Skip to main content

DARPA prize-winning bot Mayhem deploys to seek flaws, shut out botnets

darpa mayhem bot cyber grand challenge winners
DARPA
In a riff on Hitchcock’s To Catch a Thief, a powerful software bot is being used to defeat botnets. Carnegie Mellon spinoff ForAllSecure’s Mayhem software won $2 million in a Defense Advanced Research Projects Agency (DARPA) Pentagon hacking contest in Las Vegas last August, according to MIT Technology Review.

Mayhem is the creation of Carnegie Mellon professor David Brumley and two of his graduate students. In the DARPA contest, called the Cyber Grand Challenge, the competitors had two tasks: Fix and defend assigned server software and hack the server code assigned to other teams. The purpose of the contest, which awarded a total of $4 million in prizes, was to encourage the automating computer security tasks. DARPA states the primary focus is the development of defensive software, MIT Technology Review reports.

Fresh from the bot battle, Brumley and his company are adopting Mayhem for commercial applications, intended to find flaws in internet firmware, starting with, but not limited to, routers. In 2016 the group tested some parts of Mayhem’s code with nearly 2,000 router firmware images. In the course of testing, the code found that more than 40 percent of the routers had at least one vulnerability including 14 that had never before been detected and were involved in 69 separate software builds.

One of the biggest challenges with internet device vulnerabilities is chasing down and updating products from past product cycles. The promise of Mayhem is its potential to both detect and repair or defend against vulnerabilities quickly. One example is a botnet — a large number of computers or devices, often in the tens and hundreds of thousands, that are unknowingly recruited for malicious purposes by computer malware. When each of the multitude of devices is directed to make multiple, rapid requests of a single website in order to overwhelm servers and effectively shut down the site, it’s called a “distributed denial of service” (DDoS) attack.

After last October’s massive DDoS attack using vulnerability in smart home web cameras, the need for better screening and protection was underscored, particularly in devices purchased by less-knowledgeable users.

Mayhem’s job will be to find and patch immediately. “Now when a machine is compromised it takes days or weeks for someone to notice and then days or weeks — or never — until a patch is put out,” Brumley said. “Imagine a world where the first-time a hacker exploits a vulnerability he can only exploit one machine and then it’s patched.”

Answering concerns that human security experts will still want to check the work of defensive bots, according to Brumley even the United States government still wants to have a “human in the loop.”

“I’m not against that, but I feel that it slows down the process,” Brumley said.

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Apple has a chance to fix Mac gaming for good in 2024
Lies of P being played on an iMac.

Looking back, 2023 was a banner year for Mac gaming. As a gamer, it feels really surreal to say that, given how disappointing the past has been. But it’s true -- and for the first time in a long time, the sun is shining on Mac gamers.

We’ve had the M3 series of chips with hardware ray tracing, mesh shading, and improved GPUs. On the software side, Apple has built-in tools like Game Mode and a game porting toolkit into macOS. And some massive games have come to the Mac, including Baldur’s Gate 3 and Lies of P.

Read more
The 10 best laptop deals in Best Buy’s 3-Day Sale — from $120
A bird's eye view of a person working on a laptop.

If you missed out on the Black Friday and Cyber Monday sales from a couple of weeks ago, don't worry. Best Buy is having a massive sale that includes many laptops for you to pick from. That includes everything from Chromebooks to gaming laptops and everything in between. That said, there are a lot of choices to pick from, so we've selected our favorite deals below to make it a little bit easier for you and to give you a solid starting point. That said, check out the full Best Buy sale using the button below to see everything available.

Our Favorite Laptop Deal in Best Buy's 3-Day Sale

Read more
The 3 best MacBook deals in Best Buy’s 3-day sale — from $800
An Apple MacBook laptop on a tabletop. There is a potted plant and an AirPods case next to it.

MacBooks can get quite expensive, which is why it's always a good idea to wait for a sale before springing for a new one, although those tend to be rare these days. That said, there are a couple of MacBook deals for you in Best Buy's 3-day sale, so if you've always wanted to pick one up, now is the time. That said, if you'd like to see some options outside of Apple's ecosystem, check out everything Best Buy has to offer using the link below.

Our Favorite MacBook Deal in Best Buy's 3-Day Sale

Read more