Engineers develop ‘Artificially Intelligent’ hackers

Artificially intelligent hackers will find out vulnerabilities in rival system while fixing their own

How about having an autonomous hacking system without having any human involved, which could find and patch up vulnerabilities in computer systems before cyber attackers could abuse them?

Well, that was the contest that the seven teams were competing for in Darpaโ€™s Cyber Grand Challenge in August.

While every team who participated in the contest has already won $750,000 for qualifying, they must now put their hacking systems up against six others in a game of โ€œcapture the flagโ€. The software must not only be able to attack the other teamโ€™s susceptibilities but also discover and fix flaws in their own software โ€“ all while guarding its performance and functionality. The winner of the contest gets prize money of $2m.

Speaking at the RSA security conference in San Francisco, Giovanni Vigna, a professor of computer science at University of California Santa Barbara, explained that โ€œFully automated hacking systems are the final frontier. Humans can find vulnerabilities but canโ€™t analyse millions of programs.โ€

Vienna is also the founder of hacking team Shellphish, which has built one of the systems โ€“ nicknamed as Mechanical Phish โ€“ that will participate in the Cyber Grand Challenge.

โ€œHacking is usually just a bunch of guys around a table who are very tired just typing on a laptop,โ€ Vigna adds, adding that itโ€™s โ€œnot as sexyโ€ as hacking is shown in movies. โ€œWe do this because we either want to attack somebody, hack defensive to find bugs before they are deployed, or because itโ€™s fun.โ€

Organizations who do not have a team of highly skilled human โ€œuber-hackersโ€ in house and are looking to protect their network could find robo-hackers extremely useful, as they can quickly recognize and fix problems before anyone compromises them to either interrupt online services or steal data.

Other groups, who are not a part of the Cyber Grand Challenge, are working on hacking machines powered by artificial intelligence.

Chief Technology Officer of BT Americas, Konstantinos Karagiannis has been developing a hacking system that utilizes the neural networks to simulate the way the human brain learns and solves problems.

He explained how an artificially intelligent program called MarI/O with no prior knowledge and just 34 tries was able to learn a complete level of Super Mario World. The software did not teach anything about how to play the game; it just had a few simple parameters set. MarI/O just attempted to try different things, it โ€œthoughtโ€ would work and when they did, it โ€œlearnedโ€.

โ€œUsing this approach a security scanner could identify intricate flaws using creative approaches you would have never thought of,โ€ explained Karagiannis. โ€œAnd it can be written with very modest hardware. A $1,000 GPU [graphics processing unit, typically used in gaming] can outrun a supercomputer that used to fill a building 10 years ago.โ€

By the summer of 2016, Karagiannis is hoping to exhibit a proof-of-concept.

While robo-hackers could offer security professionals with a valuable weapon in their armory, the threat is that they could fall into the wrong hands. Karagiannis told us that he wouldnโ€™t be amazed if criminal hackers had adopted these techniques โ€œwithin a yearโ€.

Alex Rice, co-founder of security company HackerOne, agrees. โ€œAnything that can be used to defensively find vulnerabilities can be used by criminals โ€“ they all end up becoming a double-edged sword,โ€ he told the Guardian.

In spite of this, the rise of automation in security is a good thing thinks Rice. โ€œEverybody is struggling to keep up. Thereโ€™s not a single organization that hasnโ€™t had a compromise that was life-threatening, so clearly everything weโ€™re doing is failing.โ€

He said that the best solution would be to amalgamate the skills of humans with machines. โ€œHumans are much better at what we havenโ€™t figured out yet.โ€

โ€œUntil we have fully sentient machines, they still have to be instructed by humans.โ€

Source: The Guardian

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post