[Owasp-leaders] 2 Million Dollars

johanna curiel curiel johanna.curiel at owasp.org
Fri Dec 6 21:29:40 UTC 2013


Josh

"The CGC competitions require a fully automated solution – no human
assistance is permitted in any cyber reasoning processes, including reverse
engineering and patch formulation.

Bayesian analysis is not exactly AI....

"In statistics <http://en.wikipedia.org/wiki/Statistics>, *Bayesian
inference* is a method of
inference<http://en.wikipedia.org/wiki/Statistical_inference> in
which Bayes' rule <http://en.wikipedia.org/wiki/Bayes%27_rule> is used to
update the probability estimate for a hypothesis as additional
evidence<http://en.wikipedia.org/wiki/Evidence> is
acquired. Bayesian updating is an important technique throughout
statistics, and especially in mathematical
statistics<http://en.wikipedia.org/wiki/Mathematical_statistics>
"

I don't think that ESAPI and APPSENSOR are that far as described
above, however I believe you can use part of that knowledge to construct
this solution. Also the areas in the challenge go further than application
security alone.

I believe you need Neural networks or some Prolog. I think that a
combination of semantics for programming the rules and decisions (models)
will be a possible approach.


Regards


Johanna


On Fri, Dec 6, 2013 at 5:19 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Johanna,
>
> Pick up a copy of Ryan Barnett's Web Application Defenders Cookbook and
> you'll start to realize just how close to AI it is.  Especially given it's
> ability to perform bayesian analysis and take automated action based on
> those results.  And if the application can be hooked with ESAPI and
> AppSensor, then you can do similar based on events at the code level as
> well.  Autonomous sounds like "AI" to me as well, but I'm pretty sure that
> toolset is capable with some forethought and minor modifications.
>
> ~josh
>
>
> On Fri, Dec 6, 2013 at 3:13 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>
>> Now we have the start of a party...
>>
>> http://www.darpa.mil/cybergrandchallenge/
>>
>> On Dec 6, 2013, at 4:03 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>> Well, not so fast , because ...
>>
>> "DARPA is soliciting innovative proposals from teams that will develop
>> and field* autonomous Cyber Reasoning Systems* capable of comprehending
>> and protecting software during a live exercise. Specifically excluded is
>> research that primarily results in evolutionary improvements to the
>> existing state of practice."
>>
>> ...
>>
>> The DARPA Cyber Grand Challenge will utilize a series of competition
>> events to test the abilities of a new generation of fully automated cyber
>> defense systems. During a final competition event, automated Cyber
>> Reasoning Systems will compete against each other in real time. This event
>> will be held in a public setting and documented for research purposes.
>>
>>
>> This smells Artificial intelligence ...
>>
>>
>> On Fri, Dec 6, 2013 at 4:56 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>>
>>> ModSecurity + ESAPI + AppSensor.  Done.
>>>
>>> ~josh
>>>
>>>
>>> On Fri, Dec 6, 2013 at 2:15 PM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>
>>>>
>>>> http://www.theregister.co.uk/2013/12/06/darpa_enlists_def_con_talent_for_2m_security_bugswatting_challenge
>>>>
>>>> Interested?
>>>>
>>>> Now that AppSecUSA is over its time for the next OWASP mission focused
>>>> project.   Add a 2M dollar bounty you got my attention - how about yours?
>>>>
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131206/5cc5f236/attachment.html>


More information about the OWASP-Leaders mailing list