Defeating Cognitive Sensors
Navy SBIR 2019.3 - Topic N193-143
NAVAIR - Ms. Donna Attick - [email protected]
Opens: September 24, 2019 - Closes: October 23, 2019 (8:00 PM ET)


TITLE: Defeating Cognitive Sensors


TECHNOLOGY AREA(S): Air Platform, Battlespace

ACQUISITION PROGRAM: CTO - AI Transformational Thrust Areas

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop innovative and operationally efficient approaches to exploit weaknesses in an adversary�s neural network-based cognitive sensing systems, and by association, techniques to protect our own systems from deception.

DESCRIPTION: The 2018 National Defense Strategy notes the challenge presented by new technologies such as big data analytics, artificial intelligence, and autonomy. Because of the lower barriers of entry, the utilization of these approaches are moving at accelerating speed. [Ref 1] These technologies are enabling the development and fielding of a class of cognitive sensing systems. A variety of neural networking approaches are being employed as the basis for the underlying machine learning. In many instantiations, these sensing systems train continuously while operational in an unsupervised fashion in an effort to gain maximum additivity to a dynamic threat environment. For example, concepts for true cognitive electronic warfare systems envision a neural network-driven sensor that �should be able enter into an environment not knowing anything about adversarial systems, understand them and even devise countermeasures rapidly�. [Ref 2] Obviously as our adversaries field these systems, we will seek methods to counter them and in the same vein as we develop the very adaptive systems, we must understand their vulnerabilities and take steps to mitigate threats. It has been shown that neural network-based classifiers can be fooled by subtle undetected adversarial training leading to sensor responses that are inappropriate or incorrect. These vulnerabilities are widely recognized and the research community has proposed many defenses that attempt to detect and defend the network from adversarial training. �Unfortunately, most of these defenses are not effective at classifying adversarial examples correctly.� [Ref 3] We must better understand how to exploit these fundamental blind spots in the training algorithms which adversary might utilize and how to protect our own system from such deception. Consider undetectable adversarial training techniques as well as other approaches when designing a solution.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by DoD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DSS and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advanced phases of this contract.

PHASE I: Conceptually develop robust and operationally feasible approaches to defeat emerging cognitive sensor systems by exploiting weaknesses of these high data-driven neural network approaches. Perform an unclassified proof of concept demonstration to show the scientific and technical merit of candidate approaches. Consider undetectable adversarial training techniques as well as other approaches in the design. The Phase I effort will include prototype plans to be developed under Phase II.

PHASE II: Perform detailed development and demonstrate algorithm performance in terms of ease of operational implementation, effectiveness in degrading system performance, and adaptability. Consider candidate cognitive sensor systems in electronic warfare and radar. Consider how own systems might be protected from such deception while maintaining advantages of cognitive system adaptability. Demonstrate the algorithms in high-fidelity, operationally representative scenarios. Prepare a detailed concept of operations describing the implementation of the approach in the field and potential challenges in its implementation.

Work in Phase II may become classified. Please see note in the Description.

PHASE III DUAL USE APPLICATIONS: Implement algorithmic approaches and concepts to defeat adversarial cognitive-based systems into Navy operation systems and concepts of operations. Incorporate methods to protect our own cognitive based sensors from exploitation. The same general techniques are applicable to a wide range of data-driven cognitive systems including commercial applications utilizing internet-based data mining.


1. Summary of the 2018 National Defense Strategy of the United States of America.

2. Pomerleau, M. �What is the Difference Between Adaptive and Cognitive Electronic Warfare?� C2/Comms, December 16. 2016.

3. Carlini, N. & Wagner, D. �Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods.� University of California, Berkeley, 1 November 2017.�

KEYWORDS: Cognitive Sensors; Radar; Electronic Warfare; Electronic Support Measures; Deception; Behavior Manipulation


Thomas Kreppel





Lee Skaggs





These Navy Topics are part of the overall DoD 2019.3 SBIR BAA. The DoD issued its 2019.3 BAA SBIR pre-release on August 23, 2019, which opens to receive proposals on September 24, 2019, and closes October 23, 2019 at 8:00 PM ET.

Direct Contact with Topic Authors. From August 23 to September 23, 2019 this BAA is issued for Pre-Release with the names of the topic authors and their phone numbers and e-mail addresses. During the pre- release period, proposing firms have an opportunity to contact topic authors by telephone or e-mail to ask technical questions about specific BAA topics. Questions should be limited to specific information related to improving the understanding of a particular topic�s requirements. Proposing firms may not ask for advice or guidance on solution approach and you may not submit additional material to the topic author. If information provided during an exchange with the topic author is deemed necessary for proposal preparation, that information will be made available to all parties through SITIS (SBIR/STTR Interactive Topic Information System). After this period questions must be asked through SITIS as described below.


SITIS Q&A System. Once DoD begins accepting proposals on September 24, 2019 no further direct contact between proposers and topic authors is allowed unless the Topic Author is responding to a question submitted during the Pre-release period. However, proposers may submit written questions through SITIS at . In SITIS, the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing.

Topics Search Engine: Visit the DoD Topic Search Tool at to find topics by keyword across all DoD Components participating in this BAA.

Help: If you have general questions about DoD SBIR program, please contact the DoD SBIR Help Desk at 800-348-0787 or via email at [email protected]