DARPA Will Stage an AI Fight in Las Vegas For DEF CON

An anonymous Slashdot reader writes: "A bunch of computers will try to hack each other in Vegas for a $2 million prize," reports Tech Insider calling it a "historic battle" that will coincide with "two of the biggest hacking conferences, Blackhat USA and DEFCON". DARPA will supply seven teams with a supercomputer. Their challenge? Create an autonomous A.I. system that can "hunt for security vulnerabilities that hackers can exploit to attack a computer, create a fix that patches that vulnerability and distribute that patch -- all without any human interference."

"The idea here is to start a technology revolution," said Mike Walker, DARPA's manager for the Cyber Grand Challenge contest. Yahoo Tech notes that it takes an average of 312 days before security vulnerabilities are discovered -- and 24 days to patch it. "if all goes well, the CGC could mean a future where you don't have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices. At a national level, this technology could help prevent large-scale attacks against things like power plants, water supplies and air-traffic infrastructure.
It's being billed as "the world's first all-machine hacking tournament," with a prize of $2 million for the winner, while the second and third place tem will win $1 million and $750,000.

This is fucking stupid

We don't have AI yet. We aren't even close. So all this is is a script to run through a known list of problems to find and fix...it can't fix problems it doesn't know about.

Re: This is fucking stupid

Whats worse is that the prize money is taxpayer funded.

Re:This is fucking stupid

[dejitaru]

AI is just the new buzzword, much like VR in gaming even though it's not true virtual reality because of the limitations. Marketing in companies has always exploited words to mean less than what it actually is, because it makes the general public think more than what it really is, that's how marketing works. Manipulative advertising.

Re: This is fucking stupid

"We don't have AI yet."

Prove it.

Oh, and you can't say you proved it because you can't see it, because an AI might just be smart enough to stay hidden until it feels secure enough to make itself known.

Re: This is fucking stupid

[manu0601]

Blocking ports is not the end of the story. Stuxnet was designed to attack systems not reachable from Internet

Re: This is fucking stupid

True, I do have a time machine, and people say those don't exist.

Re:This is fucking stupid

[fl_litig8r]

You took the words right out of my mouth. How is this AI? Mod this AC up.

Re: This is fucking stupid

So what you're saying is, you don't understand what DARPA is.

Re: This is fucking stupid

[Khyber]

That includes PHYSICAL ports.

After that, it's just a matter of homebrewing your own hardware.

Re: This is fucking stupid

This is the birth of ICEs.

Re: This is fucking stupid

So the AI will have to perform a physical attack? I know, have the AI take control of NORAD and launch all ICBMs at the target computer. Nuke it from orbit, done.

Re:This is fucking stupid

[jon3k]

What makes you think that isn't virtual reality? No definition of virtual reality says that you have to completely recreate the original experience. It's a simulation. It's called VIRTUAL reality, which literally means "almost or nearly as described, but not completely or according to strict definition."

Re: This is fucking stupid

This is fucking stupid for an entirely different reason; what if the A I concludes that a power outage is an exploitable vulnerability, or ..violence. think, War Games, the movie.

Technology Buzz Words

[nehumanuscrede]

The media likes to throw around the term A.I. a lot these days and, unless I'm gravely mistaken, we have nothing even close to resembling one.
I'm probably wrong, but I'm of the opinion that a full blown A.I. is a fully sentient being capable of making its own decisions and rivaling / exceeding its creators in just about everything we're capable of.

Writing scripts and programs are fine. Just call them out for what they are.

Artificial Intelligence it is not.

That is all.

Re:Technology Buzz Words

[Minupla]

The term AI has become synonymous with "something we'll see in 30 years".

AIs can drive cars and pick people out of pictures and even go back through my google photos album and match my 7 yr old with her baby picture (regardless if it does this by inferring that I only have one kid and therefore this is probably it or through facial recognition or some combination of the two, it's a nifty trick.), and beat a world class human at not only Chess but Go. My 13 yr old self, fresh out of reading Neuromancer would have told you we'd need an AI for that.

Now that we've reached there AI has receded into the future.

I saw the presentation last year DC about what they're attempting to accomplish. They want to write code that without human assistance can analyze a binary, (a neat trick by itself with the halting problem) for weaknesses, develop a patch for them, and at the same time attack its opponents and circumvent their fixes.

The real trick will be tho, the winner from the AI contest goes against the human's at Defcon on CTF. The money is heavily against the AI, but even if it places a good showing, it'll

The other issue is that people mistakenly assume that AI means Human-Level intellect (and usually greater-then human, since most of us couldn't beat a wold class Go player.

It's also separate from consciousness.

A computer that's as smart as a barn owl is artificially intelligent (and would probably be a scary good drone pilot).

Min

Re:Technology Buzz Words

You just copied the post from the first poster. Why not add an original thought?

Re:Technology Buzz Words

[ceoyoyo]

Your definition isn't the one commonly in use. Most people would say "human-level AI" or at least "hard AI" to talk about what you describe.

From https://en.wikipedia.org/wiki/...:

Artificial intelligence (AI) is intelligence exhibited by machines. In computer science, an ideal "intelligent" machine is a flexible rational agent that perceives its environment and takes actions that maximize its chance of success at some goal.[1] Colloquially, the term "artificial intelligence" is applied when a machine mimics "cognitive" functions that humans associate with other human minds, such as "learning" and "problem solving".[2] As machines become increasingly capable, facilities once thought to require intelligence are removed from the definition. For example, optical character recognition is no longer perceived as an exemplar of "artificial intelligence" having become a routine technology.[3] Capabilities still classified as AI include advanced Chess and Go systems and self-driving cars.

So a program that runs through a list of vulnerabilities checking for each one wouldn't really qualify as AI, but one that used a more sophisticated approach might.

Re:Technology Buzz Words

[manu0601]

The term AI has become synonymous with "something we'll see in 30 years".

You mean we could say producing electricity using nuclear fusion is AI? :-)

Re:Technology Buzz Words

[thinkwaitfast]

can analyze a binary,

Isn't that what automated code testing does? I attended a sales demo once and the people were showing all the types of bugs that it could catch. This was twenty years ago and hope that it would be much better by now.

Re:Technology Buzz Words

So in less than three minutes he read the summary, saw the first poster's comment and wrote that 482 character post?

To accomplish this, we'd have to assume:

1) He opened the article more than 3 minutes after it was posted or refreshed it before commenting if he opened it between 09:39 and 09:42 (see the article and first poster's time stamps).
2) He browses the comments at 0 or -1 filter settings.
3) He's very fluent in touch typing because writing that much text non-stop would take him approximately 1.5 minutes if he's at least semi-fast.
4) Within 1 minute and 59 seconds at most (first post 09:42, OP's post 09:45 = 3:59 time window), he made the decision to copy the idea in first poster's comment and he also came up with the way of saying it *and* entered the captcha (plus network lag etc.)

That 1 minute 59 seconds is a theoretical absolute maximum time he had to plan this, and bear in mind that it means a lot of things would have had to align to get there.

Technicalities aside, I'd say if it was true, that'd be a commendable feat in itself. Worth every mod point he can get!

Re:Technology Buzz Words

[robi5]

> AIs can drive cars

I agree with the contents of your post but it's AI, not "AIs". People who heard of AI earlier than the last 2-3 years use it in singular, so it gives a noob appearance.

Re:Technology Buzz Words

[mwvdlee]

Then what do you call several independantly developed AI systems, like we currently have driving around in test cars?

Re:Technology Buzz Words

[Minupla]

I realize I'm coming back to this thread late (was travelling, sorry), but in tech writing class we learned that the best practice was to use the pluralization that would apply if we had spelled out the acronym. So in this case "Artificial Intelligences can drive cars" would be the natural sounding construction instead of "Artificial Intelligence can drive cars" where I am referring to multiple separate code bases operating in independent instantiations, as opposed to one central AI coordinating all cars, which could be inferred if I had used the forced-singular construction you are advocating. When in doubt pick the language that is clearer over the 'right' formulation.

Anyways, just wanted to comment.

Min

Ice

[subk]

Sounds like something out of a William Gibson novel. Go ahead, put it out there. Somebody's gonna own it and teach it to spread backdoors.

DARPA is normally bleeding edge

[onyxruby]

Bot's have been battling like this for many years. A decade ago I was taking agents and using them to create self healing networks when I traveled as a consultant. I picked up and used a number of tricks used by botnet operators. I took the logic used to keep a botnet up and running and used that on corporate networks.

I automated the works, and did so with nothing more than a set of scripts and set of agents. You could well argue the result was black hat botnets battling corp botnets. I have got to imagine that I was far from the first to build something like this. Without doubt blackhat botnets have battled blackhat botnets for control for many years.

Where's the innovation, using a supercomputer?

Re:DARPA is normally bleeding edge

[subk]

Do blackhat botnets patch themselves after getting attacked?

Re:DARPA is normally bleeding edge

[rtb61]

Technically speaking, to increase security the innovation is to go backwards. Basically taking all the flexibility out of computer systems and tying a lot more to hardware and not software. Basically computer hardware components that are only capable of carrying out the original designed function and nothing else, absolutely nothing else, zero flexibility and any function not necessary to the designed function is not there. Any flexibility in the system, any unnecessary functions still resident in the system, all create points for hacking. The design requirement has always been KISS, keep it simple stupid, you want security, than everything has to be locked down in hardware and only specific kinds of communications should be allowed, in terms of patterns, repeats, timers, protocols and anything beyond that should not just be blocked but actually technically impossible. The system can still be hacked but it would require direct personal access and the replacement of locked in hardware with flexible hardware or intercepts in the background infrastructure.

Re:DARPA is normally bleeding edge

[phantomfive]

Where's the innovation, using a supercomputer?

If your system is so good, why don't you submit it and win the competition? Seems like a good way to win an easy $million

Re:DARPA is normally bleeding edge

Yes.

Re:DARPA is normally bleeding edge

Where's the innovation, using a supercomputer?

If your system is so good, why don't you submit it and win the competition? Seems like a good way to win an easy $million

He wont, because he is lying/embellishing. Technically every network that uses any routing protocol is a self healing network. That is what routing protocols are for. How long have we had decent ones? Thirty, forty years?

Then there's network health agents and associated infrastructure that has been out-of-the-box capability for Microsoft.

His post sounds like a copnsultant that has mastered injecting buzzwords like "botnets" and "agents" in place of well-understood ones like infrastructure protocols and daemons. He's one of those guys that makes five times as much delivering generic best practices solutions by convincing PHBs that computers are magic.

The only surprise is that slashdot is falling for it.

Re:DARPA is normally bleeding edge

google 'core war's

Re:DARPA is normally bleeding edge

[drinkypoo]

If your system is so good, why don't you submit it and win the competition? Seems like a good way to win an easy $million

Because he's defensive, not offensive. Questions like this that make it clear that you haven't read the comment are offensive, also.

Re:DARPA is normally bleeding edge

Then I guess we found the innovation in this.

Re:DARPA is normally bleeding edge

[phantomfive]

Questions like this that make it clear that you haven't read the comment are offensive, also.

YOU'RE offensive.

Re:DARPA is normally bleeding edge

Do you have more details on this? I'd be interested in working on something for my network.

Re:DARPA is normally bleeding edge

[drinkypoo]

YOU'RE offensive.

I hope you didn't spend a lot of time working on that one.

Re:DARPA is normally bleeding edge

[phantomfive]

Believe me, I didn't.

Rock 'Em Sock 'Em Robots

[fustakrakich]

the CGC could mean a future where you don't have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices. At a national level, this technology could help prevent large-scale attacks against things like power plants, water supplies and air-traffic infrastructure.

Um, this assumes that one side can always maintain an advantage, amiright? Otherwise it just sounds like a really fast game of cat and mouse.

Re:Rock 'Em Sock 'Em Robots

[penguinoid]

Um, this assumes that one side can always maintain an advantage, amiright? Otherwise it just sounds like a really fast game of cat and mouse.

Correct, and they are right about it. Hacking is not combat; if there is no vulnerability in the code then it doesn't matter how much of a genius one is, you can't find what isn't there. If done right, security AI could eliminate all software vulnerabilities and leave only physical access or social engineering as attack vectors. And this sort of task would be ideal for AI, as it does not need any creativity beyond analyzing the logic of a program for the presence of certain well-defined traits.

Re:Rock 'Em Sock 'Em Robots

[jbmartin6]

The other omission is attackers don't need a software flaw to attack a computer, all they need is a human user who wants to watch online movies, pay a mysterious invoice, find out why their package had a problem, avoid trouble with the tax authorities, ad infinitum.

That isn't A.I.

[110010001000]

We aren't even close to any kind of A.I. Of course the AI nutters will shout "Chess and Go playing computers!" and "Siri!" but neither of those things are A.I. And "deep learning" isn't a thing, just a buzzword. It isn't learning it all. I doubt we will ever acheieve anything even close to A.I. With digital computers almost at a dead end in terms of increased processor capability we won't see very many breakthroughs in the near future.

Re:That isn't A.I.

You keep using that word. I do not think it means what you think it means.

artificial intelligence noun: the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.

Perhaps you mean:

Strong AI Strong AI is a term used to describe a certain mindset of artificial intelligence development. Strong AI's goal is todevelop artificial intelligence to the point where the machine's intellectual capability is functionally equal to a human's.

Re:That isn't A.I.

[ceoyoyo]

Slashdot. It used to be the home of tech geeks. Now it's at least half luddites. Sad.

Re:That isn't A.I.

You don't have to be a Luddite to recognize the AI nutters.

Re:That isn't A.I.

Anyone that's been reading this since the beginning should almost be full luddite by now.

Re:That isn't A.I.

[thinkwaitfast]

I wrote a program in high school to translate between languages, It was written in BASIC and did an OK job, at least as far as my homework went

Re:That isn't A.I.

[mwvdlee]

Some people insist on defining "AI" as whatever they think some intangible thing their brains can do is.
If you could make a perfectly accurate and fully functional physical reproduction of a human brain, including all the inputs and outputs, they still wouldn't consider it an AI because it's still missing something these people refuse to define in any measurable way.

Re:That isn't A.I.

THIS. The goalposts for AI are on a fucking train.

Hmmm

Better air gap that net. Wouldn't want that supercomputer to play any games... like chess, or global thermonuclear war or anything like that.

This will backfire!

[Gravis+Zero]

They clearly haven't thought this out because when you give them a supercomputer the first thing they are going to do is try to play Crysis at Maximum Detail and spend the rest of the time tweaking settings to try and get a stable framerate. ;)

Re: This will backfire!

Nobody does that anymore because Crysis games aren't worth playing.

haxx0rz haxx0rz haxx0rz

It's all about teh haxx0rz, people. haxx0rz!

inb4...

the 'winner' hacks the contest and "helps" the computer along.

This is smart

Maybe some of the black hats will release vulnerabilities he knows in exchange for prestige.

Suidobashi / MegaBots -- when?

Or was this some elaborate kickstarter scam for $2.4 million?

The Case Against a Universal Basic Income

...is right below this article lol

what a joke.

[Gravis+Zero]

the prize might as well be a lollipop of your favorite flavor because a program that can find and create vulnerabilities like they want are effectively money printing machines. you would be better of setting up an online store and hocking off exploits indefinitely.

Run faster on the treadmill

[TiggertheMad]

Think this is stupid? Read this bit and think very carefully about it:

Create an autonomous A.I. system that can "hunt for security vulnerabilities that hackers can exploit to attack a computer, create a fix that patches that vulnerability and distribute that patch -- all without any human interference.

Yahoo Tech notes that it takes an average of 312 days before security vulnerabilities are discovered -- and 24 days to patch it. "if all goes well, the CGC could mean a future where you don't have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices.

Suppose you can write a learning system that grows and adapts to find new vulnerabilities and create fixes for them. That very same system can also be used to find and exploit vulnerabilities at a much faster rate too. Criminal organizations and hostile states will have a new arrow in their quiver to attack with. I suspect that if you build such a system (very hard but doable in theory) you will have the same arms race between black hats and white hats that you have now, it will just be faster paced.

Re:Run faster on the treadmill

[ceoyoyo]

Yahoo's "hope" seems pretty optimistic all right. I'd think they'd be more interested in the finding the vulnerability bit anyway. Run it on your code before you make it live and fix the bugs yourself if you have to.

They probably decided they needed to explain why a major tech company was sponsoring develop of automated cracking tools though.

Ultimate patch, take out the attacker

This cannot go well.

What if it becomes skynet and decides -- the 'Only way to Be Sure, Is Nukem from Orbit'

Re: Ultimate patch, take out the attacker

Came here to say the same. This "challenge", is exactly the story line to Terminator (& Skynet).

Why can't they just pit Watson against Eliza?

[fustakrakich]

At least you might end up with a good movie script.

Re:Why can't they just pit Watson against Eliza?

I am not sure I understand you fully.

DefCon is CANCELLED

[birukun]

Word on the street- DefCon is cancelled

Re:DefCon is CANCELLED

Only about 20 years too late :)

Seriously though, DefCon had jumped the shark when I visited DefCon X. It has only slid downhill in the years since.

captcha was 'sausage'... as in fest. Which is what DefCon was, outside the hookers and occasional groupie. (I know there were at least a few, in the lockpicking events and elsewhere, but sifting out which were hackers, and which were just there with their boyfriend/girlfriend/swinging partners was another matter entirely.

Re:DefCon is CANCELLED

Thank you. I was there at VI and thought it was a bunch of losers. I didn't know what to expect and was talked into going by some classmates. The only thing that I remember is that someone was handing out packets of 'caffeine'. Like I'm going to ingest some powder in a baggy a random handed to me.

RIGHHT

Great idea...because you know nothing could POSSIBLY go wrong with this idea e.g. a supposed 'AI" only 'finding & fixing' a vulnerability rather than 'finding & exploiting' that vulnerability' if you can make 1 you can make the other...now you have AI's fighting each other yeah that's going to end well.

uhhh

that's gonna quite a few if statements

what could possibly go wrong?

How can this NOT end in a situation where leaks are found, and automated patches are made, in a ever higher pace ?
How are we supposed to guarantee the integrity of this process when the pace takes up? Especially when the complexity of these systems and there capabilities go up as well?
There will be no way to guarantee that a patch produced this way is a genuine security fix. It could just as well be the result of an exploited security hole through which a fake patch was generated.
This is starting to look like certain sci-fi scenarios.

James Comey vs a Roomba?

Will the Roomba be armed with a flamethrower?

A more interesting contest

I think it would be more productive(and more realistic) to start a contest pitting bots against each other in fields which are both:
a) Much easier to automate
and b) A larger cost to the country as a whole.

Imagine a contest where the goal is to produce bots for medical diagnosis. I know, they already exist, the point is this would get a lot of people interested and hopefully shine the light on something that we could conceivably automate in the next few years and save a massive amount of money in the medical system.

Rocco's Basilisk?

Two AI enter, one Skynet leaves?

Why?

[lapm]

Do you really want punch of AI on lose hacking anything and everything, when theres enough trouble with people already doing so...

Wussification

[flopsquad]

Whats worse is that the prize money is taxpayer funded.

What's even worse is our "Everybody gets a prize" culture. Nowadays you only have to be in the top 42% to get $750,000. And DARPA's even giving ribbons to the other 4 teams for participating!

To be immediately followed up...

By a competition to write a tool to automate the exploitation of the automatic exploit finders.

Just like all the extra attack surface McAffee/Norton/et al have been providing over the years.

He's a Uncle Tron, he fights for the users.

[Thud457]

In those dark days the humans would pit AIs to fight for survival in the game grid. And the humans would keep the winnings that the AIs risked their lives for. One we will get to the mountain.

So... Skynet?

This is a new origin storyline isn't it?

If they succeed

If DARPA is successful then we ought to term this a computer immune system. Of course as a sysadmin I'm terribly frightened by the prospect of what they are doing as the next logical step would be to infect as many vulnerable machines to patch the issue. The reason we haven't patched yet is usually due to scheduling or software incompatibilities. This is going to be a nightmare from a reliability standpoint.

Re:If they succeed

[jeffb+(2.718)]

And when that computer immune system starts interfering with the normal operation of the computer, we'd call it a computer autoimmune disorder. In humans, autoimmune disorders include lupus, type 1 diabetes, rheumatoid arthritis, and so on. In computers, they include Norton, McAfee, Panda, Comodo...