DARPA prize-winning bot Mayhem deploys to seek flaws, shut out botnets

darpa mayhem bot cyber grand challenge winners
In a riff on Hitchcock’s To Catch a Thief, a powerful software bot is being used to defeat botnets. Carnegie Mellon spinoff ForAllSecure’s Mayhem software won $2 million in a Defense Advanced Research Projects Agency (DARPA) Pentagon hacking contest in Las Vegas last August, according to MIT Technology Review.

Mayhem is the creation of Carnegie Mellon professor David Brumley and two of his graduate students. In the DARPA contest, called the Cyber Grand Challenge, the competitors had two tasks: Fix and defend assigned server software and hack the server code assigned to other teams. The purpose of the contest, which awarded a total of $4 million in prizes, was to encourage the automating computer security tasks. DARPA states the primary focus is the development of defensive software, MIT Technology Review reports.

Fresh from the bot battle, Brumley and his company are adopting Mayhem for commercial applications, intended to find flaws in internet firmware, starting with, but not limited to, routers. In 2016 the group tested some parts of Mayhem’s code with nearly 2,000 router firmware images. In the course of testing, the code found that more than 40 percent of the routers had at least one vulnerability including 14 that had never before been detected and were involved in 69 separate software builds.

One of the biggest challenges with internet device vulnerabilities is chasing down and updating products from past product cycles. The promise of Mayhem is its potential to both detect and repair or defend against vulnerabilities quickly. One example is a botnet — a large number of computers or devices, often in the tens and hundreds of thousands, that are unknowingly recruited for malicious purposes by computer malware. When each of the multitude of devices is directed to make multiple, rapid requests of a single website in order to overwhelm servers and effectively shut down the site, it’s called a “distributed denial of service” (DDoS) attack.

After last October’s massive DDoS attack using vulnerability in smart home web cameras, the need for better screening and protection was underscored, particularly in devices purchased by less-knowledgeable users.

Mayhem’s job will be to find and patch immediately. “Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks — or never — until a patch is put out,” Brumley said. “Imagine a world where the first-time a hacker exploits a vulnerability he can only exploit one machine and then it’s patched.”

Answering concerns that human security experts will still want to check the work of defensive bots, according to Brumley even the United States government still wants to have a “human in the loop.”

“I’m not against that, but I feel that it slows down the process,” Brumley said.


AMD Ryzen CPU prices get slashed ahead of Ryzen 3000 release

AMD's Ryzen CPUs have had their prices slashed as we edge towards the release of their third generation. Whether you're a gamer or someone who needs multi-threaded performance, there's a deal for everyone with some heavy discounts to take…

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.

The number pad on HP’s Chromebook 15 makes spreadsheet work a breeze

HP's Chromebook 15 comes with a 15.6-inch display, a metal keyboard deck with full-size keys, and a dedicated number pad, making it the second Chromebook model, following Acer's Chromebook 715, to be suited for spreadsheet work.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.

Lenovo’s Yoga C930 sale drops a $650 discount on its 2TB SSD laptop

Lenovo is offering one of its 2-in-1 laptops at a $650 discount. This Lenovo Yoga C930 laptop comes with a 2TB solid-state drive, a digital pen, a fingerprint reader, and a Dolby Atmos sound bar.

You won't want to miss these deals on some of the best laptops around

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we have you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.