Mad-tech labcoat-sporters DARPA pit infosec AI against itself

It's the Cyber Grand Challenge


The US Defence Advanced Research Projects Agency, DARPA, will host the final round of the world’s first AI hacking tournament in Las Vegas today, where seven teams of competitors will take their custom-built autonomous cyber reasoning systems into battle.

Prestige and technological achievement in the field of AI cyber security aren’t the only motivators behind this competition. Winners of the Cyber Grand Challenge will also get to take home a generous prize of $2m.

The seven teams are made up of academics, white-hat hackers and private-sector cyber systems experts.

All teams will compete in a computer security version of Capture The Flag. The contest pushes cyber reasoning systems (CRS) to hunt for security bugs in software as well as defending their own system, whilst attacking opponents.

Points will be lost if the CRS cannot defend against attacks or if it doesn’t come up with effective patches.

But unlike the world's largest hacker convention, DEF CON, the Cyber Grand Challenge finale will not feature any hackers furiously bashing out lines of code. Instead, hackers will take a step back and let their CRS do all the work.

Team Shellphish, led by Professor Giovanni Vigna, director of the Centre for CyberSecurity at the University of California, Santa Barbara, said that all they’ll be able to do is cross their fingers.

Participants have to write and run autonomous algorithms that can find and patch security flaws.

Photo credit: DARPA

The software uses some aspects of machine learning to analyse code but is more of an expert system, Vigna told The Register.

In AI, an expert system is built to make decisions based on the evidence it has gathered. “It codifies what a human hacker would do,” said Vigna.

“The expert system is able to characterise states of the binary programme it finds interesting. It looks for features in the programme, for example how much memory has been allocated for certain parts of the programme that could mean it was a possible threat.”

After it has caught a security bug, the system exterminates the bug by executing a patch that has been programmed.

The power of the CRS is that it can learn and adapt to different situations, and is intended to be more creative than regular programmes.

Despite the hands-off approach, the hackers will still be nervous, Vigna said. “For two months we built this cyber reasoning system, but if one mistake is made and the system crashes and can’t recover then we are out of the competition. That can happen, and I imagine that could be a problem for a couple of teams.

“It’s like training your kid in Judo then putting it in a room with other kids that have been trained as well, and you don’t know what’s going to happen.”

DARPA are interested in investing into emerging technologies for defence purposes, and the Cyber Grand Challenge isn’t DARPA’s first competition that shows their interest in AI.

There are also Grand Challenges for autonomous cars and robotics. Interest in CRS is growing as it can perform specific tasks at much quicker rate than human hackers can. ®


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022