Skip to main content

DARPA prize-winning bot Mayhem deploys to seek flaws, shut out botnets

In a riff on Hitchcock’s To Catch a Thief, a powerful software bot is being used to defeat botnets. Carnegie Mellon spinoff ForAllSecure’s Mayhem software won $2 million in a Defense Advanced Research Projects Agency (DARPA) Pentagon hacking contest in Las Vegas last August, according to MIT Technology Review.

Mayhem is the creation of Carnegie Mellon professor David Brumley and two of his graduate students. In the DARPA contest, called the Cyber Grand Challenge, the competitors had two tasks: Fix and defend assigned server software and hack the server code assigned to other teams. The purpose of the contest, which awarded a total of $4 million in prizes, was to encourage the automating computer security tasks. DARPA states the primary focus is the development of defensive software, MIT Technology Review reports.

Recommended Videos

Fresh from the bot battle, Brumley and his company are adopting Mayhem for commercial applications, intended to find flaws in internet firmware, starting with, but not limited to, routers. In 2016 the group tested some parts of Mayhem’s code with nearly 2,000 router firmware images. In the course of testing, the code found that more than 40 percent of the routers had at least one vulnerability including 14 that had never before been detected and were involved in 69 separate software builds.

One of the biggest challenges with internet device vulnerabilities is chasing down and updating products from past product cycles. The promise of Mayhem is its potential to both detect and repair or defend against vulnerabilities quickly. One example is a botnet — a large number of computers or devices, often in the tens and hundreds of thousands, that are unknowingly recruited for malicious purposes by computer malware. When each of the multitude of devices is directed to make multiple, rapid requests of a single website in order to overwhelm servers and effectively shut down the site, it’s called a “distributed denial of service” (DDoS) attack.

After last October’s massive DDoS attack using vulnerability in smart home web cameras, the need for better screening and protection was underscored, particularly in devices purchased by less-knowledgeable users.

Mayhem’s job will be to find and patch immediately. “Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks — or never — until a patch is put out,” Brumley said. “Imagine a world where the first-time a hacker exploits a vulnerability he can only exploit one machine and then it’s patched.”

Answering concerns that human security experts will still want to check the work of defensive bots, according to Brumley even the United States government still wants to have a “human in the loop.”

“I’m not against that, but I feel that it slows down the process,” Brumley said.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
I found the best Prime Day deal on a tablet hidden beyond Amazon
Microsoft Surface Pro 12-inch, stylus, and keyboard.

A good tablet can take your productivity to the next level, but a boring one will find a niche use and eat dust on a table or couch for most of its time. I love iPads and have been pushing them – as far as I can — to act as my primary computing machine for nearly half a decade now. It has never managed to replace a proper laptop, like a MacBook Air or a Windows machine. 

Why not buy a Windows laptop, you might ask? Well, Windows-powered tablets, especially those Surface devices sold by Microsoft, are pretty expensive. I love the new 12-inch Surface Pro, but at $799, it felt like a steep purchase despite its impressive specifications. 

Read more
Prime Day is over, but this powerful Dell laptop is still at its lowest price
The Dell Vostro 3530 laptop on a white background.

Prime Day is already over, but that doesn't mean that there are no more laptop deals for you to shop on Amazon. Here's one that caught our eye -- the Dell Vostro 3530 with 32GB of RAM for its lowest-ever price of $649, following a 28% discount on its original price of $899. This limited-time offer of $250 off may not last much longer though, so if you want to take advantage of this bargain, we highly recommend that you finalize your purchase for this device as soon as you can.

Buy Now

Read more
This Lenovo all-in-one computer is 30% off even though Prime Day has ended
The Lenovo V100 All-in-One Desktop Computer on a white background.

Even though Prime Day is already finished, there are still some excellent desktop computer deals on Amazon. If you don't have much space, or you just want to avoid clutter, you should take a look at the Lenovo V100 All-in-One PC. From its original price of $800, it's all the way down to just $560 following a 30% discount. The offer for this machine will only be available for a limited time though, so you need to act fast and proceed with the transaction immediately to secure the savings of $240.

Buy Now

Read more