Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

The Mayhem system is able to suss out software vulnerabilities and patch them automatically

By Wong Chung Wee - on 31 Jan 2019, 11:05am

The Mayhem system is able to suss out software vulnerabilities and patch them automatically

(Image source: Chelsea Mastilak via IEEE Spectrum)

Mayhem is an automated cybersecurity system developed by the company ForAllSecure. Mayhem is able to seek out software vulnerabilities, verify them and then patch them to prevent possible exploitation by malicious hackers. This is performed without human intervention.

In order to prove its mettle, ForALLSecure developed a water-cooled server to operate Mayhem, and entered the behemoth in 2016 for DARPA’s Cyber Grand Challenge, which was a project /competition with the aim of seeking out AI systems that could find, verify and patch software vulnerabilities.

(Image source: DARPA via IEEE Spectrum)

During the competition, Mayhem didn’t perform well as it crashed at the 44th round of the competition while the other competing systems went on for the remaining 55 rounds. However, Mayhem’s stellar performance before it crashed catapulted it to pole position, and this achievement underscored the immense potential of Mayhem, an AI-driven cybersecurity system that may eventually replace its human counterparts. Even such high-specialized IT jobs aren’t safe from the reach of artificial intelligence.

ForAllSecure engineers pose with their creation, Mayhem, at the closing ceremony in 2016. (Image source: DARPA via IEEE Spectrum)

The Mayhem system represents a decade’s worth of work from the founders of AllForSecure. They are researchers from Carnegie Mellon University (CMU), Pennsylvania, United States. The two pillars behind the Mayhem system are fuzzing and symbolic execution.

The first involves feeding random combinations of data into a program, “making intelligent guesses at lightning speed about which inputs might trigger the program to engage in some new behavior, then keeping track of those inputs that actually do so”. The other process, symbolic execution is “like asking a mathematician to try to formally figure out what inputs may exploit the program.”

The other strength of Mayhem is its ability to parse binary code to analyze software operations with human intervention. This is essential as the source codes of programs may not be freely available.

According to AllForSecure, the company is offering the first versions of its new service to the United States government and “companies in the high-tech and aerospace industries.” For now, the commercially available Mayhem system still requires human intervention to fully patch uncovered software vulnerabilities. However, ForAllSecure is so confident of its machine intelligence cybersecurity system of replacing human security professional in the "more distant future."

(Source: IEEE Spectrum)