TECHNOLOGY AREA(S): Air Platform, Battlespace

ACQUISITION PROGRAM: CTO - AI Transformational Thrust Areas

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop innovative and operationally efficient approaches to exploit weaknesses in an adversary�s neural network-based cognitive sensing systems, and by association, techniques to protect our own systems from deception.

DESCRIPTION: The 2018 National Defense Strategy notes the challenge presented by new technologies such as big data analytics, artificial intelligence, and autonomy. Because of the lower barriers of entry, the utilization of these approaches are moving at accelerating speed. [Ref 1] These technologies are enabling the development and fielding of a class of cognitive sensing systems. A variety of neural networking approaches are being employed as the basis for the underlying machine learning. In many instantiations, these sensing systems train continuously while operational in an unsupervised fashion in an effort to gain maximum additivity to a dynamic threat environment. For example, concepts for true cognitive electronic warfare systems envision a neural network-driven sensor that �should be able enter into an environment not knowing anything about adversarial systems, understand them and even devise countermeasures rapidly�. [Ref 2] Obviously as our adversaries field these systems, we will seek methods to counter them and in the same vein as we develop the very adaptive systems, we must understand their vulnerabilities and take steps to mitigate threats. It has been shown that neural network-based classifiers can be fooled by subtle undetected adversarial training leading to sensor responses that are inappropriate or incorrect. These vulnerabilities are widely recognized and the research community has proposed many defenses that attempt to detect and defend the network from adversarial training. �Unfortunately, most of these defenses are not effective at classifying adversarial examples correctly.� [Ref 3] We must better understand how to exploit these fundamental blind spots in the training algorithms which adversary might utilize and how to protect our own system from such deception. Consider undetectable adversarial training techniques as well as other approaches when designing a solution.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by DoD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DSS and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advanced phases of this contract.

PHASE I: Conceptually develop robust and operationally feasible approaches to defeat emerging cognitive sensor systems by exploiting weaknesses of these high data-driven neural network approaches. Perform an unclassified proof of concept demonstration to show the scientific and technical merit of candidate approaches. Consider undetectable adversarial training techniques as well as other approaches in the design. The Phase I effort will include prototype plans to be developed under Phase II.

PHASE II: Perform detailed development and demonstrate algorithm performance in terms of ease of operational implementation, effectiveness in degrading system performance, and adaptability. Consider candidate cognitive sensor systems in electronic warfare and radar. Consider how own systems might be protected from such deception while maintaining advantages of cognitive system adaptability. Demonstrate the algorithms in high-fidelity, operationally representative scenarios. Prepare a detailed concept of operations describing the implementation of the approach in the field and potential challenges in its implementation.

Work in Phase II may become classified. Please see note in the Description.

PHASE III DUAL USE APPLICATIONS: Implement algorithmic approaches and concepts to defeat adversarial cognitive-based systems into Navy operation systems and concepts of operations. Incorporate methods to protect our own cognitive based sensors from exploitation. The same general techniques are applicable to a wide range of data-driven cognitive systems including commercial applications utilizing internet-based data mining.

REFERENCES:

1. Summary of the 2018 National Defense Strategy of the United States of America. https://dod.defense.gov/Portals/1/Documents/pubs/2018-National-Defense-Strategy-Summary.pdf

2. Pomerleau, M. �What is the Difference Between Adaptive and Cognitive Electronic Warfare?� C2/Comms, December 16. 2016. https://www.c4isrnet.com/c2-comms/2016/12/16/what-is-the-difference-between-adaptive-and-cognitive-electronic-warfare/

3. Carlini, N. & Wagner, D. �Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods.� University of California, Berkeley, 1 November 2017.� https://arxiv.org/pdf/1705.07263.pdf

KEYWORDS: Cognitive Sensors; Radar; Electronic Warfare; Electronic Support Measures; Deception; Behavior Manipulation