14 DAY TRIAL // At this year's DEF CON security conference scheduled to be held in Las Vegas at the start of August, the Defense Advanced Research Projects Agency (DARPA) will be giving away a total of $4 million to seven teams participating in the Cyber Grand Challenge (CGC).
Started in 2014, the Cyber Grand Challenge is a classic CTF (Capture The Flag) competition, but with a kink.
Instead of pinning two teams of security researchers against each other in an attempt to hack and/or protect a network or device, the CGC will have the seven finalists battle using automated computer programs that are built to hack other systems and to automatically detect and fix weaknesses on their own.
CGC competition started two years ago
The qualification rounds for this event started in 2014, with 28 teams signing up for the challenge. While DARPA funded a few top-notch teams to encourage them to participate in the challenge, most groups that signed up were self-funded.
Three DARPA-funded teams qualified for the final round and four self-funded teams, all from the US.
These seven will be battling for the top $2 million prize on August 4, 2016, at DEF CON in the Paris Las Vegas Hotel's 5,000-person-capacity auditorium.
Teams have only 24 hours to win the game
Unlike classic CTF competitions where teams have 48 hours to break and/or secure around ten software or hardware packages to win the game, the CGC has cut the time in half.
In the CGC qualifying event held in 2015, teams had to work with 131 different applications, and the final is likely to have even more. The qualifying event also resulted in teams fixing all of the 590 flaws introduced in the competition software.
Each team that reached the final will receive $750,000, and the winner will receive $2 million.
Teams had 13 months to prepare for the final, since the last qualifying round, enough time to fine-tune their automated hacking system with new exploits. DARPA's requirements are that this same system must also include mitigation techniques to avoid adversaries from exploiting known attack vectors against its own network.
Winning team will compete against human hackers the next day
DEF CON organizers have invited the winning team to participate in the official DEF CON CTF the following day, marking the first ever CTF match that pits human hackers against AI systems.
"We certainly don’t expect any machine to win against humans at DEF CON this year," said Mike Walker, DARPA program manager. "But at a minimum we’ll learn a lot from seeing how the systems fare against each other, and if we can even provide a clear proof of concept for autonomous cyber defense, that would be revolutionary."
The seven teams that are going to try to impress DARPA and win the competition are as follows.
UPDATE [August 6, 2016]: Team ForAllSecure has won the competition with their hacking bot called Mayhem.
| Team | About | Location | Self-funded |
|---|---|---|---|
| CSDS | A professor and post-doctoral researcher from the University of Idaho | Moscow, Idaho | Yes |
| DeepRed | A team of engineers from the Raytheon Company | Arlington, Va. | Yes |
| disekt | Four people, working out of a technology incubator, who participate in CTF competitions around the world | Athens, Ga. | Yes |
| Shellphish | A group of computer science graduate students at the University of California, Santa Barbara | Santa Barbara, Calif. | Yes |
| CodeJitsu | A team affiliated with the University of California, Berkeley | Berkeley, Calif. | No |
| ForAllSecure | A startup founded by a team of computer security researchers from Carnegie Mellon University | Pittsburgh, Pa. | No |
| TECHx | Software analysis experts from GrammaTech, Inc., a developer of software assurance tools and advanced cybersecurity solutions, and the University of Virginia | Charlottesville, Va. | No |
