|
by Guo Shuang and Huang Heng
LAS VEGAS, the United States, Aug. 4 (Xinhua) -- In front of about 5,000 computer security experts and other viewers, seven high-performance computing machines with blinking LEDs were set up Thursday in a local casino ballroom.
The seven machines developed by ethical computer hackers, academics or private-sector computer security experts were engaged in the final event of the U.S. Defense Advanced Research Projects Agency (DARPA)'s Cyber Grand Challenge (CGC), the world's first all-machine hacking tournament.
During the all-day competition in conjunction with DEF CON, one of the world's largest annual hacking conferences, programmers of the final teams stepped back to watch their machines autonomously vie for prizes of nearly 4 million U.S. dollars. The team with the best autonomous security system will win 2 million dollars.
The machines were competing to identify, diagnose and fix software flaws. Three tasks must be fulfilled: protect themselves from incoming attacks, ensure the software functions properly, and scan the network for vulnerabilities.
The last three hours of the event were accompanied by large-screen visualizations of the competing computers' actions.
At about 07:40 p.m. local time (0240 GMT Friday), the crowd cheered as the computer system, dubbed Mayhem, was declared the presumptive winner. Final verification will be officially announced Friday morning after DARPA, an agency of the U.S. Department of Defense responsible for developing new technologies for the military, has analyzed data logs from the competition.
Mayhem was designed by a Pittsburgh-based team known as ForAllSecure. "We look at this as the first step," said David Brumley, the team leader and a professor at Carnegie Mellon University.
The winning CGC system will be invited to compete against the world's best human hackers in DEF CON's annual "Capture the Flag" (CTF) competition on Friday.
The engagement of autonomous systems in such a tournament aims to revolutionize software vulnerability detection and patching, according to DARPA.
The process of finding and countering bugs, hacks and other cyber infection vectors is still effectively artisanal. With the growth of the Internet of Things (IoT), cyber security needs to evolve to a largely automated, scalable process, it added.
"We are at the beginning of a new era and I am pretty excited," Jeff Moss, founder of the DEF CON and a member of the U.S. Homeland Security Advisory Council, told Xinhua.
"I am glad the U.S. government did this and the information is going to help all the companies and everybody in the world," he said.
"I'm enormously gratified that we achieved CGC'S primary goal, which was to provide clear proof of principle that machine-speed, scalable cyber defense is indeed possible," said Mike Walker, the DARPA program manager who launched the challenge in 2013.
This is the "first-ever inclusion of a mechanical contestant in that event, and could presage the day when ... a computer proves to be the grand master of cyber defense," the research wing of the U.S. military said in a statement.
The first DARPA Grand Challenge was a driverless car competition held in 2004. While it was initially a failure with none of the robot vehicles finishing the route, the competition inspired many other companies including Google to build autonomous cars.
"Challenges work not because of the many who can imagine, but because of the few who dare," Walker said.
