Don't talk about outsiders , Even professionals in safe communities rarely understand CGC The history of the man-machine hacker war . Security cow inquired a lot of information about this , And interviewed the domestic network security confrontation League XCTF Founder Dr. Zhuge Jianwei , And two Chinese scholars from the two machine programming teams who are shortlisted for the finals this year —— Professor Li Kang and Dr. Zhang Chao . Next, let's start from the beginning to understand the peak battle that will set off more waves in the field of man-machine confrontation ！
What is? CGC？
Want to understand the man-machine hacker war , We must first understand CGC(Cyber Grand Challenge, The Internet super challenge ).CGC It's the advanced program research agency of the U.S. Department of defense (DARPA) On 2013 The global cyber security competition launched in , host CGC The main reason is the increasingly serious network security problems , At present, the attack and defense of software security based on vulnerability largely depends on people .CGC The goal is Push the program's ability to attack and defend automatically and surpass the manual ability of human beings , Finally, the automatic network security attack and defense system will be realized . in other words ,CGC All of our teams are teams representing machine programs , Think of it as a machine hacker CTF team .
DARPA There has always been a tradition of holding challenge competitions to speed up the application of science and technology , The idea of network super challenge comes from the super challenge successfully held in the past (Grand Challenge), Such as 2004 The goal of the first super challenge is to promote driverless Technology . No team has completed the schedule since the first competition , Later, automatic desert crossing was realized （2005 year ）, Later, it realized the automatic crossing of complex urban road sections （2007 year ）.DARPA Another well-known competition is the robot challenge (DARPA Robotics Challenge).
To understand the CGC The background of the event , Let's take another look at CGC The schedule and system of the competition .
The schedule and system of the competition
CGC The schedule of the competition is mainly divided into two rounds ,2015 year 6 The monthly qualifiers begin ,2016 year 8 The finals will be held in June . The teams participating in the preliminary stage are divided into funded teams (Funded Track) And open (Open Track) Two kinds of .Funded Track It's advance to DARPA Submit a project application and get 75 Ten thousand dollar team .Open Track It's open to the world , Teams organized by civil liberties .
Funded Track There are seven teams , Generally speaking, they are DARPA Funded and supported “ Regular army ”. Including Berkeley 、 Carnegie Mellon 、 Research teams from universities like Virginia and several corporate teams .Open Track It's the near... From all over the world 100 team , Those outside North America include at least 18 It's from Europe 、 Teams from Asia and other regions .Open Track There are many elephants disekt,shellphish Such a tradition CTF Strong team , There are also well-known security companies （ Like Thor ） Funded competition teams .
The preliminaries are made up of Funded Track and Open Track All teams join in , The top seven teams become the teams that enter the second stage finals . So far these seven teams have won , Three of them are from Funded Track, Four from Open Track, They are all from North America .
The preliminaries have 104 Teams from all over the world compete , After the preliminaries, there are now seven teams left to qualify for the finals .
It is worth mentioning that , Of the seven machine teams that are in the finals , There are many Chinese faces . Such as disekt The leader of our team, Professor Li Kang ,CodeJitsu Team leader Professor Song Xiaodong , And assist team leader Zhang Chao and team member Yang Kun ,shellphish The team fish etc. . And most of them are famous in China CTF Baidu - It's about the blue lotus . Professor Li Kang is the enlightenment tutor of blue lotus , Dr. Yang Kun is the blue lotus captain 、 Dr. Zhang Chao is a member of the blue lotus team ,fish The former blue lotus player . The main interviewee of this article is Mr. Zhuge Jianwei , He is also the co-founder of blue lotus .
Dr. Zhang Chao （ Left ） And Professor Li Kang （ Right ）
The final stage starts with 2015 year 7 From the end of the month , All seven teams that made it to the final through the preliminary round won DARPA Bonus and computing resource funding . The final will be on 2016 year 8 This month is in Las Vegas . The challenge is ： In the combat environment closer to the actual network attack and defense , Automatically mine vulnerabilities and generate exploits (exploit) Attack other teams , At the same time, the process of automatically protecting one's own team , Including system and network level protection .
DARPA The total value of the official final computing resources is 60 Thousands of dollars ：
Each individual HPC contain 64 Nodes , Each node includes 20 Xeon cores256GB of RAM2TB of storage
A total of ：1,280 Xeon cores16,384GB of RAM128TB of storage
So much for that , How is the most attractive bonus distributed ?
I've always been rich DAPRA It's in the preliminary stage 825 Thousands of dollars , contain 7 the Funded Track Team funding and 4 I'm a finalist Open Track The team's bonus . In the final stage, the total bonus is 375 Thousands of dollars , among The champion prize 200 Thousands of dollars , proxime accessit 100 ten thousand , The third 75 ten thousand , The bonus will be paid directly to the team in the corresponding position . Give financial aid to 、 Bonus 、 Equipment supply 、 The development costs of the platform and the competition are all counted , This time CGC The total investment is at least 2500 Over ten thousand dollars ！ The U.S. government has always invested heavily in high technology .
Although the prize money is attractive , But how to win the game ？ A contest of machine programs like this , What are the rules and questions of the competition ？
Questions and rules
The most important rule of the game is automatic , Each team has a year to develop the system before the game , After the game system is online, it must be fully automatic attack and defense .
The title is developed by the organizer , Aiming at the difficulties of automatic vulnerability mining . The preliminaries include 131 Daosai questions , It is known that there are loopholes in Linux Binary program （ There is no source ）, All programs have memory processing vulnerabilities , Vulnerability type coverage 53 Different types of CWE（ List of common defects ）. Before the preliminaries , Each team needs to develop a fully automated program analysis tool , It can be done to Linux Binary program for fully automated analysis, found the loopholes , And automatically generate the verification code that can trigger the vulnerability (POC), Automatic defense and repair of program vulnerabilities . stay CGC There are several rehearsals of system automation before the formal preliminaries , It is used to debug the automation degree of the system and connect with the host system .
CGC The procedures involved 、 Network analysis and defense generation
No matter from OpenTrack still Funded Track, All teams face the same challenge . Formal qualifying is a process of online automatic analysis and asynchronous attack and defense , At the designated 24 Within hours , Each team's automated analysis system needs to automatically download applications from the host without intervention , Analyzers look for vulnerabilities , Submit attack input that triggers the vulnerability , And submit the repaired reinforcement program . stay 24 After a period of two hours , The organizer makes cross attack and defense comparison between the submitted attack input and the reinforced program , Through the attack and defense success rate and reinforcement program performance comprehensive evaluation to determine the preliminaries . In this preliminaries , Developer reserved 590 A loophole , They were successfully repaired by the participating teams .
The final challenge is basically the same , But the introduction of online real-time confrontation , It's an online real-time attack and defense process . After the finals started , The organizers will release new binary applications from time to time , Each team's system needs to analyze and repair the application in real time , Deploy the patched program , At the same time generate attack program , Submitted to the sponsor . What's different from the preliminaries is , The final system has increased network defense capability , The system can automatically generate IDS The rules , The system can also choose to attack the target . In addition, the attack input in the final phase is no longer POC, It's actually available exploit, That is, it can be directly used to obtain program control permissions or disclose information .
The whole process of the final is similar to DEF CON CTF The final process of , The main difference is that the system needs to be ready before the game , There is no human participation in the competition . And CTF The competition system is the same . The automatic analysis system of each team needs to analyze the target program in real time , Find vulnerabilities and generate attack samples , And then attack other teams . Each team also needs to deploy defense measures at the software level and network level , Protect your own programs from attack . Through comprehensive calculation of attack score 、 Defense score 、 And the loss of performance and function introduced by defensive measures , In the end, we judge the winning team .
1. Turn based online attack and defense game 2. attack type 1： Crash in the specified invalid address + Controls a register to a specified value type 2： Let the cat out of the flag Any memory page 4 byte 3. defense Automatic repair Automatic generation IDS The rules 4. Strategy Flow analysis , Replay your opponent's attack Analyze opponent patches , Locating vulnerabilities Analyze the opponent IDS The rules , Bypass detection
CGC The rules of the final
The technical highlights and difficulties of the online super challenge are the same , That is, full automation of the system . The main difficulty is , How to be in “ Infinite ” How to find the input that triggers the vulnerability as soon as possible , Especially when there are complex inputs and uncertainties （ For example, random number generation ） Such cases . program-running “ Infinite state ” Refer to , Due to the diversity of programs and a large number of branch loop paths in a single complex program , The result is that the state in the program is much better than that in go 、 Chess, etc “ Closed finite state sets ” more “ Infinite ”, The analysis and search space of automatic attack and defense is larger , It's even more inexhaustible . The upper bound of go is 19*19, namely 361 The factorial is a possible choice .
CGC It's about so much , Careful people may ask , This is the same as mentioned earlier DEF CON CTF What does it matter ？ Where is the century war of man-machine hackers ？
Man machine hacker summit duel
At first , After the seven teams in the final decided to win the championship , Current CGC That is to say, it's over . in other words , To produce a team of machine hackers CTF The champion team . What's interesting is that ,DARPA stay 2015 year DEFCON Propaganda at the conference CGC In the game , suffer DEF CON CTF The organizer's live challenge , Arouse the great interest of the participants on the spot .
Before , Including dark blue and chess masters 、 Chinese supercomputer Tiansuo and chess master 、 Cognitive computing, Watson and the champion of intellectual competition and other similar man-machine wars have been held several times , But it's the first time that computer programs have been used to attack and defend hackers . Who is more human than program “ black ” The controversy over the issue has attracted the attention of the industry and even the U.S. government , Finally, it made this historic man-machine CTF The date of the competition . And just last week , The organizers have just confirmed that in this year's DEF CON CTF period , human beings CTF The champion team and CGC The machine champion team of the competition , There's going to be an independent attack and defense game . And humans CTF The traditional international strong team of the competition will also be in this year 4 month XCTF Shanghai International 0CTF Gather in Shanghai , The fight goes straight to DEF CON CTF The number of places in the finals .
The significance of this competition in the field of security is similar to 1970 The first machine chess competition in , although CGC There is no sign that the initial performance of the system can completely surpass the ability of human hackers , But the practice of using automatic systems for security attack and defense may come soon , Like driverless technology in the third Grand Challenge After the match , The level of technological maturity is already quite clear .
According to the analysis , Because the specific rules and details of the man-machine hacker war have not been finalized yet , It's hard to predict the outcome of the war at this stage . The advantage of machines is that they can analyze programs quickly , And quickly deploy different defense solutions , But it's difficult to deploy targeted Advanced Attack Technology . The advantage of human team lies in the accurate understanding of program semantics , And targeted development of attack technology .
Man machine hacker summit duel , Not just for safe communities , Even for the whole society , It's going to be an eye-catching game , A historic moment , An era of machine hacking is coming ！