Cyber Grand Challenge Won By “Mayhem” Program
Alexander Neil / 5 years ago
For some time now the US Darpa research agency has been staging a competition to develop software that is capable of automatically defending against cyber-attacks, in the hopes that it could generate interest in the development of autonomous security systems. Now, a provisional winner of the competition has been announced at this year’s DEF CON hacker conference as being “Mayhem”, which, should the result be upheld, will win its developers $2 million in order to continue development of the software.
The event itself, which was held live at DEF CON may well be the world’s first all-computer hacking tournament and the culmination of years of preliminary events that whittled the number of competitors down to just 7. The contest took the form of a “Capture the Flag” style hacking competition, where teams analyse and patch their own code to fend off attackers while exploiting the bugs they find to hamper their opponents.
By its conclusion, the event had run for a total of 8 hours and was fought across 95 separate rounds, with the last few hours of the battle being watched by humans at the conference. Mayhem made a strong start, pulling out a lead early on in the competition, but was hampered by a crash in a later round which caused it to score no points in a number of rounds although it was able to hold onto its lead until the end.
Some of the rounds of the competition made use of well-known software bugs that caused trouble when they originally appeared in the wild such as Heartbleed and SQL Slammer. These rounds were included in order to analyze whether the autonomous software would do a better job of patching the issues than humans did when they were current threats.
With Mayhem securing the $2m first prize, Alex Rebert, leader of team Forallsecure which created the software, said that the cash would go towards further development of the program and would ensure that the firm behind it keeps going as it grows. Second prize of $1 went to a program named Xandra, created by security experts from the University of Virginia and European firm GrammaTech with the third prize of $750,000 going to the Mech Phish team from the University of California. The winning software even gets the honour of participating in the real DEF CON CTF hacking competition which will see it placed up against some of the best human players of the hacking game.