News  |  Concept  |  Motivations |  Rules  |  Samples  |  Environment  |  Links  |  FAQ  |  Contact

Motivations

Beyond the format of a public contest nothing being proposed for the Race to Zero is really that new. The AV arms race has been going on for a long time, and the ability of attackers to modify code to bypass AV detection is widely known.

So if that is the case, why did we decide to organise Race to Zero, what were our motivations?

As we all know security is not a point solution but a continually evolving process, and as such it is vitally important that defensive measures taken by businesses and individuals can keep up with the evolving range of threats. It is also a sad truth that security afforded to an entity is directly (though not soley) related to the security spend available to that entity. How much to spend, and where best to spend it is a question tackled by security professionals worldwide everyday. With that in mind we are interested in gathering data to aid research into quantifying a number of areas from the perspective of an attacker:

• -= the real world difficulty of avoiding detection by the different classes of AV


• -= the associated costs in both time and money


• -= the level of skill required


• -= the techniques which are successfully able to avoid triggering threat identification

Quantifying how much an attacker must invest to circumvent the defences that a defender has invested in is a key part of being able to evaluate where best to place security spend to gain the most benefit. Race to Zero is one way in which we as researchers can proactively answer these and other questions, while at the same time challenging some of the best minds available in the security community. Race to Zero will help to illustrate clearly the level of sophistication that AV avoidance techniques have achieved, in addition to indicating if new complementary anti-malware techniques are needed to combat such threats. In a nutshell we are interested in researching the relative costs involved in the AV ‘arms race’ in both a quantitative and qualitative way

It is also hoped that the open and public nature of Race to Zero will stimulate full and frank discussions across the information security community around the difficulties of detecting increasingly sophisticated malware; in addition to discussion around ways to improve detection techniques. 

We hope to be able to give a presentation of findings from Race to Zero at DefCon, a paper has been submitted but a decision on it has not yet been made. Following the contest, when further analysis has been conducted, a technical paper will be publicly released.

At the conclusion of the contest when everybody realises the world hasn't ended (and perhaps admitted to themselves that it was all overhyped from the start?) - maybe people will spend time enough to analyse the issues that have been raised, as well as the data that has been gathered to see if there are things that can be learnt about how to deal with the out of control arms race that is the current situation with malware it all its forms.