‘Mayhem’ wins $2M first prize in DARPA Cyber Grand Challenge

Autonomous programs slug it out in first computer-on-computer Capture the Flag competition

Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a DARPA-sponsored Cyber Grand Challenge competition that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers.

A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.

BLACK HAT: Quick look at hot issues

In addition to the cash, the All Secure team gets to enter Mayhem in the DEF CON Capture the Flag competition for human teams, although it is not expected to do well. While computers can outpace humans in performing mundane tasks, people are still thought to have the edge in strategy and intuition.

The DARPA event was sportscast live by a team of hacking experts who provided commentary over the 96 rounds of competition as they reviewed what actions the teams had taken against each other and what bugs they had discovered during each round.

How the Machines Discovered Bugs

The competition was remarkable in that each program based on cyber reasoning engines could discover bugs in never-before-seen code supplied by the DARPA organizers. They could then create patches for them on the fly.

All the programs ran on their own, without human intervention. The teams that created them sat by in a cordoned off area, basically spectators observing their bots doing battle.

Artificial intelligence, which learns as it goes along, was not in play here. Rather the competing programs were applying preset policies about how to analyze and respond to characteristics of the code they found.

In second place, winning $1M, was Xandra from GrammaTech in Ithaca, N.Y. and the University of Virginia, and the third place prize of $750,000 went to Mech.Phish from a team from the University of California at Santa Barbara.

The programs could score points three ways.

Security: They had to protect their own servers by finding vulnerabilities and successfully defending them by creating patches.

Availability: At the same time, they had to keep a set of tasks on their servers up and running well.

Evaluation: Finally, they scanned opponents’ servers to find vulnerabilities.

darpa cgc wide shot Tim Greene/NetworkWorld

DARPA-sponsored Capture the Flag competition at the Paris in Las Vegas

Surprisingly, Mayhem managed to win the competition despite being entirely disabled through most of the final rounds 30 rounds. That is not uncommon in Capture the Flag competitions where sometimes the best game strategy is to do nothing while others struggle with problems of their own.

During the competition, an entrant dubbed Rubeus (created by a team from Raytheon) was slowed down after issuing a patch to a flaw found by a competitor. The patch apparently sucked up so much CPU that it affected the performance of other services being run on the server.

Later, Rubeus’s logic apparently decided that it was better to remove the patch and remain vulnerable than to do poorly in its availability score.

Organizers spared no expense, with a dozen or so large-screen displays showing the coverage supplied by experts at an anchor desk and a reporter in the pit talking to the teams behind the programs that were competing.

The supercomputers were lit with colored light on a stage at one end of the room. They were isolated from the outside world except for power cables and supercooled water to keep them from overheating.

In order for officials to monitor what they were up to, their activity was recorded to disks that were lifted out by a mechanical robot to be placed in separate computers for reading – creating an air gap from the outside world.

Other competitors were Team CSDS, with just two members from the University of Idaho and a platform named Jima; CRSPY from a team in Athens, Ga.; and Galactica from a group based in Berkeley, Calif., Syracuse, N.Y., and Lausanne, Switzerland.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?