Scroll Top

DARPA teams go head to head to find the worlds best robo-hacker

WHY THIS MATTERS IN BRIEF

Humans can no longer keep up with the tusnami of cyber threats but the robo-hackers can.

 

Could you invent an autonomous hacking system that could find and fix vulnerabilities in computer systems before criminals could exploit them, and without any human being involved?

 

RELATED
Simple pixel hack cripples state of the art AI medical imaging systems

 

That’s the challenge faced by seven teams competing in Darpa’s Cyber Grand Challenge this August and it was always going to be inevitable that one day human hackers would give way to fully autonomous, AI cyber hackers in the ether and today marks the first step on what might prove to be a slippery slope into oblivion.

 

The teams

Each of the teams has already won $750,000 for qualifying and must now put their hacking systems up against six others in a game of “Capture the flag”. The software must be able to attack the other team’s vulnerabilities as well as find and fix weaknesses in their own software – all while protecting its performance and functionality and the winning team will walk away with $2m.

“Fully automated hacking systems are the final frontier. Humans can find vulnerabilities but can’t analyse millions of programs,” explained Giovanni Vigna, a professor of computer science at University of California Santa Barbara, speaking at the RSA security conference in San Francisco.

 

RELATED
DARPA pushes autonomous Mach 20 drone program underground

 

Vigna is also the founder of hacking team Shellphish, which has built one of the systems, dubbed Mechanical Phish, that will compete in the Cyber Grand Challenge.

“Hacking is usually just a bunch of guys around a table who are very tired just typing on a laptop,” Vigna adds, adding that it’s “not as sexy” as hacking portrayed in movies. “We do this because we either want to attack somebody, hack defensive to find bugs before they are deployed, or because it’s fun.”

Robo-hackers could be incredibly useful for organizations trying to defend their network to quickly identify and patch problems before anyone exploits them to either steal data or disrupt online services – without having a team of highly skilled human “uber-hackers” in house.

 

RELATED
Researchers taught an AI to successfully detect people's moral principles

 

Outside of the Cyber Grand Challenge, other groups are working on hacking machines powered by artificial intelligence.

Konstantinos Karagiannis, chief technology officer of BT Americas, has been building a hacking system that uses neural networks to simulate the way the human brain learns and solves problems.

He described how an artificially intelligent program called MarI/O was able to learn an an entire level of Super Mario World in just 34 tries – with no prior knowledge. The software wasn’t taught anything about how to play the game – it simply had a few simple parameters set. MarI/O just tried different things it “thought” would work and when they did, it “learned”.

“Using this approach a security scanner could identify intricate flaws using creative approaches you would have never thought of,” explained Karagiannis. “And it can be written with very modest hardware. A $1,000 GPU can outrun a supercomputer that used to fill a building 10 years ago.”

Karagiannis hopes to demonstrate a proof-of-concept by the summer of 2016.

 

RELATED
Watch the F/A-18 release swarms of autonomous drones into the sky

 

While robo-hackers could provide security professionals with a valuable weapon in their armoury, the risk is that they could fall into the wrong hands. Karagiannis told us that he wouldn’t be surprised if criminal hackers had appropriated these techniques “within a year”.

Alex Rice, co-founder of security company HackerOne, agrees.

“Anything that can be used to defensively find vulnerabilities can be used by criminals – they all end up becoming a double-edged sword,” he said.

Despite this, Rice thinks the rise of automation in security is a good thing.

“Everybody is struggling to keep up. There’s not a single organization that hasn’t had a compromise that was life-threatening, so clearly everything we’re doing is failing.”

The best solution is to combine the skills of humans with machines. “Humans are much better at what we haven’t figured out yet,” he said.

“Until we have fully sentient machines, they still have to be instructed by humans.”

Related Posts

Comments (4)

[…] democracy are trustworthy, so in an age where cyber attacks are just getting started, and where artificial intelligence powered “Robo-hacking” will inevitably become more prevalent, this is an important step. How it’s governed though is […]

[…] Pentagon, in conjunction with the US Defense Advanced Research Projects Agency (DARPA), staged a Cyber Grand Challenge (CGC) contest in Las Vegas in an attempt to spur research into the idea of using artificial […]

[…] vendors are turning to artificial intelligence (AI), such as the Robo-Hackers that took part in DARPA Capture the Flag Challenge, to automate as much of the process as possible – from identification to […]

[…] and then measure how well it achieves it – whether it’s, for example, learning how to automate cybersecurity or law, code, create, and design new AI’s, recognise images and sounds, run companies and […]

Leave a comment

EXPLORE MORE!

1000's of articles about the exponential future, 1000's of pages of insights, 1000's of videos, and 100's of exponential technologies: Get The Email from 311, your no-nonsense briefing on all the biggest stories in exponential technology and science.

You have Successfully Subscribed!

Pin It on Pinterest

Share This