The seven will take part i nDARPA’s Cyber Grand Challenge finals and try to defend themselves and point out flaws without any human control. The object is to show that machines can beat even the best human hackers.
Mike Walker, programme manager for the CGC siad that it was proof that eventually the entire security life cycle could be automated.
On average, flaws in software go unnoticed for around 312 days — which hackers can often exploit. And then once those flaws are noticed by a human, they need to be understood, patched, and then released out to the broader community.
The CGC hopes this problem could be fixed within minutes, or even seconds, automatically.
Seven teams of finalists were given a DARPA-constructed computer. Their task was program it to be able to recognize and understand previously-undisclosed software, find its flaws, and fix it. And once the challenge starts, they won’t be able to jump on a keyboard and do anything more.
“The machines have to comprehend the language of the software, author the logic for that software, write their own network clients, And arrive at the path of the new vulnerabilities entirely on their own.”
While they are scanning their own systems for problems, the machines can also scan the other teams’ systems for issues, but they can’t actually hack them.
Walked likened it to calling your shot in a game of pool, without actually hitting the ball.
Instead, they will send a message of sorts to the DARPA referee, who will then go ahead and see if that exploit is correct, or if what was pointed out could crash the other machine.
The first place team will take home $2 million so it is worth a crack.