Network Science and National Security Challenges and Opportunities

Delivered to the U.S. Government with Unlimited Rights, as defined in 25 April 2018 This material is based upon work supported by the Assistant Secretary of DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any Defense for Research and Engineering under Air Force Contract No. FA8702- copyright notice, U.S. Government rights in this work are defined by 15-D-0001. Any opinions, findings, conclusions or recommendations DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use expressed in this material are those of the author(s) and do not necessarily of this work other than as specifically authorized by the U.S. reflect the views of the Assistant Secretary of Defense for Research and Government may violate any copyrights that exist in this work. Engineering. Outline

• Introduction • National Security Network Science Applications • Case Study: Command (or Intel) Center of the Future • Summary

GraphEx National Security Keynote- 2 RAB 04/25/2018 National Security Challenges

US national security challenged by diverse and distributed threats

Russia • Motivated by lost Rogue Nations greatness, perceived • North Korea, Iran Homeland Security NATO threats, etc. • Growingly empowered by • Terrorism • Revanchism potential nuclear & missile programs • Law enforcement to become revisionism?

China Global Terrorism • Massive power shift from North Atlantic to Pacific • Many nations, environments, Belt of Unrest • Assertiveness now, aggressiveness motivations, etc. • Large, young, frustrated population in 20 years? • Desire to better control destiny & restore Muslim greatness

Network Science and Graph Algorithms have crucial roles to play in mitigating these threats

GraphEx National Security Keynote- 3 RAB 04/25/2018 Why in the World Graphs?

• Graphs provide a natural and expressive representation for networks & relational data • Often, it is precisely the relationships between data that matter (e.g. influence ops) • Often, graphs can be the most robust representations in the face of adversarial actions (e.g. for cyber attacks)

We make sense of the world by combining inter-dependent data-sets

Dense data (maps, images) + Sparse data (networks, relationships)

GraphEx National Security Keynote- 4 RAB 04/25/2018 National Security Involves Networks Everywhere Example: Networks in a Bioterrorist Attack

Early Indications and Warnings Response to an Attack

4 2 Bio Coordination across 17 networks 5 Terrorist Attack 6 3

1 Query Results

Example from XLab Program

7 Travel events

GraphEx National Security Keynote- 5 RAB 04/25/2018 Network Science and Graph Algorithms in National Security – Some Examples

National Security Area Network Science Roles What’s at Stake Homeland Security Cyber security Defending against major cyber attack against U.S. CT operations Defending against terrorist attack against U.S. WMD disaster response/forensics Countering the spread of disease (pandemics) National infrastructure ops Resilience in air traffic control, power grid, internet, etc. Russian Resurgence Counter influence operations Protecting democratic values at home & abroad Chinese Emergence Strategic and tactical intelligence Maintaining international political influence Conventional warfare C4ISR Preserving global deterrence Enhancing global political stability Improving warfighting effectiveness Preparedness and options in international crises Global Terrorism Sentiment analysis Increased global stability Belt of Unrest CT/CI operations (I&W) Maintaining international political influence CT/CI operations (forensics) Reducing danger to civilians abroad and allies Rogue Nations Indications and Warnings (I&W) Maintaining / providing options Missile defense Preserving global deterrence Preventing nuclear attack / WMD on the homeland

GraphEx National Security Keynote- 6 RAB 04/25/2018 CT/CI : counter terrorism / counter insurgency WMD: weapons of mass destruction Outline

• Introduction • National Security Network Science Applications – Cyber Security – Influence Operations – Brain Research & Bioinformatics • Case Study: Command (or Intel) Center of the Future • Summary

GraphEx National Security Keynote- 7 RAB 04/25/2018 A Few Specific National Security Network Science Applications

Cyber Security (Reconfigurable Networks) Influence Operations (Macron Leaks Retweets) Intel Analysis (Chinese Social Network)

Bioinformatics (Disease Network) Brain Science (Mouse Neocortex) Tactical Operations (Threat Networks)

• Social Networks • Ecological Networks • Electrical Power Grid • Pandemic, Sexual, etc. Networks • ATC Networks • The Internet • Circuit Networks • Metabolic Networks • Financial Networks • Communications Networks • Military Logistics Networks • Publishing Networks

GraphEx National Security Keynote- 8 RAB 04/25/2018 Cyber Adversarial SCenario modeling and Automated Decision Engine (CASCADE)

Network defense through

dynamic reconfiguration Measure Risk Combined CASCADE Iterations

Prototype Capabilities Technical Challenges • Dynamically quantifies risk in the face of an • Co-optimization of mission and network at huge adaptive cyber adversary network scales in real-time • Considers mission context to select optimal • Adversary awareness, incomplete information network segmentation • Attributed, time-varying, multigraph topology

GraphEx National Security Keynote- 9 RAB 04/25/2018 Influence Operations and Grey Zone Warfare

1 Countering Information Operations • Detection of information operations • Assessment of intent and impact • Assessment and execution of Counteractions

Adversary IO Tactics Exploit Cyber Social Media • Information manipulation; bias, slant, distortion, omission, and amplification • Hacking accounts and leaking information

Technical Challenges

• Data Collection & Network Construction − Data observability, volume, speed & variety − Building the relevant networks (fusion) • Network Sampling and IO Detection − Subsampling for statistical analysis at scale − Detection techniques Nation State adversaries using the internet and social • IO Characterization and Response media to wage sophisticated influence operations − Creating the IO narrative and assessing impact − Modeling and simulation of CoA 1excerpted from: Smith et al., Influence estimation on social media networks using causal inference, in Proc. IEEE SSP, to appear

GraphEx National Security Keynote- 10 RAB 04/25/2018 Bioinformatics for National Security

A few Connections between Graphs and Bioinformatics2 • Biological relationships can be captured as graphs, • pathway data (e.g., metabolic pathways, signaling pathways, gene regulatory networks), genetic maps and structured taxonomies. • Even laboratory processes can be represented as workflow process model… • Graphs and can be used to support formal representation for use in laboratory information management systems • Graphical databases can be used to link the large number of enormous biological related databases

A few National Security Graph Applications for Bioinformatics and Synthetic Biology • Rapid development of countermeasures against novel bio and chem threats • Detect and defeat engineered pathogens and biologics 1 Human disease network (such as proteins containing non-natural amino acids) • Read/write DNA for novel targeting/tracking/locating 1from: http://erj.ersjournals.com/content/44/3/775.figures-only • Custom protein design and production for therapeutics, 2 excerpted and modified from: https://www.ncbi.nlm.nih.gov/books/NBK25464/ accelerated vaccine development, decontamination

GraphEx National Security Keynote- 11 RAB 04/25/2018 Brain Science: Anatomy of the Brain Precursor to Understanding Operation

High Resolution Example Graph Processing Neuron Dataset Results Challenges

Z • Graph Formation: X Ø Dense clutter of intertwined axon fibers Ø High accuracy is required to trace long distance neural connections Ø Large volume (entire mouse brain ~1 PB) • Graph Processing Ø Brain structural organization; information flow and localization Y Ø Future experiments to investigate relationships between physiology and MIT Chung Lab and Lincoln Laboratory developing structure techniques for specimen preparation and automated long Ø Efficient algorithms at huge range neuron tracing scales (~100B neurons, >100T synapses)

GraphEx National Security Keynote- 12 RAB 04/25/2018 Summary of Graph Application Drivers

• Very large graphs – Information Operations à millions of edges, thousands of vertices – Brain Science à trillions of synapses, billions of neurons • Large graph analysis in real-time – Cyber security à ~seconds (at the speed of the effect propagation) – Tactical operations à seconds to hours (inside the opponent’s OODA loop) • Graphs of all types, combined – Information Operations à multiple sources of data, hidden components – Bioinformatics à attributed graphs, uncertainty and noise • Algorithms over dynamic graphs – Tactical and strategic operations à temporal emergence of threat, noise, uncertainty – Cyber security à reasoning across the time-frame of attack, active deception • Complex graph processes over attributed multigraphs – Cyber security à co-optimization of graph and mission – Tactical and strategic ops à graph topology analyses, causality, threat propagation, learning, …

GraphEx National Security Keynote- 13 RAB 04/25/2018 OODA: Observe, Orient, Decide, Act Outline

• Introduction • National Security Network Science Applications • Case Study: Command (or Intel) Center of the Future – Cognitive Computer-on-Watch – Graph Algorithm Challenges • Summary

GraphEx National Security Keynote- 14 RAB 04/25/2018 A Few Specific National Security Network Science Application Areas

Cyber Security (Reconfigurable Networks) Influence Operations (Macron Leaks Retweets) Intel Analysis (Chinese Social Network)

Bioinformatics (Disease Network) Brain Science (Mouse Neural Network) Tactical Operations (Threat Networks)

GraphEx National Security Keynote- 15 RAB 04/25/2018 The CommandFuture Cognitive Air Operations Commander’s Center Aide

Ingest, Extraction, AI Knowledge Store & Enrichment Analytics & Planning

C Scalable E D Dynamic Collect C2

Indications & Warnings Learning & Feedback AI/Big Data Analytics Query & Explanation Planning, COAs, … Tasking

Text & Weather Social Media Surge ISR

Decision Ground Maritime Making

Strike

Air Space

Non-Kinetic HUMINT Cyber Operations

GraphEx National Security Keynote- 16 RAB 04/25/2018 http://www.acc.af.mil/News/Article-Display/Article/199674/12th-air-force-prepares-for-blue-flag-exercise/ The Future Cognitive Commander’s Aide

AI Capabilities Operational Impact

Ingest, Extraction, AI • Automated large-scale Knowledge Store • Increased efficiency & Enrichment Analytics data collection & Planning • 24/7 alertness

B • Real-time, human-level A performance at large C • Earlier I&W E D scales Scalable Dynamic Collect C2 • Faster response • Military-specific AI algorithms • Automated re-planning

• The AI “agent” is part of the team

Text & Weather Social Media Surge ISR

Decision Ground Maritime Making

Strike

Air Space

Non-Kinetic HUMINT Cyber Operations

GraphEx National Security Keynote- 17 RAB 04/25/2018 http://www.acc.af.mil/News/Article-Display/Article/199674/12th-air-force-prepares-for-blue-flag-exercise/ Cognitive Computer-on-Watch

A cognitive assistant to support 24/7 command, control, and intelligence analysis

Observe Orient Decide Act

Sense-Making & Perception Memory Analysts and Surge ISR Decision Support Decision Makers

PAI Cyber IMINT

Computer Language SIGINT Anomaly Reasoning Strike Vision Processing Detection GEOINT Ground Maritime Ale rts PAI OSINT HUMINT

Speech Signal Pattern COA Non-Kinetic Information Storage Air Space Recognition Processing Recognition Analysis Operations

Explanation / Exploration Feedback / Query specification

1. Serves as architectural framework & capability for both Intelligence Analysis and Command & Control application 2. Accesses multiple data sources at regional scales in real-time, uses graphs as the canonical representation, combines AI and advanced graph algorithms, and interfaces with user at a near-peer level

GraphEx National Security Keynote- 18 RAB 04/25/2018 COA – Courses of Action PAI – publicly available information Cognitive Computer-on-Watch Graph Algorithm and Network Science Challenges

A cognitive assistant to support 24/7 command, control, and intelligence analysis

Observe Orient Decide Act

Sense-Making & 1 Perception 2 Memory 3 Analysts and Surge ISR Decision Support Decision Makers

PAI Cyber IMINT

Computer Language SIGINT Anomaly Reasoning Strike Vision Processing Detection 3 1 GEOINT 4 Ground Maritime Ale rts PAI OSINT HUMINT

Speech Signal Pattern COA Non-Kinetic Information Storage Air Space Recognition Processing Recognition Analysis Operations 4 Explanation / Exploration Feedback / Query specification 4

1 Acquisition / Perception: 2 Memory: 3 Sense-Making & Decision Support: 4 Influence / Effect: 1. Automated, user-directed 1. Efficient storage and 1. Graph analytics addressing 1. Feedback at all levels intelligent acquisition of data access of multi-graphs issues of scale, timeliness, 2. Problem / task definition 2. Extraction of graph elements 2. Support for graph query uncertainty, incompleteness, 3. Search and discovery & graph formation 3. Large scale distributed adversary action, and SNR 4. User-directed intervention 3. “Registration” across databases 2. Reasoning and COA support multiple modalities 3. Presentation to the user

GraphEx National Security Keynote- 19 RAB 04/25/2018 COA – Courses of Action PAI – publicly available information Human-Machine Interactions Analyst plays the central role

Automated graph User directed analysis at huge scales discovery

“Candidates”

1. Analyst applies context, defines the problem, the data to be collected, and directs search and discovery 2. Computer-on-watch (CoW) provides autonomous data acquisition and analytics (e.g. I&W alerts) 3. Need to be able to switch seamlessly between responding to alerts and deep exploration the threat 4. CoW assists analysts, supporting discovery and understanding, discerning use patterns, making recommendations and correlations, etc. 5. The “OODA” loop continues iteratively with continual refinement and refocus as new information and tasks emerge

GraphEx National Security Keynote- 20 RAB 04/25/2018 Data Acquisition and Graph Construction

Acquisition Numerous Graph Construction Challenges Data Collection Systems requirements depend on the task • Learning the graph that succinctly captures the information and structure of the underlying data- space and builds the best representation is a major open research challenge − Axiomatic approaches − Semi-supervised learning methods − Adapting from metric-space approaches • Big challenges include • Dealing with temporal scale • Entity resolution • Hidden link discovery • Uncertainty, noise, scale, and dimensionality • Linking across multiple modalities in a principled way

• Collection asset management / coordination 1. Ultimately, the optimal representations are tuned Data • Rejection of noise and clutter, collection of signal to the tasks at hand. Collection 2. The data presentation needs to address the • Data observability, volume, speed, and dynamics Technical cognitive role of the analyst Challenges • Multi-modal data: Text, imagery, audio, video, classified • Multi-modal registration (space and time)

GraphEx National Security Keynote- 21 RAB 04/25/2018 Human-Machine Interfaces (HMI) Many Ways to Look at One Network**

Graph Presentation and Understanding Technical Challenges

• Presentation promotes perception − Topology may be main point − Anomalies, patterns, clusters,… − Multiple linked views − Customization for the domain & user • Huge scales − Detail suppression, summarization − Dynamic graphs − Multi-D “Corner turning” • Query system − Search (inexact, continual) − Navigation (with suggestions) − Confidence measures & transparency − Learning the user

HMI technical challenges span multiple disciplines from psychology to presentation layout to visual analytics to processing power

GraphEx National Security Keynote- 22 RAB 04/25/2018 **From Crouser, … Anomaly Detection using Graph Algorthms1 One Example of an Important Analytic capability for Computer on Watch

1Graph based Anomaly Detection and Description: A Survey; Leman Akoglu · Hanghang Tong · Danai Koutra

Terrorist networks Logistics networks Defense networks Coordinated attack Biological networks Neural networks Power grid Etc.

Numerous anomaly detection techniques exist based on network representations and graph algorithms, but operational systems pose several challenges (aka research opportunities)

GraphEx National Security Keynote- 23 RAB 04/25/2018 Graph Anomaly Detection Techniques Dynamic Graphs

1Graph based Anomaly Detection and Description: A Survey; Leman Akoglu · Hanghang Tong · Danai Koutra

Source: Graph-based anomaly detection and description: a survey Leman Akoglu · Hanghang Tong · Danai Koutra

GraphEx National Security Keynote- 24 RAB 04/25/2018 Graph Algorithms for Anomaly Detecion Technical Challenges

• Defining the signal – Difficult in open-ended situations • Dealing with clutter, noise, uncertainty, and incompleteness – Often the CNR and / or SNR is very low • Testing and Validation – Some situations are “low resourced” (e.g. a terrorist attack) • Anomaly detection in dynamic attributed graphs – New research area with all of the issues above and more – What is the right “window” for the signal? • Related to dynamism, detection of novelty or structure (vs. anomaly) may be the focus – Sometimes it is an emerging new pattern that is of interest – Sometimes it is the dynamic behavior of a pattern • Computational and database efficiency and scalability are cross-cutting challenges

GraphEx National Security Keynote- 25 RAB 04/25/2018 Summary

• US national security challenged growing threats worldwide – Network Science and Graph Algorithms have crucial roles to play in mitigating these threats • Network science applications for national security span a huge space, from – Cyber security and information operations, to – Biological systems and brain science, to – Strategic and tactical intelligence and decision support , and – Many more… • Case Study: Command (or Intel) Center of the Future – A future cognitive Computer-on-Watch will combine advanced AI and graph algorithms • Numerous research challenges (aka opportunities) need to be addressed – Scale, complexity, uncertainty, noise, dynamics, adversary role,… – The cognitive link between the user and graph representations – The sematic link between the underlying data spaces and the graph representations • Graph algorithms and networks provide powerful tools and representations for understanding a complex and inter-related world

GraphEx National Security Keynote- 26 RAB 04/25/2018 Back-ups

GraphEx National Security Keynote- 27 RAB 04/25/2018 Example of Key Research Areas U.S. Army Perspective1

GraphEx National Security Keynote- 28 RAB 04/25/2018 Why Graphs?

• Data are inter-related – Networks are everywhere : social networks, communication networks, genomic networks, … – Even if not a network, data objects are often related • Sensor detections, objects in images and video, words in audio or documents etc. exhibit spatio-temoral and semantic relationships • Everything you might put in a database! • Graphs provide a powerful representation of networks and relational data – Naturally represent relationships – Can extend to multi-graphs, attributed graphs, probabilistic graphs, temporal graphs, etc. to accommodate a rich variety of dependencies and correlations • Relational nature of problem domain – In many problems domains it is explicitly the relationships between the data that matters for e.g. the influence that one object may exert on another object • Graphs can be more robust in the face of adversarial action – Multiple relationships can withstand attack against a few – Multiple relationships can make it hard for the adversary to “spoof” the system

GraphEx National Security Keynote- 29 RAB 04/25/2018 Graph Anomaly Detection Techniques1 Static Graphs

1Graph based Anomaly Detection and Description: A Survey; Leman Akoglu · Hanghang Tong · Danai Koutra

GraphEx National Security Keynote- 30 RAB 04/25/2018