# Project INF8225: tutorial
**Practical Black-Box Attacks against Machine Learning** 

This part presents the efforts done to reproduce the results of the paper and the additional work by our team.

**Challenges faced:**
*   A large challenge we faced was getting the environment set up to be able to run the code. As mentioned in below sections, there were several instructions that the developers had given that simply did not work for us. We ran into several errors including (but not limited to) dependency issues, version incompatibilities, library deprecations, etc. It was with a great amount of trial and error that we managed to run our experiments.
*   We also attempted to change the code to be able to run it on different models and datasets of choice, but this also produced many errors like those mentioned above. There was also the issue of the code being very tightly coupled that it would have required a large amount of refactoring to get it working cleanly.
*   Another issue we faced was low performance when running the code. For our experiments we had to choose the parameters with great care to ensure that we were passing realistic values that our hardware would be able to run. Several times, attempting to run some commands would leave execution running for a very long time, with no visible end to the training. In these cases, we would need to manually abort the command and try something else.


# Steps
**Note:** we tested this in both MacOS, Windows, and Ubuntu, and we were able to get it running in all three. 

## Set Up the Anaconda Environment
*   We recommend using Anaconda to simplify the set up process
(https://conda.io/projects/conda/en/latest/user-guide/install/)

*   Create a new conda environment with Tensorflow. The authors recommend a combination of Python 3.5 and TensorFlow {1.8, 1.12}. However, that didn't work for us and instead, we were able to get it working with the following configurations:
  *   Python 2.7 and Tensorflow 1.15
  ```
  $ conda create -n <env-name> tensorflow=1.15 python=2.7
  ```
  *   Python 3.8 and Tensorflow 1.15
  ```
  $ conda create -n <env-name tensorflow=1.15 python=2.7
  ```

 *(The authors also suggested to install Tensorflow with GPU support, but that also didn't work for us. Both configurations that we tried are the regular CPU versions of Tensorflow.)*

*   Activate the chosen environment:
  ```
  $ conda activate <env-name>
  ```

## Set Up the Cleverhans Code

There are several ways to set up the environment. Your options:

1.   Use pip to install the latest version that the authors uploaded to Pypi:
  ```
  $ pip install cleverhans
  ```
2.   Use pip to install the latest version that the authors uploaded to Pypi *(bleeding edge)*:
  ```
  $ pip install git+https://github.com/tensorflow/cleverhans.git#egg=cleverhans
  ```
3.   If you plan on making changes, fork the original repository from : https://github.com/tensorflow/cleverhans, then install the package locally. Our forked repository is on this link: https://github.com/miramarhaba/cleverhans
  ```
  $ git clone https://github.com/miramarhaba/cleverhans.git
  $ cd cleverhans
  $ pip install -e .
  ```

*(Please note that methods #1 and #3 did not work well for us. Each time we attempted them, we got several dependency and versioning errors during installation and execution. The method that worked best for us was #2).*

## Execution and Experiments

*   Navigate to your local cloned Cleverhans repository (either the clone of your forked version, or a clone of the original repository).
  ```
  $ cd cleverhans/cleverhans_tutorials
  ```

*   The cleverhans_tutorials directory contains several examples developed/maintained by the authors of the article and some developers from the Github community. For the purposes of this project, we used the mnist_blackbox example.
  ```
  $ python mnist_blackbox.py
  ```

*   You can customize different parameters in the run by adding them to the command, to override their defaults. Some examples:
  ```
  $ python mnist_blackbox.py --learning_rate 0.1
  $ python mnist_blackbox.py --holdout 150
  $ python mnist_blackbox.py --lmbda 0.1
  ```

*   To be more specific, we played with the following flags in our experiments:
 *   *--learning_rate*
 *   *--batch_size*
 *   *--nb_epochs*
 *   *--nb_epochs_s*
 *   *--data_aug*