Calling all security gods – DARPA has $2 million cyberthreat challenge for you

DARPA uncorks Cyber Grand Challenge targeting automated security projects

darpa
The Defense Advanced Research Projects Agency (DARPA) today called upon the greatest cybersecurity experts to participate in what the group is calling the world's first tournament to see who can build the best fully automatic network defense system.

The Cyber Grand Challenge (CGC) will pit teams that will create automated systems that will compete in real-time to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. The CGC's goal is to vastly improve the speed and effectiveness of IT security against escalating cyber threats, DARPA says.  The winning team from the CGC finals would receive a cash prize of $2 million, with second place earning $1 million and third place taking home $750,000.

[RELATED: DARPA hunts airplane-like spacecraft that can go Mach 10]

"With the Cyber Grand Challenge, we intend a similar revolution for information security. Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second," said Mike Walker, DARPA program manager in a statement.

Currently, network Intrusion Detection Systems, software security patches, and vulnerability scanners are all forms of signature based defense: defensive systems which act on discrete quanta of human knowledge.  Human analysts develop these signatures through a process of reasoning about software. In addition, automated program analysis capabilities are able to assist the work of human software analysts. These automation technologies include Dynamic Analysis, Static Analysis, Symbolic Execution, Constraint Solving, Data Flow Tracking, Fuzz Testing, and a multitude of related technologies.

In fully autonomous defense, a cyber system capable of reasoning about software will create its own knowledge, autonomously emitting and using knowledge quanta such as vulnerability scanner signatures, intrusion detection signatures, and security patches, DARPA stated.

In the Cyber Grand Challenge, a competitor will improve and combine these semi-automated technologies into an unmanned Cyber Reasoning System that can autonomously reason about novel program flaws, prove the existence of flaws in networked applications, and formulate effective defenses. The performance of these automated systems will be evaluated through head-to-head tournament style competition.

The CGC program will draw widespread attention to the technology issues associated with autonomous software comprehension and motivate entrants to overcome technical challenges to realize truly effective autonomous cyber defense. This program will challenge the most capable and innovative companies, institutions, and entrepreneurs to produce breakthroughs in capability and performance, DARPA stated.

The cyber competition will take place on a network framework purpose-built to interface with automatic systems. Competitors would navigate a series of challenges, starting with a qualifying event in which a collection of software must be automatically analyzed. Competitors would qualify by automatically identifying, analyzing and repairing software flaws, DARPA said.

[MORE: The weirdest, wackiest and coolest sci/tech stories of 2013 so far]

The agency intends to invite a select group of top competitors s from the qualifying event to the Cyber Grand Challenge final event, slated for early to mid-2016. In that competition, each team's system would automatically identify software flaws, scanning the network to identify affected hosts. Teams would score based on how capably their systems could protect hosts, scan the network for vulnerabilities and maintain the correct function of software.

To encourage widespread participation and teaming, DARPA plans to host teaming forums on the CGC website at www.darpa.mil/cybergrandchallenge.

For specific rules go here.

DARPA has been sponsoring Grand Challenge competitions for years. The idea typically is to get the nation's best and brightest in a particular area to focus on revolutionary research. In the past the agency has developed autonomous cars and space technology in this fashion.  NASA and other agencies have mimicked DARPA's success in running these events.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

FBI busts man for pointing laser at Jet Blue, United Airlines jets

IBM rolls "Internet of Things" starter kit

IBM offers 2-factor authentication package for securing Android mobile transactions

Dexter malware kills again

Gartner on smart machines: "Futurist fantasy" or future job menace?

Online "revenge porn" gets a smack-down. More on the way?

DARPA adds $15.5 million to help take semiconductors beyond Moore's Law

FTC for first time spanks illegal text messenger with $1M fine

Air Force wants technology that will let drones sense and avoid other aircraft

How do you define a cybersecurity "professional'?

FBI warns "Beta Bot" malware can kill your anti-virus programs, steal data

Energy Department spends $30M to bolster utility cybersecurity tools

Orbital Science just made private space arena way more interesting

DARPA hunts airplane-like spacecraft that can go Mach 10

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.