# Network Adversary Generator
> A Pytorch implementation of Network Adversary Generator CVPR 2018.

- toc: true 
- badges: true
- comments: true
- categories: ["Adversarial Machine Learning"]
- image: images/notebook/nag/Collage_perturbation.v1.png

# Introduction

#### Paper Abstract: 
Adversarial perturbations can pose a serious threat for deploying machine learning systems. Recent works have shown existence of image-agnostic perturbations that can fool classifiers over most natural images. Existing methods present optimization approaches that solve for a fooling objective with an imperceptibility constraint to craft the perturbations making it very hard to defend.


#### Motivation
Current Approaches for crafting adversaries for a given classifier generate only one perturbation at a time, which is a single instance from the manifold of adversarial perturbations. In order to build robust models, it is essential to explore diverse manifold of adversarial perturbations. This work can be of very useful, when we are using adversarial trainning, where the cost of generation of adversaries is high(Depends on the attack). With this approach, we will be able to generate adversarial noises from the learned distribution of adversarial perturbations. 


#### Key Results: 
The author's demonstrate that perturbations crafted by this model
1. achieve state-of-the-art fooling rates
2. exhibit wide variety 
3. deliver excellent cross model generalizability.


#### Aproach

The architecture of the proposed model is inspired from that of GANs and is trained using fooling and diversity objectives. The trained generator network attempts to capture the distribution of adversarial perturbations for a given classifier and readily
generates a wide variety of such perturbations. 


![Proposed approach](resources/nag.png)

- **Core idea is to model the distribution of universal adversarial perturbations for a given classifier.**
- The image shows a batch of B random vectors {z}<sub>B</sub> transforming into perturbations {delta}<sub>B</sub> by G which get added to the batch of data samples {x}<sub>B</sub>.
- The top portion shows adversarial batch (X<sub>A</sub>), bottom portion shows shuffled adversarial batch (X<sub>S</sub>) and middle portion shows the benign batch (X<sub>B</sub>). The Fooling objective **Lf** and Diversity objective **Ld** constitute the loss. 
- **Note:** The target CNN (f) is a trained classifier and its parameters are not updated during the proposed training. On the other hand, the parameters of generator (G) are randomly initialized and learned through backpropagating the loss. (Best viewed in color).

*Note: Printable Version of the Entire Code disccused can be found Here: [Link](https://gokkulnath.github.io/NAG_Pytorch/)*

*Github Repo : https://github.com/Gokkulnath/NAG_Pytorch*

### Generator 
- Architecture of the generator (G): Model that is to be trained and remains unchanged for different target CNN architectures.



![DCGAN](resources/DCGAN.png)

### Choice of Hyperparameters
- The architecture of the generator consists of 5 deconv layers. The final deconv layer is followed by a tanh non-linearity and scaling by epsillon (10)


### Setting up Discriminator : Model : Architecture


#### Validating Model and Metrics; Ablation Studies Discussion

- Fooling Rate


- Pretrained Generator Weigths for Googlenet, Resnet50, VGG16 and VGG19 Avalaible as a Kaggle Dataset
- Link : https://www.kaggle.com/gokkulnath/nag-pytorch-pretrained

**Execute the following line after setting up kaggle api key to get the dataset**
```kaggle datasets download -d gokkulnath/nag-pytorch-pretrained```

### Interpolating Latent Dimension for NAG 
> youtube: https://youtu.be/2lojORAu8vA

# Obtained Perturbations
![](resources/Collage_perturbation.v1.png)

## References:
- Official Code Repo : https://github.com/val-iisc/nag
- GAN Architecture : Pytorch Tutorial
- [Transpose Convolution Docs](https://pytorch.org/docs/stable/nn.html?highlight=convtranspose2d#torch.nn.ConvTranspose2d)