The need for automated, scalable, machine-speed vulnerability detection and patching is large and growing fast as more and more systems—from household appliances to major military platforms—get connected to and become dependent upon the internet. Today, the process of finding and countering bugs, hacks, and other cyber infection vectors is still effectively artisanal. Professional bug hunters, security coders, and other security pros work tremendous hours, searching millions of lines of code to find and fix vulnerabilities that could be taken advantage of by users with ulterior motives.
To help overcome these challenges, DARPA launched the Cyber Grand Challenge, a competition to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, these technologies may someday overturn today’s attacker-dominated status quo. Realizing this vision requires breakthrough approaches in a variety of disciplines, including applied computer security, program analysis, and data visualization. Anticipated future benefits include:
DARPA hosted the Cyber Grand Challenge Final Event—the world’s first all-machine cyber hacking tournament—on August 4, 2016 in Las Vegas. Starting with over 100 teams consisting of some of the top security researchers and hackers in the world, DARPA pit seven teams against each other during the final event. During the competition, each team’s Cyber Reasoning System (CRS) automatically identified software flaws, and scanned a purpose-built, air-gapped network to identify affected hosts. For nearly twelve hours, teams were scored based on how capably their systems protected hosts, scanned the network for vulnerabilities, and maintained the correct function of software. Prizes of $2 million, $1 million, and $750 thousand were awarded to the top three finishers.
CGC was the first head-to-head competition between some of the most sophisticated automated bug-hunting systems ever developed. These machines played the classic cybersecurity exercise of Capture the Flag in a specially created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software. The machines were e challenged to find and patch within seconds—not the usual months—flawed code that was vulnerable to being hacked, and find their opponents’ weaknesses before they could defend against them.
CGC Website: http://www.cybergrandchallenge.com
DARPAtv’s CGC page: https://www.youtube.com/playlist?list=PL6wMum5UsYvZx2x9QGhDY8j3FcQUH7uY0
CGC Highlights: https://www.youtube.com/watch?v=v5ghK6yUJv4
Full CGC Program: https://www.youtube.com/watch?v=n0kn4mDXY6I
Analysis of CGC Play: https://youtu.be/SYYZjTx92KU
Press Release: http://www.darpa.mil/news-events/2016-08-05a
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue