DARPA Cyber Grand Challenge Ends With Mayhem
DARPA's Cyber Grand Challenge pitted machine against machine in an effort to find the best in autonomous computer security. In the end, Mayhem was the big winner.LAS VEGAS—After three years of planning and lead-up contests, the finals of the Defense Advanced Research Projects Agency's Cyber Grand Challenge (CGC) to show the best in autonomous computer security concluded with a win by the Mayhem system from the ForAllSecure team, which won the $2 million grand prize. The Xandra system finished in second place, winning $1 million, while the Mechaphish system placed third, claiming $750,000. The three systems finished at the top of a field of seven systems that battled for 8 hours in front of an audience at the DefCon security conference here Aug. 4. There was live play-by-play and color commentary of the last hours of the contest from a broadcast booth. DARPA first announced the CGC effort in 2013 as a way to help spur innovation in autonomous computer security systems. In a press conference following the event, Mike Walker, the DARPA program manager responsible for CGC, said that approximately $55 million was invested in the effort over the three years of the program's development. The contest had 96 rounds, with each round throwing a different challenge at the autonomous systems, Walker said. Over that time, the systems generated a total of 421 replacement binaries. The binaries were new native code authorized synthetically by the systems to be more secure than the original versions they were given. Walker said that in modern software, unknown vulnerabilities can potentially represent a universal lock pick for intruders.
"Tonight we showed that machines can exist that can detect those lock picks in use and respond immediately," he said. "We have redefined what is possible in the course of hours with autonomous systems that we challenged the world to build."