Professional Documents
Culture Documents
Networks (GANs)
What Are Generative Adversarial Networks?
Generator Model
• A key element responsible for creating fresh, accurate data in a Generative
Adversarial Network (GAN) is the generator model.
• The generator takes random noise as input and converts it into complex data
samples, such text or images.
• The generator adjusts its output to produce samples that closely mimic real
data as it is being trained by using backpropagation to fine-tune its parameters.
• The generator’s ability to generate high-quality, varied samples that can fool
the discriminator is what makes it successful.
Architecture
Discriminator Model
• An artificial neural network called a discriminator model is used in Generative Adversarial
Networks (GANs) to differentiate between generated and actual input. By evaluating
input samples and allocating probability of authenticity, the discriminator functions as a
binary classifier.
• Over time, the discriminator learns to differentiate between genuine data from the
dataset and artificial samples created by the generator.
• This allows it to progressively hone its parameters and increase its level of proficiency.
Convolutional layers or pertinent structures for other modalities are usually used in its
architecture when dealing with picture data.
• The discriminator grows increasingly discriminating as a result of the generator and
discriminator’s interaction, which helps the GAN produce extremely realistic-looking
synthetic data overall.
ALGORITHMic IMPLEmentation
Full Code implementation on Google Colab: CLICK HERE
Different Types of GAN Models
MODE COLLAPSE
• Mode collapse happens when the generator focuses on producing a limited set
of data patterns that deceive the discriminator.
• It becomes fixated on a few dominant modes in the training data and fails to
capture the full diversity of the data distribution.
TRAINING INSTABILITY
• Several factors contribute to the instability of GAN training, including:
Vanishing gradients: The discriminator may become too powerful, leading to
vanishing gradients for the generator. This issue hampers the generator's
ability to learn and update its parameters effectively.
Applications
• Implement learning rate scheduling for the optimizers. This can help
stabilize training and achieve better convergence.
Weight Initialization
• Experiment with deeper or wider architectures for both the generator and
discriminator.
• Consider using transposed convolutions (nn.ConvTranspose2d) in the
generator instead of upsampling followed by convolutions.
Spectral Normalization
• Spectral Normalization is a weight normalization technique that scales the
weights in a neural network layer by the largest singular value (also known as
the spectral norm) of the weight matrix.
• Spectral normalization to the discriminator's convolutional layers can help
stabilize training and prevent mode collapse.
Loss Function Modification
• MalGAN leverages a substitute detector to fit the black-box malware detection system
and uses a generative network to minimize the malicious probabilities predicted by the
substitute detector.
• The authors conducted experiments using a dataset of 180,000 programs and
demonstrated that MalGAN is successful in generating adversarial examples that
significantly reduce the detection rate to nearly zero.
• They also compared the performance of MalGAN with a gradient-based algorithm and
found that MalGAN outperforms the gradient-based approach by achieving nearly
zero true positive rates on both training and test sets.
Training Procedure
• BBBenign is the set of programs that are recognized as benign by the black-box
detector, and BBMalware is the set of programs that are detected as malware
by the black-box detector.
• To train the substitute detector, LD should be minimized with respect to the
weights of the substitute detector.
• The loss function of the generator is defined in Formula 3.
Training Algorithm
Impact of retraining the black-box detector
on the effectiveness of MalGAN
• The impact of retraining the black-box detector on the effectiveness of MalGAN is
significant. The document highlights that when the black-box detector is retrained on
adversarial examples generated by MalGAN, it is able to detect all adversarial examples,
resulting in a true positive rate (TPR) of close to 100% on both the training and test sets.
• However, once the updated black-box detector is released publicly, malware authors can
retrain MalGAN to attack the new black-box detector.
• This dynamic adversarial process allows the black-box detector to hardly detect any
malware again, as the TPR can be reduced from 100% to 0% within one epoch during
retraining MalGAN.
More from the MalGAN research paper...
• Furthermore, the document emphasizes that the process of retraining the black-box
detector is time-consuming, as antivirus vendors need to collect enough adversarial
examples, label them, and retrain the detector.
• This provides adversarial malware examples with enough time to propagate before the
black-box detector is retrained and updated.
• Once the black-box detector is updated, malware authors can immediately retrain
MalGAN, and the experiments showed that retraining takes much less time than the initial
training.
Limitations of MalGAN
• Mode Collapse
• Training Instability
• Evaluation Metrics
• Hyperparameter Sensitivity
• Limited Understanding of Latent Space
• Training Time and Resources
• Sensitive to Initialization
• Ethical Concerns
SAGAN
Self-Attention Generative Adversarial Networks
Why do we need SAGAN?
Made by:
KARTIK BHASIN
(RESEARCH INTERN AT SAG, DRDO)
DTU (3rd Year)