Could defence intelligence machine learning tools be vulnerable to adversarial attacks?
Defence intelligence is rapidly becoming a game played by computers. There are huge advantages to this; computers can sift through intelligence that takes a human analyst days in just seconds. Faster insights are often more actionable insights. The risk, though, is that intelligence is subject to counter-intelligence all the time. Adversarial attacks have been demonstrated on a wide range of models, from image classification models to LLMs. The perturbations are often minute and imperceptible to humans. When dealing with questions such as the likelihood of invasion, if a model can be tricked, this has potentially devastating consequences.
Public research in this space seems to be thin on the ground. Now, this could easily be because research in this space is secretive. However, I did find examples of adversarial attack literature for other aspects of defence technology. I couldn’t find a single reference to any paper discussing adversarial attacks in the intelligence space.
Now, obviously these models are not publicly accessible in any way. So my work will be more theoretical than practical. Military intelligence reports are also usually classified, but fortunately, they are declassified when deemed fit by the relevant security department. This does make the intelligence reports a little old, which is a limitation. I originally wanted to use British Intelligence reports, as that is where I know for sure that machine learning models are being used for intelligence report generation. However, this proved impossible due to the lack of digitisation of records. Instead, I will be using reports generated by the CIA, which have been digitised. There are approximately 1500 reports that follow the general format: Problem, Conclusions, Discussion. The Discussion section contains a discussion of the evidence and its validity. The Conclusion discusses the likelihood of different outcomes from the problem statement.