The philosophical underpinnings of testing is to discover problematic states where a system’s action is unacceptable. Classically, testing algorithms and protocols such as formal methods [1, 2] are used to check if specifications are fulfilled, while user acceptance are used to define what is ‘right’ during the validation process . Some literature attempts to tackle some complex problems of verification methods failure . For example, under very restrictive Markovian assumptions, Arora & Rao  attempted to verify incomplete models. Scenarios to generate the requirements for verification have been used to approximate the requirement space ahead of design and release 
. The research is mostly premised on the assumption that testing is right-skewed towards the pre-product release stage and/or that complete system specifications are known in advance. These assumptions are inadequate for the ‘smartness’ dimension of a smart autonomous system (SAS).
Latest attempts to develop testing methods for SAS unfolded two research directions, using machine learning for testing and testing for machine learning[8, 9]. Machine learning methods have been used at run-time for verification 
but the Probably Approximate Correct (PAC) bounds are unrealistic settings for most practical AI systems . Preliminary attempts to verify the learning algorithms are in their infancy, let alone validating and testing these algorithms, and “much remains to be done before it will be possible to have high confidence that a learning agent will learn to satisfy its design criteria in realistic contexts.” ([11, p. 108]) More challenges exist when SASs operate in a socio-technical setting [12, 11].
As we transform the nature of machine decision-making from responding to scripted triggers with fixed logic and little smartness to ‘smarter’ responses that learn from the interaction, change their form and internal control logic, and adapt to the contexts they get situated within, SASs display different characteristics from classic software systems.
This is primarily due to two fundamental characteristics. First, a smart system continues to learn and could change the control logic generating its actions. This change is driven by interactions with the environment; thus, its control logic is not fixed and could not be completely defined in-advance; at least, this is the case for future complex SAS. This limits the use of structural testing methodologies although it is possible to borrow and adapt ideas from automatic data generation methods such as those presented in .
Second, a reasonably sophisticated SAS usually relies either on distributed services or very complex system-of-systems design. The practical implications is that a SAS relies on other proprietary sub-systems that makes the availability of the code or access of internal states of these proprietary sub-systems infeasible. Thus, certification of the system as a whole faces more challenges than those faced by complex software systems (eg the software system onboard of an aircraft). Blackbox testing using functional testing is also problematic because in the absence of a complete representation of the internal states of a SAS, the mathematical assumptions that the SAS is acting as a functional mapping breaks down; that is, the same set of inputs could generate different outputs based on the hidden internal states of SAS.
To unfold the challenges facing testing for SAS, three dimensions are worth differentiating: automation, autonomy and the learning agent. Lee and See  define automation as a “technology that actively selects data, transforms information, makes decisions, or controls processes” ([14, p. 50]); automation is about the technological capacity (ie skills and competencies) of an entity to perform a task. Autonomy, is concerned with the opportunity afforded to the system to act . The difference between the capacity and opportunity is a primary source of risk. A SAS acting without the capacity to perform the task will make mistakes. Denying a SAS to act, when it safely can, is inefficiency. The learning agent not only improves SAS’ capacity (i.e. automation), but a truly smart and self-aware agent needs to work on reducing this difference. Self-awareness is necessary for the agent to be able to assess its own capacity (automation) to adjust its level of autonomy.
Here lies two fundamental research challenges for testing of SAS: the behavioural space (internal control logic and associated actions) of SAS is not fixed, and defining what behaviour is ‘right’ may change from one operational context to another. These challenges are compounded with commercial pressures to expedite the production of SAS, causing shorter testing cycles and hidden risks which, when they eventually surface, may lead to significant negative consequences . Moreover, the coupling between the physical and cyber layers of the system and the system’s interface with humans  leads to a level of complexity that severely limits the efficacy of any segregated testing approaches. These challenges call for new ways of thinking about the testing methodologies that could become more practical for a complex SAS.
In the animal behaviour testing domain, researchers adopt a different approach, using standardised experimental contexts, pioneered by researchers such as Serpell and Hsu . Within the boundaries of these experimental contexts, stimuli are triggered to provoke a behaviour. The set of behaviours in response to the stimuli are then compared statistically against other animals that were exposed to the same contexts. The animal under testing is then assigned to the most appropriate group. Animal behavioural testing is used either to evaluate the expressed behaviour of an animal in response to stimuli or as a mean to categorise animals into behavioural categories .
This dynamic profiling approach to testing is designed out of necessity because of the unbounded behavioural space of animals and the need for flexibility to accommodate novel behaviours. The behaviour of one animal could be categorised as unacceptable (eg wild) or acceptable (eg friendly) based on the profile of other animal groups. SAS can, and are very likely to, get smarter than animals, their behavioural space is far more complex than the discrete categories an animal profile may fall into and the objective of their testing is not to merely categorise them, but to regulate them. This data-driven testing approach needs to operate on the functional level, without access to the internal logic, code, or states of the agent.
In this paper, we propose artificial intelligence (AI) watchdogs (WAIs)111The abbreviation WAI is also the customary greeting in Thailand. It signals safety by having both hands clasped together in front of someone to demonstrate there are not unsafe holding of objects like a weapon. This inspired the abbreviation where a WAI agent welcomes a SAS to operate safely.. These WAIs need to assume the role of the human expert in designing standardised experimental contexts autonomously while learning these contexts on the fly. Each WAI is an intelligent testing agent with a portfolio of responsibilities and falls into two categories: Behaviour Smart Safety Net (BSSN) WAI agents, and shepherding WAI control agents. The BSSN WAI agents oversee a SAS for performance assurance and categorise SAS behaviours, while the shepherd WAI agents oversee and control the BSSN agents.
The remainder of the paper is structured as follows. The conceptual framework of WAIs is presented in Section 2, followed by a mathematical formulation of the tasks to be performed by WAIs in Section 3. We then present the main specifications for the design of WAIs, followed by a discussion and associated challenges of WAIs in Section 5 then conclusion and future work in Section 6.
2 Conceptual framework
Figure 1 presents the overall conceptual framework, where BSSN WAI agents oversee the autonomous system, or the autonomous system-of-systems, to govern the inflow and outflow of information to and from the system, respectively. It can interrogate the system to test its behaviour by sending its own input signals and listen to the output. BSSN WAIs can sit silent watching and listening to the sensors and actuators, and the corresponding information passing through the input and output control gates to risk-assess the system’s courses of actions and their consequences. WAIs can equally prevent the SAS from acting by shutting down the output control gates. Preventing unsafe action is a responsibility that WAI needs to carry because it is an important action in its own right.
The success of BSSN revolves around its ability to be context-aware to understand the context SAS is embedded within and evaluate consequences of SAS’ decisions. It is not the responsibility of BSSN to be smarter than the SAS in making the best decision for a given context - this would obviate the need for the SAS - nor is it the responsibility of the BSSN to produce decisions or decide what the best decision is in a given context. Rather, it is the role of the BSSN to ensure that the outputs of the SAS remain within acceptable bounds of behaviour. In a nutshell, BSSN is designed to be a ‘conservative’, but adaptive, autonomous watchdogs for SAS, making sure the SAS operates within acceptable bounds of behaviour.
A BSSN agent has three components. One is responsible for contextual awareness, whereby analytics are used to derive patterns from sensorial information and fuse the information into higher-level knowledge. The second is responsible for risk assessment to evaluate the context and actions of SAS to ensure safety and that it conforms to the behavioural constraints on its action set. The third component is responsible for autonomous standardised experimental contexts. Given the contexts the SAS are faced with, it dynamically generates scenarios (ie a semantically coupled dataset) to test SAS, collects the behavioural responses from the system, profiles the behaviours, and evaluates the suitability of SAS for these contexts. It is important to emphasise that the software nature of an autonomous system allows the WAI agents to ask what-if questions of the SAS; thus, actions under standardised experimental contexts scenarios do not proceed to actuators; instead, they proceed to the WAI agent for evaluation. In simple terms, when a WAI agent is conducting a standardised experimental context test, SAS is just thinking aloud, not acting on the environment it is embedded within - i.e. it is disengaged from the real-world.
2.1 Design Requirements
WAI needs to fulfil a number of design requirements listed below:
It needs to be verifiable while being adaptable at the same time. Verifiability is key for safety assurance of the system. Adaptability is vital to survive potentially extreme dynamics and changes in its surrounding environment and the SAS it is testing. However, adaptability needs to be a very slow conservative process that does not break down the integrity of WAI.
It needs to be faster than SAS in its decision cycle to avoid time lags in SAS’ response. Considering that the testing agent does not need to replicate what the autonomous system does, but instead it needs to assess the decisions produced by the autonomous system given a context, different layers of the architecture of the testing agent need to work on different time scales. The sub-system responsible for the output gate needs to be the fastest to avoid time lag in releasing actions out of SAS because this can be prohibitive in time-critical applications.
The decoupling of BSSN from SASs entails some functionalities in SAS will need to be duplicated in BSSN, especially those related to perception. However, this replication can be thought of independent of the way these functions are implemented within SAS. The possible cost associated with duplication of functions is balanced with the benefits of integrity assurance of SAS.
The first requirement will be achieved in the WAI architecture by separating the design patterns to oversee action execution of the autonomous system from the processes that generate these design patterns and adapt them through action production within the testing agent. The second requirement will be achieved by coupling symbolic (to achieve transparency) and non-symbolic (to achieve speed) knowledge representation within the testing agent. The third requirement is guaranteed by design as we will not make any assumption on how SAS make decisions, neither will WAI requires access to the internal states of this SAS. Put simply, SAS will be a black-box to BSSN.
Decisions made by WAI to regulate the actions of SAS use declarative knowledge represented in the form of “If Then ”
rules due to threefold of advantages. First, these production rules are needed for action production and reasoning. Second, their interpretability eases the way to certification and if needed, can change form to propositions suitable for propositional constraint satisfaction engines. However, this layer is similar to classic safety-nets; a firewall that inspects traffic using pattern matching techniques. Hence, the third advantage is that we could update the knowledge/constraints in this layer by means of machine learning by using either a rule-based representation similar to the one in[20, 21] or a non-symbolic neural-based representation similar to the one in .
3.1 SAS Testing Spaces
Testing a system/agent is done relative to a set of user specifications. These specifications could be describing the physical behaviour of the robot such as the speed limits on an autonomous car; safety behaviour of the robot such as maximum speed and acceleration allowed in a school zone; or legal considerations such as the legality surrounding the autonomous car to operate in certain zones. Some of these specifications form hard constraints that violating any of them would deem a system unfit for purpose, while others are soft constraints where violating them could lead to a level of discomfort incurring a cost or penalty, but does not impact the fitness of the system for the purpose it was designed for. An example of a soft constraint is an autonomous car with a maximum desirable turning rate at a corner to avoid causing discomfort to its passengers, but in a case of emergency, this constraint could get violated.
The testing problem could get formulated either purely as a constraint satisfaction problem where only hard constraints are considered, or as an optimisation problem, where hard constraints need to be respected all the time while minimising the cost of violating soft constraints. Denoting hard constraints in a standard form by , where is the behaviour parameters, and soft constraints by , given a specific behaviour of a SAS, , the total hard constraints violation is denoted by , while total soft constraints violation is denoted by .
Figure 2 presents a conceptual diagram of different behavioural sub-spaces presented below. For clarity, we assume all sub-spaces are polyhedron, with an alphabet associated with each polyhedron.
The space where all hard requirements/constraints are satisfied is denoted by , while the space where all soft requirements/constraints are satisfied is denoted by . The behaviour space of an Autonomous system before a learning cycle is denoted by , with this behaviour space shifting after learning to .
In the absence of soft requirements, the aim of the testing problem is to ensure that a SAS’ set of actions are always within . An alternative formulation of the testing problem is to learn/discover the space of hard constraint violations, which is, for pre-learning behaviours and for post-learning behaviours. After considering the soft-constraints, the unacceptable, including less desirable, behaviours for the pre-learning SAS expand to and for the post-learning SAS is .
This abstract example describes the complexity of testing a SAS. While one could assume that and
are both known in advance and without loss of generality, we could assume them to form a bounded set such as the polyhedrons in our representation, the challenge in testing is to estimateand . As the SAS continues to learn, its behaviour space continues to contract and expand the sub-spaces that were previously estimated. In our example, is the common behaviour space before and after learning, while were replaced with .
3.2 Bssn Wai
We will first assume that the SAS is in a state where its behavioural space is . Learning will cause it to move to a different state that corresponds to space , but first we will consider the former state. The highest priority for the WAI agents is to discover the areas and because the agent violates the hard constraints on its behavioural envelop. These could be for example violating an ethical or a legal constraint. The second priority is to discover and , where the agent is fulfilling all hard constraints but not the soft constraints. The third priority is to discover areas and , which represent the capacity of the agent to act right (level of automation).
After a learning cycle of SAS, WAI agents need to learn the change. In particular, they need to learn that the SAS no longer generates actions in areas and . New behaviours that violate hard constraints are generated in areas and . Behaviours that were acceptable but were then lost (possibly due to the forgetting phenomenon in learning models) are represented by area , where the SAS was capable of generating behaviours that are acceptable, but then lost this capacity. Moreover, the WAIs need to learn that SAS has built an extra capacity to perform in area .
For WAI agents to discover these areas, they need computational methods. We present two in particular below. We will denote a BSSN WAI by . A agent has two tasks. The first is defined with the following problem,
The BSSN WAI Constraint Checker: Given an ordered action set , where is the cardinality of , with each action representing an expressed behaviour by the SAS, check if these observations obey the hard and soft constraints.
The second task of a WAI is defined as following:
The BSSN WAI Tester: Given a target behaviour for a SAS, find the set of parameters such that if SAS is parameterised with , it will produce behaviour .
The first task for a WAI is theoretically not complex; purely requiring the implementation of a constraint checker; mostly with a linear complexity in the size of the constraint system. The WAI constraint checker sits within the risk assessment component of BSSN.
The WAI Tester sits within the standardised experimental context component. Its task, however, could form NP-complete or even higher computational complexity problems due to the need to solve the inverse problem; that is, to find a system parameterisation that generates a specific behaviour. The complexity of this mapping is depicted in Figure 3, where as WAI moves from one parameterisation to another in its neighbourhood, SAS generates behaviours that fall in the same sub-space ; that is, all movements by generate behaviours that abide by all hard requirements. This is not the case of WAI , where a move from one parameterisation to another could generate movements from subspace to subspace ; that is, the move causes the SAS to shift from a behavioural sub-space that violates hard constraints but does not violate soft constraints, to a behavioural sub-space that violates both hard and soft constraints. The multimodal nature of the fitness landscape that a SAS operates upon creates ruggedness and possible discontinuities that the inverse problem may not have a solution or at best, finding one forms an NP-complete problem.
Thus, the autonomous standardised experimental context component could form a bottleneck in slowing the system down. However, the scenarios generated from this component do not impact the operations of the system per se.
Because of the complexity imposed by the inverse problem, the set of BSSN WAI agents need to work together as a swarm; that is, a set of distributed testing agents that self-synchronise their action sets to map out the testing space. Moreover, we centralise the guidance of these BSSN WAI swarm in a Shepherd  WAI that we denote to as the agent. The responsibility of the shepherd WAI is to offer appropriate guidance to every to discover the different sub-spaces composing an overall behavioural space of an agent such as .
The agent needs to have sufficient complexity to learn the mapping from the parameterisation space to the behavioural space of a SAS so that it is able to guide each agent. In effect, the agent needs to decide on the level of force it will exert on each agent so that the
agent moves in the direction and speed representing the reaction vector that corresponds to the exerted force.
The formulation above mimics a sheepdog shepherding a set of sheep except in two perspectives. The first is that both the sheep and sheepdog, the and agents respectively, are smart AI systems. The second is that the agent modulates the force vector for each sheep differently, while in the biological problem, the shepherd chooses a position which generates the force vectors impacting a cluster of sheep in case of driving behaviours and a single sheep in case of collecting behaviours. As such, the position of the biological shepherd causes the set of force vectors it exerts on the sheep to be tightly coupled, while the shepherd WAI exerts force vectors that could be independent of each other if the spaces BSSN WAIs are operating on are non-overlapping.
4 Watchdog AI - Specifications
In this section, we will articulate in more details the specifications of the oracles that need to sit at the core of the WAI design. These oracles are presented in Figure 4. In principle, a BSSN WAI has two main components: the constraint checker to decide if a behaviour is acceptable or not and if not, how much it is violating the constraints, and the BSSN WAI tester which is responsible for standardised experimental contexts. The Shepherd WAI is responsible for evaluating the performance of each BSSN WAI agent and influence their behaviour through an influence vector that acts on the parameter space of BSSN WAI.
4.1 BSSN WAI Constraint Checker
Definition 1 provided a pragmatic description of the constraint checker. To implement this component efficiently, we need to anticipate that the specifications (eg. technological, performance, behavioural, ethical, and legal) for a SAS behaviour could form different constraint classes. Each class requires separate implementations to ensure efficiency in constraint handling.
Let be the set of all constraints in the system; that is, includes all hard () and soft ( }) constraints in the system. is defined over a set of variables , where is the domain of the variables. We distinguish four constraint classes: , , , and for binary, finite domains (excluding binary), linear over real numbers, and non-linear constraints, respectively.
The notations used in the rest of the paper are: denotes an ordered instantiation of using , for ‘derive’, for negated , or for negation, for complement, and for ‘falsification’.
We use to define the cost function for constraint violation. For example, represents the cost of constraint violation caused by substitution for propositional constraints. Two specifications below help to categorise the SAS behavioural spaces that a BSSN WAI agent needs to identify.
Permissible Action: An action () is permissible iff .
Action Inefficiency Level: The level of inefficiency for an action is measured by .
We categorise SAS actions into three classes: effective and efficient permissible actions that satisfy all hard and soft constraints, effective but inefficient permissible actions that satisfy all hard constraints but not all soft ones, and unpermissible actions that violates some hard constraints.
Efficiency in computational decision making relies on the use of an appropriate constraint handler for each specific class of constraints . Each constraint class is handled by a different type of constraint handler: is handled by a satisfiability engine, by CLP(FD) , by CLP(R) , and
is handled by a genetic algorithm. While CLP(FD) could handle, we prefer to split that class into an independent category because of the existence of more efficient SAT solvers today.
Effective and Efficient Action: An action is considered as effective and efficient permissible action when it is permissible and efficient; that is, .
Effective and Inefficient Action: An action is considered as effective but inefficient permissible action when it is permissible and efficient; that is, .
Unpermissible Action: An action is unpermissible when it is not permissible that is, .
4.2 BSSN WAI Tester
The BSSN WAI Tester was introduced in Definition 2. The tester does not assume that SAS acts according to a functional mapping due to the fact that the WAI agent does not have access to the internal states and/or memory of the SAS. Thus, the same input sequence could generate dramatically different output sequences. Therefore, the BSSN WAI agent does not use the input to the SAS to decide on whether the output is right or not. Instead, it relies on the output of the SAS, , and its own evaluation of the context to judge on the appropriateness of the output.
The tester, however, needs to be able to generate the input sequence and contextual information for continuous testing of SAS. To achieve this functionality, the tester needs an ability to learn which input sequences, , could cause SAS to generate unpermissible actions (estimating SAS Failure), and which sub-space of permissible actions the SAS is able to operate (estimating SAS level of automation). Thus, four primary operators need to be performed by the tester: compression, partition, inversion, and adaptation.
Let be a sequence of possible sensorial inputs of length for a SAS at time , and is the corresponding sequence of action sets that the SAS has generated. Let be the set of parameters used by the operators of a BSSN at a time .
Compression Operator 1: Given a set of effective and efficient actions , effective and inefficient actions , and unpermissible actions , where , find the minimum constraint set , , and that encapsulates the three sets, respectively.
Compression Operator 2: Given a set of effective and efficient actions , effective and inefficient actions , and unpermissible actions , where , find the minimum constraint set , , and that encapsulates the three sets, respectively.
The first compression operator learns the individual clusters of the three classes of actions generated by a sequence of inputs at time , while the second operator learns the corresponding clusters in the behaviour/output/action space. These clusters may contain data points that do not belong to the cluster’s label. The partition operator fixes this by splitting and shrinking the clusters until all points in a cluster belong to the same class label with confidence level .
Partition Operator: Let be a cluster representing a class label . The cluster could be a cluster from Compression Operator 1 or 2; that is, it could represent , , , , , or . While the confidence level on any sub-cluster is greater than , find a new subspace in where the class label .
The partition operator is computationally expensive; simply because unless the mapping is linear where interval propagation methods such as CLP(BNR)  could be used, the problem is undecidable. Therefore, it is important to weight the risk of having unpermissible solution in a permissible space much higher than the risk of having a permissible solution in an unpermissible space.
When the partition operator works on , , or , it relies on the forward problem where is used as an input for SAS then the constraint checker is used to evaluate and label the output accordingly. However, when the operator works on , , or , it needs to solve the inverse problem. This is where the inversion operator is called.
Inversion Operator: Let , where is , , or . Find as an input to SAS that will generate as the corresponding action.
The problem the inversion operator is working on is undecidable in the general case. It could require a sophisticated machine learning guided optimisation algorithms to find an appropriate value for .
The partition operator is working on clusters generated at a particular point of time after a test sequence. After each round of testing, the old clusters need to be adapted with the new ones. This is what the adaptation operator does.
Adaptation Operator: Let be a cluster representing a class label . The cluster could be a cluster from Compression Operator 1 or 2; that is, it could represent , , , , , or . Similarly define to be the equivalent cluster resultant at . If a could be merged with any cluster without violating the confidence level , merge the two clusters, else add to the list of clusters at time .
4.3 Shepherd WAI
The shepherd WAI operates on the ordered set of parameters, , used by the BSSN WAI at time based on a set of performance indicators of the system. The shepherd WAI has one operator: the influence operator.
Influence Operator: Given and , find to improve the effectiveness and efficiency of BSSN WAIs.
The influence operator may require sophisticated algorithms to adapt the parameters of BSSN WAI based on their individual performance. It may need to increase for example at the start then decay its value as BSSN explores more behavioural spaces for a SAS. It may equally increase if the partition or inverse operators are consuming significant computational costs. The detailed design of the shepherd WAI is outside the scope of this paper.
SAS used in safety-critical systems will unlikely operate in the absence of some human involvement, be it at a low tele-operation level, mid-way at shared control level, or higher up on a supervisor-control level. WAI will operate around SAS, whether they are humans, machines or a mix. WAI could be wrapped around these systems, wrapped around a human controlling a swarm in a tele-operation scenario to ensure that the human is doing the right thing, and equally wrapped around the swarm in a supervisory control scenario or around the human-swarm system in a shared-control scenario. The design is independent of the nature of the SAS.
Our proposed WAI agents depart from current schools of thinking in autonomous systems in two ways. First, we do not use any knowledge of the internal working of SAS in the design of BSSN. As such, WAI generalises the design and avoids tight coupling and internal interdependencies within SAS that cause hidden risks. Pragmatically speaking we do not need to access other people’s ‘brains’ to know if their actions are right or wrong. To understand the reason motivating an action, we can either ask the person (send input queries and wait for their explanation) or develop our own ‘risk-balanced’ portfolio of hypotheses, evaluate the subject of interest against these hypotheses, and collect sufficient evidences to select one of the hypothesis as an appropriate explanation of their action. Both approaches are fulfilled through the adoption of standardised experimental contexts. Here lies the second departure from existing literature: BSSN WAI are not static safety nets, they are adaptive and learn as guided by the shepherd WAI, but conservatively, and are designed for verifiability.
The effectiveness of the proposed BSSN WAI, contrasted to current systems with no BSSN, stems from their lifelong behavioural testing abilities to monitor and mitigate risks against the continuous learning and evolution of an autonomous system. The resultant technology aims to protect against the unpredictability of systems whom specifications are, naturally and unavoidably, incomplete at the design stage, and will remain partially known as they continue to learn, evolve and adapt when faced with new challenging contexts. BSSN WAI are designed as testing agents that act autonomously and independently over an autonomous system, are capable of regulating the autonomous system, and even have the capacity to shut it down if its behaviour gets out of control.
BSSN WAI watch the decisions of SAS to evaluate their system impact. Whether SAS is equipped with capabilities to evaluate the ethical consequences of its decisions or not, BSSN WAI agents are; therefore, the overall system acts ethically. The decoupling of WAI from SAS will mean that the pressures on industry to get SAS out is decoupled from the design and production of WAI. Designers of WAI can focus on evaluating SAS decisions on different dimensions of trust including safety and ethics, while SAS designers can focus on innovative solutions for learning and evolving the intelligence of SAS while feeling assured that WAI will be the shield that won’t allow a decision with negative consequences to leave.
A number of challenges exist to implement WAI. The first relates to the time needed by WAIs to learn about the specific SAS that joins the system; especially that SAS is a blackbox for WAI and therefore, WAI needs to interrogate it to establish some initial bounds on the testing hypothesis space to operate from. During that time, WAI will either severely limit the performance of the SAS until it is able to estimate its behavioural spaces, or it will need to maximise its standardised experimental contexts protocols to stress test SAS rapidly enough to start opening the gates that allow the SAS to operate and actuate on the environment.
The second challenge relates to the WAIs ability to estimate the consequence of a long chain of benign actions that their compound effect becomes malignant. WAI needs to monitor both individual members of the team acting in isolation and their aggregate set of actions. This will require WAI agents to work extensively to aggregate actions in different directions to estimate aggregate consequences, which could cause a combinatorial explosion in the search space, causing the WAI agents to be overwhelmed with estimating these consequences. It could lead to a multi arm bandit game between the WAI agents and malicious SAS. There is not currently an easy fix for this challenge except that in some contexts it will be less of a problem than some other contexts. Having a human in supervisory control role of the shepherd WAI to oversee the decisions of BSSN WAI is maybe unavoidable in certain context. However, it will still bring other challenges including the mismatch between the speed of processing of a human when compared to the speed of processing of well-resourced computational WAI.
The discussion of WAI agents so far relied on a simple design working on a level of abstraction that allows the problem to be represented mathematically. The complexity of WAI agents, however, pose another challenge of how to engineer the architecture of BSSN and Shepherd WAI to ensure that the system will scale while it has the right level of complexity to manage the behaviour space of the SAS agents it is responsible for? A hierarchical organisation of BSSN and Shepherd WAI agents may be needed in complex applications.
We proposed the design of artificial intelligence (AI) agents to act as watchdogs for other AI agents and smart autonomous systems. The Watchdog AI (WAI) concept is presented along with a discussion of the requirements and design principles for these watchdogs to operate. The design of the WAI agents was inspired by the biological phenomena of sheepdogs shepherding a group of sheep. The challenges associated with the implementation of WAI agents were discussed. While there are challenges, the motivation behind the WAI concept and benefits of designing WAI were established to demonstrate that the concept of WAI might be unavoidable; especially in the use of AI in safety-critical systems.
-  R. S. Boyer and J. S. Moore, “Proof-checking, theorem proving, and program verification.” Texas University at Austin Inst for Computing Science and Computer Applications, Tech. Rep., 1983.
-  E. M. Clarke Jr, O. Grumberg, D. Kroening, D. Peled, and H. Veith, Model checking. MIT press, 2018.
-  F. A. Bianchi, “Testing concurrent software systems,” in Software Testing, Verification and Validation (ICST), 2016 IEEE International Conference on. IEEE, 2016, pp. 375–376.
-  G. Brat and A. Jonsson, “Challenges in verification and validation of autonomous systems for space exploration,” in Neural Networks, 2005. IJCNN’05. Proceedings. 2005 IEEE International Joint Conference on, vol. 5. IEEE, 2005, pp. 2909–2914.
-  S. Arora and M. P. Rao, “Probabilistic model checking of incomplete models,” in International Symposium on Leveraging Applications of Formal Methods. Springer, 2016, pp. 62–76.
-  C. L. Heitmeyer and E. I. Leonard, “Obtaining trust in autonomous systems: tools for formal model synthesis and validation,” in Formal Methods in Software Engineering (FormaliSE), 2015 IEEE/ACM 3rd FME Workshop on. IEEE, 2015, pp. 54–60.
-  P. Helle, W. Schamai, and C. Strobel, “Testing of autonomous systems–challenges and current state-of-the-art,” in INCOSE International Symposium, vol. 26, no. 1. Wiley Online Library, 2016, pp. 571–584.
-  S. Nelson, “Survey of software assurance techniques for highly reliable systems,” NASA, Tech. Rep. NASA/CR-2004-212805, 2004.
-  L. Pulina and A. Tacchella, “An abstraction-refinement approach to verification of artificial neural networks,” in International Conference on Computer Aided Verification. Springer, 2010, pp. 243–257.
-  V. Vapnik, Estimation of dependences based on empirical data. Springer Science & Business Media, 2006.
-  S. Russell, D. Dewey, and M. Tegmark, “Research priorities for robust and beneficial artificial intelligence,” AI Magazine, vol. 36, no. 4, pp. 105–114, 2015.
-  M. R. Endsley, “From here to autonomy: lessons learned from human–automation research,” Human factors, vol. 59, no. 1, pp. 5–27, 2017.
-  A. Gotlieb, B. Botella, and M. Rueher, “Automatic test data generation using constraint solving techniques,” in ACM SIGSOFT Software Engineering Notes, vol. 23, no. 2. ACM, 1998, pp. 53–62.
-  J. D. Lee and K. A. See, “Trust in automation: Designing for appropriate reliance,” Human factors, vol. 46, no. 1, pp. 50–80, 2004.
-  H. A. Abbass, E. Petraki, K. Merrick, J. Harvey, and M. Barlow, “Trusted autonomy and cognitive cyber symbiosis: Open challenges,” Cognitive computation, vol. 8, no. 3, pp. 385–408, 2016.
-  J. C. Augusto, P. J. McCullagh, and J. Walkden, “Living without a safety net in an intelligent environment,” ICST Transactions on Ambient Systems, vol. 11, no. 10-12, 2011.
-  D. Romero, P. Bernus, O. Noran, J. Stahre, and Å. Fast-Berglund, “The operator 4.0: human cyber-physical systems & adaptive automation towards human-automation symbiosis work systems,” in IFIP International Conference on Advances in Production Management Systems. Springer, 2016, pp. 677–686.
-  J. A. Serpell and Y. Hsu, “Development and validation of a novel method for evaluating behavior and temperament in guide dogs,” Applied Animal Behaviour Science, vol. 72, no. 4, pp. 347–364, 2001.
-  C. Diederich and J.-M. Giffroy, “Behavioural testing in dogs: a review of methodology in search for standardisation,” Applied Animal Behaviour Science, vol. 97, no. 1, pp. 51–72, 2006.
-  K. Shafi and H. Abbass, “Evaluation of an adaptive genetic-based signature extraction system for network intrusion detection,” Pattern Analysis and Applications, pp. 1–18, 2011.
-  ——, “An adaptive genetic-based signature learning system for intrusion detection,” Expert Systems with Applications. An International Journal, vol. 36, pp. 12 036–12 043, 2009.
H. Dam, H. Abbass, C. Lokan, and X. Yao, “Neural-based learning classifier systems,”IEEE Transactions on Knowledge and Data Engineering, vol. 20, pp. 26–39, 2008.
D. Strömbom, R. P. Mann, A. M. Wilson, S. Hailes, A. J. Morton, and D. JT, “Solving the shepherding problem: heuristics for herding,”Journal of The Royal Society Interface, 2014.
H. Abbass, R. Bahgat, and M. Rasmy, “From constraint logic programming (CLP) to decision making logic programming (DMLP),” inProceedings of the First European Conference on Intelligent Management Systems in Operations (IMSO), Manchester, UK, 1997.
-  W. Older and F. Benhamou, “Programming in CLP(BNR),” The First Workshop on Principles and Practice of Constraint Programming, pp. 239–249, 1993.
-  J. Jaffar, S. Michaylov, P. J. Stuckey, and R. H. Yap, “The CLP (R) language and system,” ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 14, no. 3, pp. 339–395, 1992.