This article was compiled from MIT Technology Review
Original link
Shaken, hackers. The Pentagon’s research department DARPA (Defense Advanced Research Projects Agency, US Department of Defense Advanced Research Projects Agency) feels that humans are weak, slow to respond, and slower to fix bugs. They plan to use supercomputers instead of humans to perform security protection and network intrusion missions.
DARPA announced details of the project today. The annual DEF CON hacking conference will be held in Las Vegas next month. At that time, DARPA will put the system into test. At the conference, there are seven teams from academia and industry. They will fight with DARPA supercomputers to defend against each other. Each team's system will run a set of DARPA pre-prepared software. Entrants ran through software bugs and competitors while defending their software wins.
Mike Walker, director of DARPA program, is also the leader of the Cyber ​​Grand Challenge ( Network Challenge) project, claiming that this project will effectively improve the world's cyber security situation.
At the press conference on Wednesday, he said, "The defense of Internet security and the repair of vulnerabilities have so far been entirely manual." "We want to build a system that fully automates these and can Decide when to release the new version."
"Usually, when a hacker discovers a vulnerabilities, he can often use the vulnerabilities for more than one year because the discovery of the vulnerabilities is very slow. We hope that the interval between vulnerabilities can be fixed in minutes or even seconds. Give us this possibility."
The seven teams were selected from the hacking conference last summer. Each team received $750,000 in financial support and a high-performance computer with 1000 cores and 16 Tb of memory.
In the final assessment of the next month, the team only needs to sit down and watch their computers and competitors' computers to move. There is no human intervention during the entire process. The winning team will receive 2 million bonuses and be invited to accept the challenge of human hackers.
Walker does not expect this automated hacker to achieve good performance in the early stages of development, but as long as the system plays a supporting role for security professionals, the Ministry of Defense’s goal is achieved.
He also reminded that the technology used in the challenge is likely to be ostracized. Although it is not certain how much practical the game-specific software can have in practical terms, DARPA encourages teams to extend the scope of the program as much as possible, Walker said. It is worth noting that the software source code for all teams will be put online for everyone to use.
"If this technology is popular in the private sector, we don't think it will be abused by hackers with ulterior motives because the vulnerability was fixed before it was discovered."