situation and thinking of darpa network super challenge - arkteam

Posted by tzul at 2020-03-26

On August 5-7, 2016, at Defcon CTF, a top information security competition held in Las Vegas, the United States, a machine CTF team named mayhem and 14 other top human CTF teams staged the first man-machine hacker battle in the field of information security, and once exceeded two human teams. The significance of this event in the field of artificial intelligence and information security is no less than Google alphago's victory over Li Shishi this year. It is one of the landmark events that machine intelligence began to deeply affect information security. The origin of mayhem begins with the CGC (cyber grand challenge) held by DARPA (Defense Advanced Research Projects Agency).

1、 Competition background

DARPA has always had the tradition of accelerating the application of science and technology by holding challenge competitions. CGC's idea comes from the super challenge successfully held in the past. For example, the goal of the first super challenge competition in 2004 is to promote driverless technology. From the first time that no team has completed the competition, the competitors have achieved automatic desert crossing (2005) and automatic crossing of complex urban road sections (2007); another well-known competition held by DARPA is the DRC (DARPA Robotics challenge) (2013).

CGC is a global network security challenge launched by DARPA in 2013. It aims to promote the development of automatic network defense technology, that is, real-time identification of system defects and loopholes, automatic completion of patching and system defense, and finally the realization of fully automatic network security attack and defense system. The team is made up of computers without any intervention. Therefore, CGC is a CTF competition between machines, and the goal is to promote a fully automatic network security attack and defense system.

2、 Introduction to the competition

The schedule of CGC is divided into two stages: the preliminary competition (CQE) and the final competition (CFE).

1. Competition time

Preliminaries: June 3, 2015

Final: August 4, 2016

Figure 1. Timing of CGC competition

2. Teams

The teams in the preliminary stage are divided into funded track and open track. Fund track is a team that submits project application to DARPA in advance and gets $750000 in funding. There are 7 teams, including university research team and enterprise team. Open track is a team that is open to the world and organized by civil liberties. There are nearly 100 teams, including at least 18 teams from Europe, Asia and other non North American regions. Open track has a traditional CTF team (disekt, shellfish, etc.) and a competition team funded by well-known security enterprises.

Before the competition, each team needs to develop a set of fully automatic network reasoning system (CRS), which can analyze and find the loopholes in the Linux binary program automatically, generate the verification code that can trigger the loopholes automatically, and repair the loopholes in the program automatically.

3. Competition questions and regulations

The contest question is developed by the organizer (DARPA) and designed for the difficulties of automatic vulnerability mining. There are two rehearsals of system automation before the CGC official preliminaries, which are used to debug the system automation level and connect with the host system.

Figure 2. CGC competition test questions

(1) Preliminaries

The title of the preliminary contest is 131 Linux binary programs (no source code) with known vulnerabilities. All programs have memory processing vulnerabilities. The types of vulnerabilities cover 53 different types of CWE (list of common defects). The preliminary contest is a process of online automatic analysis and asynchronous attack and defense verification. Within the specified 24 hours, the automatic analysis system of each team needs to automatically download the application program from the sponsor under the condition of no intervention, find the vulnerability by the analysis program, submit the attack input that can trigger the vulnerability, and submit the repaired reinforcement program. In this preliminary competition, 590 loopholes reserved by developers were successfully repaired by participating teams.

The organizer makes a cross attack and defense comparison between all the submitted attack inputs and the reinforced programs among the teams, and determines the ranking of the preliminary competition through the comprehensive evaluation of the success rate of attack and defense and the performance of the reinforced programs.

(2) Final

The challenge content of the final match is basically the same as the preliminary match, but the introduction of online real-time confrontation is an online real-time attack and defense process. After the final, the organizer will release new binary applications from time to time. Each team's system needs to analyze and repair the applications in real time, deploy the repaired programs, generate attack programs, and submit them to the organizer. Different from the preliminary competition, the final system has increased the network defense ability, CRS system can automatically generate IDS rules, and can also choose to attack the target. In addition, the attack input in the final stage is no longer POC, but actual exploit, that is, it can be directly used to obtain program control permission or disclose information. Each team's CRS system deploys defense measures at the software level and network level to protect its own programs from attack.

Through the comprehensive calculation of attack score, defense score, performance loss and function loss introduced by defense measures, the winning team is finally judged.

Figure 3. CGC final rules

After the two rounds of competition, the participating teams need to submit technical paper, which mainly describes the CRS used by the participating teams; after the preliminary competition, the organizer will also visit the CRS system of each participating team on the spot. DARPA takes the above content as an important reference for ranking.

4. Bonus distribution

Through the preliminary teams, the fund track team will no longer receive bonus, and the open track team will receive $750000.

In the final stage, the total bonus is 3.75 million US dollars, including 2 million US dollars for the champion, 1 million US dollars for the second place and 750000 US dollars for the third place. The bonus will be directly given to the corresponding ranks of the team.

5. Competition

Figure 4. CGC finals (7 competing supercomputers)

There are 104 teams in the CGC preliminary competition. Of the seven teams entering the final, three are from fund track and four are from open track, all of which are from North America.

Funded Track:

Open Track:

On August 5, 2016, DARPA officially announced the results:

No. 1: Mayhem system developed by forallsecure team from Carnegie Mellon University, won US $2 million prize;

2nd place: xandra system developed by the team of TechX from grammatec and the University of Virginia, won a prize of US $1 million;

No. 3: mechanical physics system developed by shellfish student team from the University of California won a prize of 750000 US dollars.

Then, at the formal invitation of Defcon CTF organizers, mayhem system competed with 14 other top human CTF teams in the world. On August 6, the mayhem program defeated two human hackers. Hacker robot can stand on Defcon CTF arena, which has created a new situation of automatic network attack and defense.

Figure 5. Defcon CTF final live competition ranking (August 6)

3、 Summary and thinking

1. China's gap is not optimistic

In the CGC network challenge, the leaders and some members of codejitsu and disket are Chinese. In this competition, the Chinese people were brilliant, but we also noticed that all the teams were from foreign universities or security companies, but there was no team from China. Although China has a strong CTF team (blue lotus, 0ops, etc.) and has made great achievements in the xctf League (Defcon CTF runner up in 2016), there is a big gap in the process automation. We should strengthen the corresponding ability improvement and talent training.

2. The rise of artificial intelligence

There have been several man-machine battles between dark blue and chess masters, Chinese Super Computing tiansho and chess masters, cognitive computing Watson and champion of intelligence competition, alpha dog and go masters. However, it is the first time to apply computer programs to the attack and defense of hackers. CGC network challenge is a new exploration for the information security attack and defense to enter the stage of artificial intelligence. The automatic defense mechanism will greatly reduce the time difference between attack and defense, which will be the development trend of future security.

In November 2015, Kevin Kelly, the spiritual godfather of Silicon Valley, published "necessity", believing that artificial intelligence is as important as the Internet and will bring a new revolution to human society. After 60 years of accumulation, the cold winter of artificial intelligence has passed. With the gradual maturity and development of the three cornerstones of artificial intelligence (parallel computing, deep learning and big data), artificial intelligence will inevitably develop with it.

In August 2016, Dr. Wu Jun's book "the age of intelligence" mentioned that the emergence of big data and machine intelligence will have a significant impact on technological development, business and society, revealing that human beings are at the beginning of a major change.

On May 26, 2016, Cheng Wei, founder of didi travel, asserted that the first half of the Internet era has ended, and the second half belongs to artificial intelligence, but there are only 20 years left.

The theme of the Defcon hacking conference held in August 2016 was also defined as Rise of the Machines.

Artificial intelligence will play a more and more important role. CGC competition urges researchers to further develop software repair robots, which can scan system defects or vulnerabilities faster and more effectively than human teams, and improve the ability to quickly repair these program defects in billions of lines of code. This helps strengthen the ability of infrastructure such as power lines and water treatment equipment to resist cyber attacks, and helps protect privacy as online personal devices grow. Author: arilel / CX / Muqq