Can a Computer be Smart Enough to Protect Itself Against Hackers? DARPA Wants to Know
Right now, antivirus software is typically what an average computer user uses in order to keep away malware and minor hacks. Businesses and other entities carrying valuable data tend to use more sophisticated software and technology systems. The Defense Advanced Research Projects Agency (DARPA), though, has an interesting question to pose: what if none of this was necessary, and a computer was smart enough to protect itself?
It’s a big question, and also the premise of a two-year contest for computer programmers around the world. DARPA is offering interested programmers a $2 million prize for an answer to their question, and already, many are intrigued by the challenge. Since announcing the program last fall, 35 teams have signed up, and this Tuesday, DARPA will announce details to allow programmers to prepare for the qualifying round.
No such software or system exists currently, and this was highlighted by the web’s latest large security flaw, Heartbleed, which affected any websites using OpenSSL — an estimated 17% of the internet’s secure web servers.
The vulnerability not only exposed potentially valuable data to anyone searching for it, but also made many people realize that their computers and information might not be as secure as they assumed. For the thousands of automation tools checking for security flaws, not a single one had uncovered the web server issue before experts found it last April. One of the most common online worms, Stuxnet, travels through infected USBs and has been found in almost 50% of utility networks in the U.S.
Michael Walker is the program manager in charge of the contest, and hopes that computers can, in the future, be equipped with sensors that can perform a wide range of protection services. Ideally they will be able to detect intruders and fix the flaws that allowed them in without having to wait for a human programmer to intervene.
The context will provide $750,000 grants to seven teams, though anyone can compete, and the three top teams will receive cash prizes in addition to that. Although it’s a big challenge, precedence exists for transforming competitions into valuable software. Each year, the Def Con computer security conference, hosted in Las Vegas, leads to gains in understanding how to construct analysis-and-defense systems through their competitions modeled roughly after the classic game of “capture the flag.”