The 21st century has brought with it the ever more urgent need for automated, scalable, machine-speed vulnerability detection and patching as more and more systems—from household appliances to major military platforms—get connected to, and become dependent upon, the internet. Finding and countering bugs, hacks, and other cyber infection threats have effectively been artisanal: professional bug hunters, security coders, and other security pros work endless hours, searching millions of lines of code to find and fix vulnerabilities that those with ulterior motives can exploit. This is a sluggish process that can no longer can keep pace with the relentless stream of threats.
To help overcome these challenges, DARPA in 2014 launched the Cyber Grand Challenge, a competition to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, these technologies could someday overturn today’s attacker-dominated status quo. Realizing this vision requires breakthrough approaches in a variety of disciplines, including applied computer security, program analysis, and data visualization.
On August 4, 2016, seven finalists of the initial pool of over 100 contending teams gathered in Las Vegas for the first head-to-head competition between some of the most sophisticated automated cyber-threat-hunting systems ever developed. For more than eight hours, these machines played the classic cybersecurity exercise of Capture the Flag in a DARPA-created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software. Teams were scored based on how capably their systems protected hosts, scanned the network for vulnerabilities, and maintained the correct function of software. The top three finishers—1) Mayhem, developed by team ForAllSecure of Pittsburgh. 2) Xandra, a cyber reasoning system developed by TECHx of Ithaca, N.Y., and Charlottesville, Va.; and 3) Mechanical Phish, developed by Shellphish of Santa Barbara, Calif—took home prizes of $2 million, $1 million, and $750 thousand, respectively. More importantly, they also serve as technical seeds that can grow into future solutions to the here-to-stay cyber threat space.
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue