[Owasp-leaders] 2 Million Dollars
johanna curiel curiel
johanna.curiel at owasp.org
Fri Dec 6 21:29:40 UTC 2013
"The CGC competitions require a fully automated solution – no human
assistance is permitted in any cyber reasoning processes, including reverse
engineering and patch formulation.
Bayesian analysis is not exactly AI....
"In statistics <http://en.wikipedia.org/wiki/Statistics>, *Bayesian
inference* is a method of
which Bayes' rule <http://en.wikipedia.org/wiki/Bayes%27_rule> is used to
update the probability estimate for a hypothesis as additional
acquired. Bayesian updating is an important technique throughout
statistics, and especially in mathematical
I don't think that ESAPI and APPSENSOR are that far as described
above, however I believe you can use part of that knowledge to construct
this solution. Also the areas in the challenge go further than application
I believe you need Neural networks or some Prolog. I think that a
combination of semantics for programming the rules and decisions (models)
will be a possible approach.
On Fri, Dec 6, 2013 at 5:19 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Pick up a copy of Ryan Barnett's Web Application Defenders Cookbook and
> you'll start to realize just how close to AI it is. Especially given it's
> ability to perform bayesian analysis and take automated action based on
> those results. And if the application can be hooked with ESAPI and
> AppSensor, then you can do similar based on events at the code level as
> well. Autonomous sounds like "AI" to me as well, but I'm pretty sure that
> toolset is capable with some forethought and minor modifications.
> On Fri, Dec 6, 2013 at 3:13 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>> Now we have the start of a party...
>> On Dec 6, 2013, at 4:03 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>> Well, not so fast , because ...
>> "DARPA is soliciting innovative proposals from teams that will develop
>> and field* autonomous Cyber Reasoning Systems* capable of comprehending
>> and protecting software during a live exercise. Specifically excluded is
>> research that primarily results in evolutionary improvements to the
>> existing state of practice."
>> The DARPA Cyber Grand Challenge will utilize a series of competition
>> events to test the abilities of a new generation of fully automated cyber
>> defense systems. During a final competition event, automated Cyber
>> Reasoning Systems will compete against each other in real time. This event
>> will be held in a public setting and documented for research purposes.
>> This smells Artificial intelligence ...
>> On Fri, Dec 6, 2013 at 4:56 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>> ModSecurity + ESAPI + AppSensor. Done.
>>> On Fri, Dec 6, 2013 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>> Now that AppSecUSA is over its time for the next OWASP mission focused
>>>> project. Add a 2M dollar bounty you got my attention - how about yours?
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders