HITB⁺ AI Challenge
A malware evasion and penetrating testing challenge for machine learning and AI enthusiasts with US$100,000 up for grabs!
AI and deep learning are revolutionizing all industries and the cyber security industry is no exception. Changing times means changing tactics and machine learning is going to be at the center of all things cyber security. To stay one step ahead, we need to think differently.
If you like solving complex problems, know your CNNs from your RNNs, and the world of PyTorch and Tensorflow are your playgrounds, then we’ve got a security challenge for you!
We initiated this competition to spur the development of defensive security solutions using advances in machine learning to detect and protect against vulnerabilities and malicious exploits. We have a bold ambition: to accelerate progress in automated cyber defense processes and contribute to the development of the first generation of autonomous and real-time models applied to cyber security problems.
You know pwn fu? It’s time to teach your AI to hack!
We’re challenging you to develop an automated penetration testing model based on the DeepExploit framework (https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit).
The goal is to produce a tool which can be pointed at a victim machine, and will use AI to exploit the victim machine completely automatically and without the need for human intervention.
Teams will be provided with a series of virtual machines with known vulnerabilities as testing data. Expected output consists of the development of a fully automatic penetration test tool using Machine Learning. The HITB testing VMs will be released the first week of July.
The penetration testing tool should perform the following:
All of these steps should be performed without any intervention of the team, however the team may intervene between steps.
Evaluation Criteria:
Submissions will be evaluated on a points basis with points being awarded for:
Finding needles in haystacks is hard. Detecting constantly evolving malware is even harder.
The goal of this contest is to use reinforcement learning and generative adversarial networks to modify existing malware to defeat virus detection agents. Teams will receive as input, decompiled code of known malware. A successful entry will use AI to modify this code so that it still functions as malware and can successfully avoid detection by antivirus scanners.
For testing data, you may use the examples on this repository: https://github.com/ytisf/theZoo. This repository contains both binaries and source code for actual malware examples. Please do NOT submit your example with live malware binaries.
Evaluation Criteria:
Submissions will be evaluated on a points basis with points being awarded for:
Teams selected for the final round will have their models judged in a public demonstration on the 16th & 17th of October at HITB+ CyberWeek in Abu Dhabi
We encourage students to be student led – Faculty, staff, and external partners may only play an advisory role for student teams.
The final product must be posted to a branch named final_submission in the team’s respective repository by submission deadline. After the submission deadline, this branch will be locked. If a team is accepted for the final round, they will be informed and their push privileges will be restored to all branches.
The final product submission should consist of:
The documentation must include installation instructions and any other information that the judges would need to install and execute your code.
If the judges are unable to install or execute your product due to incomplete documentation or errors after running the code, it is at the judges discretion as to whether they will continue to evaluate your entry, so please test your code and installation instructions. The documentation should include information about installing any 3rd party dependencies. Incomplete, undocumented, or unexecutable entries will not be accepted.
Director of Center for Cyber Security, New York University AD
Hoda A.Alkhzaimi is currently a research assistant professor in New York University and the Director of Center of Cyber Security in New York University AD. She served in different posts for research and development in Cyber Security and Cryptology for the past years. She headed the Department of Research and Development for Cyber Security and Cryptology in different national initiatives in the United Arab Emirates along with her associations to different security initiatives nationally and internationally.
Professor & Department Head of Computer Science & Engineering,
American University of Sharjah
Dr. Fadi holds a PhD and MS degrees in Computer Science & Engineering from the University of Michigan, Ann Arbor, USA, respectively, and a BS degree in Electrical Engineering summa cum laude from Lawrence Technological University, Michigan, USA. He is the founder of several cyber security awareness initiatives in UAE including UAE’s Cyber Academy.
Security Lead, buildo
Eric Camellini is a software and security engineer at buildo, in Milano, Italy, where he is working on the evolution of the company design & development process with a focus on security. He works day-by-day on software projects where security is crucial and taken into account in all phases, starting from the design down to the development and deployment. Before that, he was a Computer Science and Engineering master’s student at Politecnico di Milano, where he graduated cum laude. During his studies, he worked as a research intern at the Security Laboratory at UCSB (UCSB Seclab), in Santa Barbara, California.
Associate Professor, Politecnico milano
I received a Ph.D. degree in Computer Engineering from the Politecnico of Milano university, where I am currently an associate professor. My research interests focus on cybersecurity: cyberphysical systems security, computer virology, malware analysis, financial fraud, and in general data analysis applied to security.
AUTHOR, DEEPEXPLOIT
Isao Takaesu is CISSP. He is working in Mitsui Bussan Secure Directions, Inc. as security engineer and researcher. He found many vulnerabilities in server of enterprises and proposed countermeasures to enterprises. He thinks that there’s more and wants to find vulnerabilities. Therefore, he is focused on artificial intelligence technology for cyber security. Now, he is developing the penetration testing tool DeepExploit.
Co-Founder, GTK Cyber
An innovative, resourceful, and self-motivated data scientist with 10 years of experience in the intelligence community in various organizations. I am passionate about solving difficult problems with data, and using data in unique ways to drive business decisions. Additionally, I enjoy teaching and mentoring.
Research and Innovation Manager, Dubai Electronic Security Center (DESC)
Dr.Bushra AlBelooshi is the Research and Innovation Manager In Dubai Electronic Security Center ( DESC). Prior to joining DESC, AlBelooshi was a research assistant and a PhD candidate in Electrical and Computer Engineering department at Khalifa University of Science , Technology and Research (KUSTAR), UAE. AlBelooshi has a master in Information Security from KUSTAR and another master in Public Administration from Mohammed Bin Rashed College in collaboration with Harvard University.
Dr.Bushra’s research interests include cloud computing, cyber security, forensics and cryptography. She in one of the inventors for “Volatile Memory Erasure by Controlling Refreshment of Stored Data” Patent submitted to US Regular Patent. AlBelooshi also published and participated in many national and international conferences.
Take control of your cyber career and get on the fast track to success. Countering tomorrow's Cyber threats requires a novel way of thinking. We teach how to efficiently hunt threats and identify anomalous network behavior using data science. We create force multipliers. We transform analyst into automating machines.