The Defense Advanced Research Projects Agency (DARPA) today called upon the greatest cybersecurity experts to participate in what the group is calling the world's first tournament to see who can build the best fully automatic network defense system.
The Cyber Grand Challenge (CGC) will pit teams that will create automated systems that will compete in real-time to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. The CGC's goal is to vastly improve the speed and effectiveness of IT security against escalating cyber threats, DARPA says. The winning team from the CGC finals would receive a cash prize of $2 million, with second place earning $1 million and third place taking home $750,000.
"With the Cyber Grand Challenge, we intend a similar revolution for information security. Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second," said Mike Walker, DARPA program manager in a statement.
Currently, network Intrusion Detection Systems, software security patches, and vulnerability scanners are all forms of signature based defense: defensive systems which act on discrete quanta of human knowledge. Human analysts develop these signatures through a process of reasoning about software. In addition, automated program analysis capabilities are able to assist the work of human software analysts. These automation technologies include Dynamic Analysis, Static Analysis, Symbolic Execution, Constraint Solving, Data Flow Tracking, Fuzz Testing, and a multitude of related technologies.
In fully autonomous defense, a cyber system capable of reasoning about software will create its own knowledge, autonomously emitting and using knowledge quanta such as vulnerability scanner signatures, intrusion detection signatures, and security patches, DARPA stated.
In the Cyber Grand Challenge, a competitor will improve and combine these semi-automated technologies into an unmanned Cyber Reasoning System that can autonomously reason about novel program flaws, prove the existence of flaws in networked applications, and formulate effective defenses. The performance of these automated systems will be evaluated through head-to-head tournament style competition.
The CGC program will draw widespread attention to the technology issues associated with autonomous software comprehension and motivate entrants to overcome technical challenges to realize truly effective autonomous cyber defense. This program will challenge the most capable and innovative companies, institutions, and entrepreneurs to produce breakthroughs in capability and performance, DARPA stated.
The cyber competition will take place on a network framework purpose-built to interface with automatic systems. Competitors would navigate a series of challenges, starting with a qualifying event in which a collection of software must be automatically analyzed. Competitors would qualify by automatically identifying, analyzing and repairing software flaws, DARPA said.
The agency intends to invite a select group of top competitors s from the qualifying event to the Cyber Grand Challenge final event, slated for early to mid-2016. In that competition, each team's system would automatically identify software flaws, scanning the network to identify affected hosts. Teams would score based on how capably their systems could protect hosts, scan the network for vulnerabilities and maintain the correct function of software.
To encourage widespread participation and teaming, DARPA plans to host teaming forums on the CGC website at www.darpa.mil/cybergrandchallenge.
For specific rules go here.
DARPA has been sponsoring Grand Challenge competitions for years. The idea typically is to get the nation's best and brightest in a particular area to focus on revolutionary research. In the past the agency has developed autonomous cars and space technology in this fashion. NASA and other agencies have mimicked DARPA's success in running these events.
Check out these other hot stories: