DARPA is soliciting innovative research proposals in the area of theoretical foundations, principled algorithms, and evaluation frameworks that significantly improve the robustness of machine learning systems to adversarial attacks. Proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. Specifically excluded is research that primarily results in evolutionary improvements to current practices.
The GARD program will develop a new generation of defenses against deception attacks on machine learning (ML). The program is soliciting game-changing research proposals to develop theory, create defenses, and implement appropriate testbeds leading to robust, deception-resistant ML/AI algorithms. Proposed research should investigate defenses that address entire threat scenario classes. Specifically excluded is research solely focused on developing defenses to specific attacks rather than addressing broad issues of defensibility.
The growing sophistication and ubiquity of ML components in advanced systems dramatically increase capabilities, but as a byproduct, also increases the potential for new vulnerabilities. The current era of adversarial AI focuses on approaches where imperceptible perturbations to ML inputs could deceive an ML classifier, significantly altering its response. Such results have initiated a rapidly proliferating field of research characterized by ever more complex attacks that require progressively less knowledge about the ML system being attacked, while proving increasingly strong against defensive countermeasures.
In summary, GARD’s purpose is to encourage both development of underlying theory and to functionally and substantially improve ML defensibility, leading to a new generation of defense approaches beyond current mathematical and algorithmic thinking.
Deadlines:
o Abstract Due Date: February 26, 2019, 12:00 noon (ET)
o Proposal Due Date: April 11, 2019, 12:00 noon (ET)
GARD has three objectives:
1. Create a sound theoretical foundation for defensible AI.
2. Develop principled, general defense algorithms.
3. Produce and apply a scenario-based evaluation framework to characterize which defense is most effective in a particular situation, given available resources. GARD defenses will be evaluated using realistic scenarios and large datasets.
. Technical work under GARD has been organized into two technical areas (TAs):
Each abstract and proposal submitted against this solicitation shall address only one TA. Organizations may submit multiple abstracts/proposals to any one TA, or they may propose to both TAs. TA1 proposals may address either TA1.1, TA1.2, or both.
While a proposer may submit proposals for both technical areas, a particular proposer (as identified by Commercial and Government Entity (CAGE) Code), if selected for TA1 (including either TA1.1 or TA1.2), will be unable to be selected as a performer for any portion of TA2. This selection process is intended to avoid organizational conflicts of interest (OCI) situations between the research TA and the integration and evaluation activities, as well as to ensure objective test and evaluation results.
DARPA welcomes engagement from all responsible sources capable of satisfying the Government's needs, including academia (colleges and universities); businesses (large, small, small disadvantaged, etc.); other organizations (including non-profit); other entities (foreign, domestic, and government); FFRDCs; minority institutions; and others.
DARPA anticipates multiple awards for TA1 and a single award for TA2. The level of funding for individual awards made under this solicitation has not been predetermined and will depend on the quality of the proposals received and the availability of funds. Awards will be made to proposers whose proposals are determined to be most advantageous to the Government, all factors considered, including the potential contributions of the proposed work, overall funding strategy, and availability of funding. See Section V for further information.
