U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Robocop is (almost) here : Artificial Intelligence in your Security Team

DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits. The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting […]

Robocop is (almost) here : Artificial Intelligence in your Security Team

DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.

The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting of chimpanzee testicles to human scrotum (Talk about unleashing the beast).

But the Olympics have been a frontier for individuals flexing their physical muscles and achieving greatness. Well, it’s time for it to move over to the Cyber Grand Challenge (CGC) is here.  Individuals wanting to showcase their brain muscles in a competition could change how we defend against cyber attacks.

The challenge organized by the Defense Advanced Research Projects Agency (DARPA) of the United States where the seven finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits.
Artificial Intelligence CGC EventFirstAutomatedNetDefense-600

In a press statement they stated their desire to automate the entire computer cycle to respond to flaws. At an average, a hacker has approximately 312 days to exploit a zero-day vulnerability before it gets patched by human experts. This could potentially change the face of vulnerability detection in a huge way.

“Today’s approach to cybersecurity depends on computer security experts: experts identify new flaws and threats and remediate them by hand. This process can take over a year from first detection to the deployment of a solution, by which time critical systems may have already been breached. This slow reaction cycle has created a permanent offensive advantage.” states the DARPA

“The Cyber Grand Challenge (CGC) seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance. If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.”

In an article on LinkedIn Robocop on your Security Team, a basic discussion on how Machine Learning could help embed human-like intuition  to aid in Cyber Defence is tells how today’s cyber security defence relies on manual scanning and finding out vulnerable processes . This is a tedious affair and is reliant on the security teams snap judgement based on incomplete data. The coming of AI could aid in this task better.

The seven finalist teams hope to stand apart and raise the bar for AI in security. The cash prizes for the top three would be a walloping U.S. $2 million prize for first place, $1 million for second place, and $750,000 for third place. DEF CON, the worlds largest hacker conference held in Las Vegas yearly, has had many Capture The Flag (CTF) games, but the CGC could be the hardest version of a CTF challenge in its history.

The participant hackers would be competing against  the AI to attack and defend against attacks. The participants would be scanning the network and servers for vulnerabilities and report to the referee. The vulnerability and an estimate of when a software crash might happen would be reported and relevant points would get allocated. Competing with the AI would bring major insights into Cyber Defence automation.

Speculating the future capabilities of such AI would benefit both commercial and military use. The downside of this would be the misuse of such AI to cause massive cyber attacks. Thus an Open Source version of a defence AI would then be available for users , much of what Elon Musk had recently spoken about at Code 2016. His OpenAI venture is to give users an equal opportunity to have an AI of their own and not be at the whims of commercial AI.

AI for Cyber Security is still in its infancy and has to overcome many challenges . In recent reports which stated how automation in the industry was eating up jobs, the existence of an automated flaw finder does cause worry. Thankfully, it seems that it might not replace human experts anytime  soon but would be a valued member on your team.

The CGC might not get a similar viewership like the Rio Olympics, but it could set new records in finding flaws and show a digital spirit of sportsmanship and ballsy approach to security minus the chimp testicles.

Let the Games Begin !!

About the Author: Joshua Bahirvani

Joshua Bahirvani 2Cyber Security Enthusiast and believer of Privacy in this Digital Age.

LinkedIn : https://in.linkedin.com/in/jbahirvani15

Peerlyst: https://www.peerlyst.com/users/joshua-bahirvani

Twitter : @B15joshua

Medium : @jbahirvani15

 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Artificial Intelligence, threat intelligence)