The Defense Advanced Research Projects Agency (DARPA) wants to leverage human-artificial intelligence teaming to accelerate the military’s cyber vulnerability detection, according to agency documents.
The task of securing the Pentagon’s diverse networks, which support nearly every function of the military’s operations, presents a nightmare for defense officials. The current time-intensive and costly process involves extensively trained hackers using specialized software suites to scour the networks in search of vulnerabilities that could potentially be exploited, but the scarcity of expert hackers makes detecting cyberthreats a challenge for the Defense Department.
DARPA’s Computers and Humans Exploring Software Security (CHESS) program seeks to bolster existing cyber defenders with a new tool that would render much of the current toolkit ancient history: artificial intelligence.
The program aims to incorporate automation into the software analysis and vulnerability discovery process by enabling humans and computers to reason collaboratively. If successful, the program could enhance existing hacking techniques and greatly expand the number of personnel capable of ethically hacking DoD systems.
To achieve its goal, DARPA will solicit proposals from industry across five technical areas, including developing tools that mimic the processes used by expert hackers and ultimately transitioning a final solution to the government.
“Through CHESS, we’re looking to gather, understand and convert the expertise of human hackers into automated analysis techniques that are more accessible to a broader range of technologists,” the DARPA program description reads. “By allowing more individuals to contribute to the process, we’re creating a way to scale vulnerability detection well beyond its current limits.”
While DARPA sees artificial intelligence as an important tool for enhancing cybersecurity efforts, officials emphasize the essential role humans play in the collaborative process.
“Humans have world knowledge, as well as semantic and contextual understanding that is beyond the reach of automated program analysis alone,” said Dustin Fraze, the I2O program manager leading CHESS. “These information gaps inhibit machine understanding for many classes of software vulnerabilities. Properly communicated human insights can fill these information gaps and enable expert hacker-level vulnerability analysis at machine speeds.”
The CHESS program will span three phases lasting a total of 42 months. Each phase will focus on increasing the complexity of an application the CHESS system is able to analyze effectively.