Machine Learning Security Evasion Competition Contest Official Rules

MICROSOFT MACHINE LEARNING SECURITY EVASION COMPETITION CONTEST

OFFICIAL RULES

1. SPONSOR

These Official Rules (“Rules”) govern the operation of the Microsoft Machine Learning Security Evasion Competition Contest (“Contest”). Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052, USA, is the Contest sponsor (“Sponsor”).

2. DEFINITIONS

In these Rules, "Microsoft", "we", "our", and "us" refer to Sponsor and “you” and "yourself" refers to a Contest participant, or the parent/legal guardian of any Contest entrant who has not reached the age of majority to contractually obligate themselves in their legal place of residence. By entering you (your parent/legal guardian if you are not the age of majority in your legal place of residence) agree to be bound by these Rules.

3. ENTRY PERIOD

The Contest starts at on June 15, 2020 Anywhere on Earth (AoE) and ends on September 18, 2020 AoE (“Contest Period”).

The Contest Period consists of two separate Contest Challenges with Entry Periods as follows:

Defender Challenge: June 15 AoE–July 23 AoE

Attacker Challenge: August 6 AoE–September 18, 2020 AoE

4. ELIGIBILITY

To enter, you must be an IT pro enthusiast or developer, 18 years of age or older. If you are 18 years of age or older but have not reached the age of majority in your legal place of residence, then you must have consent of a parent/legal guardian.

Employees and directors of Microsoft Corporation and its subsidiaries, affiliates, advertising agencies, and CUJO LLC, MRG Effitas Ltd., and VMRay Inc. (”Contest Parties”) are not eligible, nor are persons involved in the execution or administration of this promotion, or the family members of each above (parents, children, siblings, spouse/domestic partners, or individuals residing in the same household). Void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, and where prohibited.

5. HOW TO ENTER

The object of the Contest is to create or modify software to most effectively detect (Defender Challenge) or evade detection of (Attacker Challenge) malicious binaries. Performance will be measured by the judging criteria listed below.

Follow these steps to create and submit an entry into a Contest Challenge:

Defender Challenge

1. Visit the Contest Website at https://mlsec.io/ and follow instructions to register, accept the Terms of Use, and download the Contest software code (“Defender”) to your machine.

2. Use your skills to create or re-write example code to detect evasive variants of the Contest Malware as follows:

a. Download an example solution from the Contest Website for detecting malware.

b. Modify the solution based on instructions in the code and incorporating your own novel additions to catch malware samples and their evasive variants.

c. Test your solution offline using the instructions provided and malicious and benign sample sets of your own choosing. Submissions will not be accepted that do not meet the following conditions when tested by Microsoft and Contest Parties:

i. The model must perform at a false negative rate not exceeding 10% (“Maximum FN rate”) and a false positive rate not exceeding 1% (“Maximum FP rate”),when evaluated against samples curated by Microsoft and Contest Parties.

ii. For any query up to 2097152 bytes (2 MiB, “Maximum File Size”), the model must return a response within 5 seconds (“Maximum Query Time”).

d. Build a docker image by following the instructions in the downloaded code.

3. Visit the Contest Website and follow instructions to submit an entry into the Defender Challenge by uploading a docker image within the Entry Period.

4. Only one entry per contestant or team is valid for the Defender Challenge. Microsoft and Contest Parties reserve the right to discard additional submissions from the same contestant or team.

Attacker Challenge

1. Visit the Contest Website at https://mlsec.io/ and follow instructions to accept the Terms of Use and download the Contest software code and malware set (“Attacker” and “Malware”) to your machine.

2. Use your skills to modify Malware or the automated malware manipulation code to evade machine learning models hosted by Microsoft and Contest Parties, including those submitted during the Defender Challenge.

3. By automated or manual means, modify malicious binaries in a way that preserves functionality as follows:

a. Use the Contest Website API to check whether your modified binaries evade one or more hosted machine learning models. Example code is provided to automate this process. Since each API query to a model may decrease your chance of winning, you should verify locally that your samples evade the offline surrogate model using the code provided.

b. Upload your evasive variants to the Contest Website to validate that the samples still exhibit malicious behavior. Since each submission to the Contest Website may decrease your chance of winning, verify locally in a sandbox environment that your modified binaries are still functional.

5. Visit the Contest Website and follow instructions to submit an entry into the Attacker Challenge within its Entry Period.

Entries must be received with in the Entry Period to be eligible. You must submit a separate and unique entry into each Challenge.

The entry limit is one unique entry per person per Contest Challenge.

Any attempt by any you to obtain more than the stated number of entries by using multiple/different accounts, email addresses, identities, registrations, logins, or any other methods will void your entries and you may be disqualified. Use of any automated system to submit fraudulent entries is prohibited.

We are not responsible for excess, lost, late, or incomplete entries. If disputed, entries will be deemed submitted by the “authorized account holder” of the email address, social media account, or other method used to enter. The “authorized account holder” is the natural person assigned to an email address by an internet or online service provider, or other organization responsible for assigning email addresses.

6. ELIGIBLE ENTRY

To be eligible, an entry must meet the following content/technical requirements:

· Your entry must be your own original work; and

· Your entry cannot have been selected as a winner in any other contest; and

· You must have obtained any and all consents, approvals, or licenses required for you to submit your entry; and

· To the extent that entry requires the submission of user-generated content such as software, photos, videos, music, artwork, essays, etc., entrants warrant that their entry is their original work, has not been copied from others without permission or apparent rights, and does not violate the privacy, intellectual property rights, or other rights of any other person or entity. You may include Microsoft trademarks, logos, and designs, for which Microsoft grants you a limited license to use for the sole purposes of submitting an entry into this Contest; and

· Your entry may NOT contain, as determined by us in our sole and absolute discretion, any content that is obscene or offensive, violent, defamatory, disparaging or illegal, or that promotes alcohol, illegal drugs, tobacco or a particular political agenda, or that communicates messages that may reflect negatively on the goodwill of Microsoft.

7. USE OF YOUR ENTRY

We are not claiming ownership rights to your entry. However, by submitting an entry, you grant us an irrevocable, royalty-free, worldwide right and license to use, review, assess, test and otherwise analyze your entry and all its content in connection with this Contest and use your entry in any media whatsoever now known or later invented for any non-commercial or commercial purpose, including, but not limited to, the marketing, sale or promotion of Microsoft products or services or those of any other Contest Parties, without further permission from you. You will not receive any compensation or credit for use of your entry, other than what is described in these Official Rules

By entering you acknowledge that the we may have developed or commissioned materials similar or identical to your entry and you waive any claims resulting from any similarities to your entry. Further you understand that we will not restrict work assignments of representatives who have had access to your entry and you agree that use of information in our representatives’ unaided memories in the development or deployment of our products or services does not create liability for us under this agreement or copyright or trade secret law.

Your entry may be posted on a public website. We are not responsible for any unauthorized use of your entry by visitors to this website. We are not obligated to use your entry for any purpose, even if it has been selected as a winning entry.

8. WINNER SELECTION AND NOTIFICATION

Pending confirmation of eligibility, potential prize winners in each Challenge will be selected by Microsoft or their Agent or a qualified judging panel from among all eligible entries received based on the following judging criteria:

Defender Challenge

· A submission will not be valid unless it achieves false negative error rates less than 10% (“Maximum FN rate”) and false positive error rates less than 1% (“Maximum FP rate”) using a set of malicious and benign samples curated by Microsoft and Contest Parties (“Holdout Set”).

· A submission will only be valid if the maximum query time as measured by Microsoft and Contest Parties across all samples in the Holdout Set does not exceed 5 seconds (“Maximum Query Time”). Furthermore, during the competition, any query up to 2097152 bytes (2 MiB, “Maximum File Size”) to a defender model that exceeds the Maximum Query Time will be reported to the requester as a negative result.

· Valid submissions are ranked according to the false negative rate on samples submitted by contestants during the Attacker Challenge. The Grand Prize will be awarded to the contestant or team whose solution achieved the lowest false negative rate, while the First Prize will be awarded to the contestant or team with the second lowest false negative rate.

· In the event of a tie for false negative rate, the Grand Prize will be awarded to the winning solution that has the lowest false positive rate on samples from the Holdout Set, and the First Prize will be awarded to the winning solution that has the second lowest false positive rate on samples from the Holdout Set.

· If necessary, subsequent tie-breaking will be based on last submission time of the contestant or team, with the earliest final submission time being awarded the prize. We reserve the right to break ties when necessary based on finer time precision than is specified on the Contest Website.

Offense Challenge

· Contestant submissions will earn a certain number of points. For each modified malware sample, constants will receive one point for each Defender model that it evades, so long as the modified malware sample has identical behavior to the original malware sample when run in the sandbox of the Contest Website.

· No points will be awarded for samples which do not produce the same behavioral indicators as an original sample in the malware sandbox. Behavioral indicators are determined by Microsoft and Contest Parties.

· Submissions are ranked according to total score. The Grand Prize will be awarded to the highest score, and the First Prize will be awarded to the second highest score.

· In the event of a tie between participants, the number of model API queries will be used to determine the winning solution, where the Grand Prize is awarded to the contestant with fewer queries.

Winners will be determined within 20 business days following the Entry Period of the Attacker Challenge. The decisions of the judges are final and binding. If we do not receive a sufficient number of entries meeting the entry requirements, we may, at our discretion, select fewer winners than the number of Contest Prizes described below. If public vote determines winners, it is prohibited for any person to obtain votes by any fraudulent or inappropriate means, including offering prizes or other inducements in exchange for votes, automated programs or fraudulent i.d’s. Microsoft will void any questionable votes.

Winners will be notified via the contact information provided during entry no more than 7 days following judging with prize claim instructions, including a request for a link to their published submission. Valid publication outlets include a document provided to Microsoft (for publication on a Microsoft website), a link to a publicly accessible internet website, such as https://github.com/ (e.g., for code), https://arxiv.org/ (e.g., for a whitepaper), or a blog post detailing the solution. Failure to publish within 15 days of notification will result in forfeiture of the prize.

If a selected winner cannot be contacted, is ineligible, fails to claim a prize or fails to return any forms, the selected winner will forfeit their prize and an alternate winner will be selected time allowing. If you are a potential winner and you are 18 or older but have not reached the age of majority in your legal place of residence, we may require your parent/legal guardian to sign all required forms on your behalf. Only three alternate winners will be selected, after which unclaimed prizes will remain unawarded.

9. PRIZES

The following prizes will be awarded:

Two Grand Prizes, one awarded per Challenge:

US$2,500 in Azure credits.

Two First Prizes, one awarded per Challenge:

US$500 in Azure credits.

We will only award two (2) prize(s) per person during the Contest Period. No more than the stated number of prizes will be awarded. No substitution, transfer, or assignment of prize permitted, except that Microsoft reserves the right to substitute a prize of equal or greater value in the event the offered prize is unavailable. Prizes are awarded “AS IS” with no warranty of any kind, either express or implied, including but not limited to, the implied warranties or merchantability, fitness for a particular purpose, or non-infringement. Prizes will be sent no later than 28 days after winner selection. Prize winners may be required to complete and return prize claim and / or tax forms (“Forms”) within the deadline stated in the winner notification. Taxes on the prize, if any, are the sole responsibility of the winner, who is advised to seek independent counsel regarding the tax implications of accepting a prize. By accepting a prize, you agree that Microsoft may use your entry, name, image and hometown online and in print, or in any other media, in connection with this Contest without additional payment or compensation to you, except where prohibited by law.

10. ODDS

The odds of winning are based on the number of eligible entries received.

11. GENERAL CONDITIONS AND RELEASE OF LIABILITY

You understand that the competition requires downloading, storing, manipulating, and/or executing malicious executables (“malware”). You agree that you will exercise appropriate industry practices for downloading, storing, manipulating, and/or executing malware, which may include

using a sandbox without internet connection or an operating system other than those compatible with Microsoft Windows for storing/manipulating portable executable (PE) files. The Contest Sponsor and Contest Parties shall have no liability whatsoever for any claims, losses, actions, damages, suits, or proceedings resulting from damage or loss caused by malware to your computer or computer network, or damage or loss caused by malware to other computers or computer networks owing to your distributing of original or modified malicious software. To the extent allowed by law, by entering you agree to release and hold harmless Microsoft and its respective parents, partners, subsidiaries, affiliates, employees, and agents and Contest Parties from any and all liability or any injury, loss, or damage of any kind arising in connection with this Contest or any prize won.

All local laws apply. The decisions of Microsoft are final and binding.

We reserve the right to cancel, change, or suspend this Contest for any reason, including cheating, technology failure, catastrophe, war, or any other unforeseen or unexpected event that affects the integrity of this Contest, whether human or mechanical. If the integrity of the Contest cannot be restored, we may select winners from among all eligible entries received before we had to cancel, change or suspend the Contest.

If you attempt or we have strong reason to believe that you have compromised the integrity or the legitimate operation of this Contest by cheating, hacking, creating a bot or other automated program, or by committing fraud in any way, we may seek damages from you to the full extent of the law and you may be banned from participation in future Microsoft promotions.

12. USE OF YOUR ENTRY

Personal data you provide while entering this Contest will be used by Microsoft and/or its agents and prize fulfillers acting on Microsoft’s behalf only for the administration and operation of this Contest and in accordance with the Microsoft Privacy Statement.

13. GOVERNING LAW

This Contest will be governed by the laws of the State of Washington, and you consent to the exclusive jurisdiction and venue of the courts of the State of Washington for any disputes arising out of this Contest.

14. WINNERS LIST

Send an email to [email protected] with the subject line “Machine Learning Security Evasion Competition Contest winners” within 30 days of September 18, 2020 to receive a list of winners that received a prize worth $25.00 or more.