Contemporary combat systems carry an increasing amount of tactical computing and electronics potentially vulnerable to cyber-attacks. While current cyber-defense operations address in non-real time the needs for detection and response to cyber incidents affecting traditional IT systems, securing the fast expanding Internet of Military Things (IoMT) requires very short response times, and accurate decision making under strong operational, computing and energy constraints. The deployment of efficient detection and response capacities on embedded systems requires the design of lightweight resident Artificial Intelligence (AI) agents, trained specifically for these environments and capable of automating the detection and response loop in the absence of timely available human expertise. NATO’s IST-152 Research Task Group (2016-2020) on “Intelligent, Autonomous and Trusted Agents for Cyber Defense and Resilience” (AICA) initiated this concept between 2016 and 2020. The research yielded an AICA Reference Architecture (Kott et al., 2018). Later, an international working group formed to continue work on AICA (see https://www.aica-iwg.org/). Yet this highly conceptual architecture was not yet set into practice. The growing use of Unmanned Vehicles (UxV) in modern conflicts however revives the need for time sensitive autonomous decision at the edge of systems evolving in environments saturated with Cyber-Electromagnetic Threats (CEMA). To reduce UxVs exposure and augment their chances of survival in contested battlefield, remote control is progressively replaced by individual (autonomous) and collective (swarm) intelligent navigation techniques. While AI is seen as an essential capability for the survival of these proliferating objects, adversarial AI discipline unveils targeted evasion techniques to lure and hide from embedded AI. In short we need cyber-defense agents that are altogether frugal, accurate, adaptive, explainable, collaborative, and robust. This is the challenge addressed by AIDA project.

The proposed solution relies on three types of AI agents: a white agent, a red agent, and a blue agent. The white agent is a foundation model that is trained against massive data to develop a broad set of human-like capacities such as threat analysis, detection rule edition, incident qualification and response planning. Cyber-defense analysts prompt a Large Language Model (LLM) upon identification of new threats to produce tailored detection rules and response plans in seconds instead of hours. A Retrieval Augmented Generation (RAG) procedure restricts LLM sources to qualified knowledge bases. A reward system based on human feedback reinforces the model toward good decisions. From this white agent, smaller, more specialized agents will be derived that aim to perform narrow cyber-defense routines at the edge of IoMT. Unlike the white agent, blue agents need to operate in resource-constrained environment in an autonomous manner. We will use pruning and unlearning techniques to minimize the resource requirements of blue agents and obfuscation techniques to reduce their exposure to reverse engineering. Wherever needed, they will be fine-tuned to their environment of destination across land, sea, air, space and cyber domains. Yet as we may lack quantitative attack data, we will craft a third type of agent, whose role will be to generate attacks. The red agent will be trained in a simulated environment placed in adversarial setup with blue agents to develop offensive AI strategies. This Generative Adversarial Networks (GAN) setup will reinforce blue agents’ successful defense strategies, challenge their individual and collaborative defense objectives, and strengthen their robustness towards evasion attacks.

To conclude, the AIDA system involves an LLM (white agent), adversarial generative AI (red agent) and a Multi-Agent System (blue agents) in mission-critical activities landing in 5 military domains. Among other applications, the system aims to protect combat aircraft against CEMA threats with severe safety implications. Continuous improvement and responsible use of AI are enabled by reinforcement learning and RAG techniques. It reduces the exposure of modern military systems to emerging risks such as adversarial AI attacks.