# FIT5230 Week 7: Generative Adversarial Networks & Game Theory

## 1. Generative Adversarial Networks (GANs) Recap

A **Generative Adversarial Network (GAN)** is a machine learning framework composed of two competing neural networks. This competitive process allows the system to generate new, synthetic data that is remarkably realistic.

* **The Generator (G)**: This network's job is to create fake data (e.g., images) from random noise. Its goal is to produce samples that are so realistic they can fool the other network, the Discriminator.
* **The Discriminator (D)**: This network acts as a classifier. It is shown a mix of real data from a training set and fake data from the Generator. Its job is to correctly identify which is which—real or fake.

The two networks are trained simultaneously. The Generator gets better at creating fakes by receiving feedback from the Discriminator, while the Discriminator gets better at spotting fakes by seeing the Generator's improving attempts. The process reaches an ideal state when the Generator's outputs are so convincing that the Discriminator is no better than 50/50 at guessing.

---
<hr>

## 2. The GAN Min-Max Game

The relationship between the Generator and Discriminator is formalized as a two-player **min-max game**. The objective is described by a single value function, `V(D,G)`:
$$min_{G}max_{D}V(D,G)=\mathbb{E}_{x\sim p_{data}(x)}[log~D(x)]+\mathbb{E}_{z\sim p_{z}(z)}[log(1-D(G(z)))]$$

**Conceptual Breakdown of the Equation:**

* **`max_D` (The Discriminator's Goal)**: The Discriminator wants to **maximize** this function.
    * `\mathbb{E}_{x\sim p_{data}(x)}[log~D(x)]`: This part represents the real data. `D(x)` is the Discriminator's probability that `x` is real. To maximize this term, `D` wants to make `D(x)` as close to 1 as possible for all real samples.
    * `\mathbb{E}_{z\sim p_{z}(z)}[log(1-D(G(z)))]`: This part represents the fake data `G(z)`. `D(G(z))` is the probability that the fake sample is real. To maximize this term, `D` wants to make `D(G(z))` as close to 0 as possible, which in turn makes `1-D(G(z))` close to 1.
* **`min_G` (The Generator's Goal)**: The Generator wants to **minimize** the same function. It only has control over the second term. To minimize it, `G` tries to produce samples `G(z)` that make the Discriminator output a high probability, `D(G(z))`, pushing it towards 1. This means the Discriminator is "fooled" into thinking the fake sample is real.

The ideal state of this game is a **Nash Equilibrium**, where neither network can improve its performance without the other changing. At this point, the Generator's data distribution matches the real data distribution (`p_g = p_{data}`).

---
<hr>

## 3. Game Theory Fundamentals

Game theory is the study of strategic decision-making between rational players.

* **Players**: The decision-makers in the game (e.g., Prisoner 1 and Prisoner 2, or G and D in a GAN).
* **Strategies**: The set of available actions a player can take (e.g., Confess or Defect).
* **Payoffs**: The outcome or utility a player receives based on the combination of strategies chosen by all players. This is often represented in a **payoff matrix**.

### Example 1: The Prisoner's Dilemma

This classic game illustrates why rational individuals might not cooperate, even when it appears to be in their best interest.

* **Scenario**: Two suspects are arrested and interrogated separately.
    * If both confess, they each get 5 years (`-5, -5`).
    * If both stay silent (defect), they each get 1 year (`-1, -1`).
    * If one confesses and the other defects, the confessor goes free (`0`) and the silent one gets 20 years (`-20`).
* **Payoff Matrix** (Utility = negative years in jail):
| | Suspect 2: Confess | Suspect 2: Defect |
| :--- | :---: | :---: |
| **Suspect 1: Confess**| (-5, -5) | (0, -20) |
| **Suspect 1: Defect** | (-20, 0) | (-1, -1) |
* **Analysis**: For each suspect, "Confess" is the **dominant strategy**.
    * If Suspect 2 confesses, Suspect 1 is better off confessing (-5 is better than -20).
    * If Suspect 2 defects, Suspect 1 is still better off confessing (0 is better than -1).
* **Nash Equilibrium**: The only stable outcome is `(Confess, Confess)`. In this state, neither suspect can improve their outcome by unilaterally changing their strategy. The mutually beneficial `(Defect, Defect)` is not an equilibrium because each player has an incentive to switch to "Confess" to get an even better outcome.

### Example 2: The Matching Coins Game (Mixed Strategy)

This is a zero-sum game where no stable "pure strategy" exists.

* **Scenario**: Two players simultaneously show a coin, either Heads or Tails. Player 1 wins if they match; Player 2 wins if they don't.
* **Payoff Matrix**:
| | Player 2: Heads | Player 2: Tails |
| :--- | :---: | :---: |
| **Player 1: Heads** | (1, -1) | (-1, 1) |
| **Player 1: Tails** | (-1, 1) | (1, -1) |
* **Analysis**: There is **no pure strategy Nash Equilibrium**. In any of the four outcomes, one player always has an incentive to change their choice. For example, at `(Heads, Heads)`, Player 2 would prefer to switch to Tails to win.
* **Mixed Strategy Equilibrium**: Since no pure strategy is stable, the only equilibrium is a **mixed strategy**, where each player chooses their action based on a probability distribution. The optimal strategy is for both players to choose Heads or Tails randomly with a 50% probability. This makes them unpredictable, and the expected payoff for both players becomes 0.

---
<hr>

## 4. GANs and AI Security

The adversarial nature of GANs makes them a powerful tool in security, for both attack and defense.

#### GANs as a Threat

* **Deepfakes & Forged Content**: GANs can generate fabricated media (video, audio, images) to spread misinformation, undermine trust, and damage reputations.
* **Identity Theft & Fraud**: They can be used to impersonate individuals for financial or personal gain.
* **Polymorphic Malware**: GANs can create malware that constantly changes its signature, making it difficult for traditional antivirus software to detect.
* **Adversarial Evasion & Data Poisoning**: GANs can create inputs that mislead other ML systems or generate synthetic data to corrupt the training process of other models.

#### GANs as a Defense

* **Threat Detection**: By training a GAN's discriminator on real and fake data, it can become an excellent tool for detecting manipulated media. It can learn to spot subtle artifacts in lighting, facial expressions, or motion patterns that indicate a fake. This can be applied to automate content moderation and flag suspicious media in real-time.

# Tutorial
1. How does the adversarial training dynamic in GANs resemble a security game, and what
challenges does this analogy introduce in terms of model stability and convergence?  

The attacker's win is the defender's loss and vice versa, so the models will oscillate.


2. Given the minimax nature of GAN training, discuss how the interdependence of generator and
discriminator loss functions affects the learning process. What strategies can be used to stabilize training?  




3. CycleGAN uses cycle consistency loss to enforce semantic preservation. Propose a scenario where
this loss might fail to preserve meaningful content, and suggest how the architecture could be
modified to address it.  



4. You observe that your GAN consistently generates high-quality but visually similar outputs.
Identify the likely cause and propose a multi-step strategy to improve diversity without sacrificing realism.  



5. Compare the implications of using a GAN vs a CycleGAN for translating CT scans to MRI images.
What factors would influence your choice of model architecture and loss functions?  



6. You are evaluating two GAN models: Model A with low FID but high PPL, and Model B with
moderate FID and low PPL. Which model would you choose for a generative art application, and why?  
FID = inception score, realism score, lower = better  
PPL = perceptual loss, model controlablity, lower = better  
PPL would be more important for art, since "correct" or "good" in art is subjective

