Margin based adversarial computer program

What is claimed is: 1. A system, comprising: a memory that stores computer executable components; a processor, operably coupled to the memory, and that executes the computer executable components stored in the memory, wherein the computer executable components comprise: an adversarial component that computes a perturbation that causes misclassification by a neural network classifier; a restoration component that determines a normal vector to a constraint contour developed by the neural network classifier; and a projection component that determines a tangential vector to the constraint contour. 2. The system of claim 1 , wherein the constraint contour separates input features from a first class and input features from a second class within a hyperplane, and wherein the adversarial component generates a convergence pathway through the hyperplane from an initial input to a nearest point on the constraint contour from an original input. 3. The system of claim 2 , wherein the adversarial component generates the convergence pathway to solve an optimization algorithm and compute the perturbation. 4. The system of claim 2 , wherein the convergence pathway comprises an iteration of the normal vector followed by the tangential vector. 5. The system of claim 2 , wherein the convergence pathway comprises a plurality of iterations of the normal vector followed by the tangential vector. 6. The system of claim 5 , wherein the restoration component re-determines the normal vector between iterations from the plurality of iterations, and wherein the projection component re-determines the tangential vector between the iterations from the plurality of iterations. 7. The system of claim 2 , wherein the adversarial component incorporates a box constraint when generating the convergence pathway such that the nearest point is an invariant point on the normal vector. 8. The system of claim 7 , wherein the initial input is generated by an initialization process selected from a group consisting of a deterministic input generation process and a random input generation process. 9. The system of claim 1 , wherein the computer executable components further comprise: a defense component that trains the neural network classifier using the perturbation. 10. A computer-implemented method, comprising: computing, by a system operatively coupled to a processor, a perturbation that causes misclassification by a neural network classifier; determining, by the system, a normal vector to a constraint contour developed by the neural network classifier; and determining, by the system, a tangential vector to the constraint contour. 11. The computer-implemented method of claim 10 , further comprising: generating, by the system, a convergence pathway through a hyperplane from an initial input to a nearest point on the constraint contour from an original input, wherein the constraint contour separates input features from a first class and input features from a second class within the hyperplane. 12. The computer-implemented method of claim 11 , wherein the convergence pathway comprises a plurality of iterations of the normal vector followed by the tangential vector. 13. The computer-implemented method of claim 12 , further comprising: re-determining, by the system, the normal vector between iterations from the plurality of iterations; and re-determining, by the system, the tangential vector between the iterations from the plurality of iterations. 14. The computer-implemented method of claim 13 , wherein the generating the convergence pathway solves is performed in accordance with an optimization algorithm to facilitate the computing the perturbation. 15. The computer-implemented method of claim 13 , further comprising: training, by the system, the neural network classifier using the perturbation. 16. A computer program product for computing a perturbation that causes misclassification by a neural network classifier, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to: generate, by the processor, a convergence pathway through a hyperplane from an initial input to a point on a constraint contour, wherein the hyperplane is developed by the neural network classifier, and wherein the convergence pathway comprises a normal vector to the constraint contour and a tangential vector to the constraint contour. 17. The computer program product of claim 16 , wherein the normal vector extends from the initial input towards the constraint contour to an intermediate point, and wherein the tangential vector extends from the intermediate point along a tangent plane to the constraint contour and towards the point, and wherein the point is a nearest point on the constraint contour from an original input. 18. The computer program product of claim 17 , wherein the program instructions cause the processor to: generate, by the processor, the initial input by an initialization process selected from a group consisting of a deterministic input generation process and a random input generation process. 19. The computer program product of claim 18 , wherein the program instructions cause the processor to: train, by the processor, the neural network classifier using the perturbation. 20. The computer program product of claim 19 , wherein generation of the convergence pathway is in a cloud computing environment.