creating automated systems that would compete against each other to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. To succeed, competitors must bridge the expert gap between security software and cutting-edge program analysis research. The winning team would receive a cash prize of $US2 million.
Teams would score based on how capably their systems could protect hosts, scan the network for vulnerabilities and maintain the correct function of software. The winning team from the CGC finals would receive a cash prize of $US2 million, with second place earning $US1 million and third place taking home $US750,000.