Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a DARPA-sponsored Cyber Grand Challenge competition that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers.
A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
In addition to the cash, the All Secure team gets to enter Mayhem in the DEF CON Capture the Flag competition for human teams, although it is not expected to do well. While computers can outpace humans in performing mundane tasks, people are still thought to have the edge in strategy and intuition.
The DARPA event was sportscast live by a team of hacking experts who provided commentary over the 96 rounds of competition as they reviewed what actions the teams had taken against each other and what bugs they had discovered during each round.
How the Machines Discovered Bugs
The competition was remarkable in that each program based on cyber reasoning engines could discover bugs in never-before-seen code supplied by the DARPA organizers. They could then create patches for them on the fly.
All the programs ran on their own, without human intervention. The teams that created them sat by in a cordoned off area, basically spectators observing their bots doing battle.
Artificial intelligence, which learns as it goes along, was not in play here. Rather the competing programs were applying preset policies about how to analyze and respond to characteristics of the code they found.
In second place, winning $1M, was Xandra from GrammaTech in Ithaca, N.Y. and the University of Virginia, and the third place prize of $750,000 went to Mech.Phish from a team from the University of California at Santa Barbara.
The programs could score points three ways.
Security: They had to protect their own servers by finding vulnerabilities and successfully defending them by creating patches.
Availability: At the same time, they had to keep a set of tasks on their servers up and running well.
Evaluation: Finally, they scanned opponents’ servers to find vulnerabilities.
DARPA-sponsored Capture the Flag competition at the Paris in Las Vegas
Surprisingly, Mayhem managed to win the competition despite being entirely disabled through most of the final rounds 30 rounds. That is not uncommon in Capture the Flag competitions where sometimes the best game strategy is to do nothing while others struggle with problems of their own.
Sign up for CIO Asia eNewsletters.