'Mayhem' System Wins DARPA's Cyber Grand Challenge - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
12:05 PM
Connect Directly

'Mayhem' System Wins DARPA's Cyber Grand Challenge

An automated system called "Mayhem" took home the top prize in the Cyber Grand Challenge, sponsored by DARPA.

7 Cool Data Center Innovations
7 Cool Data Center Innovations
(Click image for larger view and slideshow.)

DARPA has named the presumptive winner of its Cyber Grand Challenge (CGC), which wrapped up Aug. 4 at the Paris Las Vegas Conference Center.

A system called "Mayhem" was declared the likely winner of the world's first all-hacking competition, which is culminating a three-year push by DARPA to drive innovation in cyber-security.

Mayhem was built by a team named ForAllSecure, which is made up of researchers based in Pittsburgh. The company focuses on building software security tools for developers, end-users, and the enterprise, as well as creating hacking programs to educate IT professionals.

[Read: US Internet Speeds Improve, Still Lag Behind Other Countries.]

The CGC is a hacking competition created with the goal of building automatic defensive systems to detect and evaluate flaws, build patches, and deploy them on a network in real-time.

The idea is that these technologies will eventually be able to address software vulnerabilities before hackers can exploit them.

As more and more systems are connected to the internet, there is an increasingly higher demand for systems with automated and scalable vulnerability detection. Today's strategies for finding and addressing bugs are still mostly done by hand, with security experts combing lines of code to find openings for attack.

(Image: TzahiV/iStockphoto)

(Image: TzahiV/iStockphoto)

ForAllSecure was one of seven teams competing in front of 5,000 cyber-security professionals for nearly $4 million in prizes. All seven groups consisted of experts including private-sector systems experts, white-hat hackers, and academics.

CGC marked the first time the developers behind some of the world's most advanced bug-hunting systems battled in competition. Participants competed for 10 hours by playing Capture the Flag, a cyber-security exercise involving a computer packed with bugs hidden inside custom-built software.

The competing machines had to find and fix flawed code within seconds, and detect their opponents' vulnerabilities before defending systems could. Attendees watched the battle unfold on giant monitors, while remote viewers could live-stream the event.

The first-place winners will receive $2 million in cash; second- and third-place winners will take home $1 million and $750,000, respectively, as reported in a release on the news.

The presumptive second-place winner is Xandra, a system created by tech TECHx from Ithaca, N.Y., and Charlottesville, Va.

Mechanical Phish, a system by team Shellphish from Santa Barbara, Calif., was declared the presumptive third-place winner.

(Image: DARPA)

(Image: DARPA)

DARPA notes how these creations, which it calls "the first generation of automated network defense systems," cannot yet meaningfully defend production networks or compete with expert analysts.

This is why it created the CGC: to give new entrants the change to compete in "a league of their own."

"This may be the end of DARPA's Cyber Grand Challenge but it's just the beginning of a revolution in software security," Mike Walker, DARPA program manager, wrote in a statement.

"In the same way that the Wright brothers' first flight -- although it didn't go very far -- launched a chain of events that quickly made the world a much smaller place, we now have seen for the first time autonomy involving the kind of reasoning that's required for cyber defense," Walker added. "This is a huge advance compared to where the cyber defense world was yesterday."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll