The Defense Advanced Research Projects Agency named seven finalists in a competition to create a defensive software with the teeth to combat increasingly sophisticated malware threats.
The Cyber Grand Challenge finalists emerged from more than 100 teams that hailed from the private sector, universities and tech incubators. Mike Walker, DARPA program manager, expressed his satisfaction with the winning teams, which will each receive $750,000 to prepare for the challenge championship in Las Vegas next year.
“After two years of asking, ‘What if?’ and challenging teams around the world with a very difficult series of preliminary events, we’ve shown that there is a place for computers in an adversarial contest of the mind that until now has belonged solely to human experts,” he said in a release.
To advance to the final stage, teams competed in a series of capture-the-flag exercises, a standard type of information security obstacle course where experts analyze flawed and insecure software over a set time period. The Cyber Grand Challenge’s capture the flag was the first to be performed solely by machines. The teams’ programs worked over 24 hours to analyze and secure 131 pieces of software. It typically takes a team of humans 48 hours to work through only 10 comparable pieces.
The programs were able to repair all 590 flaws built into the software. Walker is optimistic about the projects moving forward.
“The results bode well for an exciting competition next year and confirm the value of using a grand challenge format,” Walker said in a statement. “With no clear best approach going in, we can explore multiple approaches and improve the chances of producing groundbreaking improvements in cybersecurity technology.”
Raytheon developer Tim Bryant discussed the advantage that autonomous defense programs could offer over human analysis.
“To beat human hackers, we’ll need develop algorithms and encode our machine with the knowledge and skills of the most elite hackers,” he said in the release. “It will need the wits of a human and the ability to sift through data in an intelligent fashion. The greatest advantage the computer has is its faster, and can work 24/7. It never sleeps.”
At the championships, the teams will compete for more than $4 million. More important, however, is the potential to spark a technological revolution, Walker said.
“We want an automation revolution in computer security so machines can discover, confirm and fix software flaws within seconds, instead of waiting up to a year under the current human-centric system,” Walker said in the release. “These capabilities are essential for protecting data and processes as more and more devices, including vehicles and homes, get networked in the Internet of things.”