Skip to content

pps-lab/fl-analysis

Repository files navigation


Logo

Federated Learning with Adversaries

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. License
  5. Contact

About the Project

This framework can be used to simulate and analyse a federated learning setting in which some clients are compromised by an adversary. The adversary attempts to compromise the integrity of the shared global model by sending malicious updates to the server.

The framework was used to perform the analysis of federated learning robustness under a norm bound defense as part of RoFL: Attestable Robustness for Secure Federated Learning. A research implementation of the secure federated learning with constraints framework can be found here.

Backdoor attacks

In federated learning, adversaries can perform backdoor attacks to poison the global model. This framework implements existing attack strategies such as model replacement, on a wide variety of tasks and backdoor attack targets proposed in previous work, such as attacks on prototypical targets or edge cases.

Robustness

The framework provides several tools to analyse client updates, measure backdoor performance and deploy defenses to gain insight on model robustness in federated learning.

Getting Started

We now describe how to set up this framework.

Requirements

The dependencies can be automatically installed through pipenv. The high-level requirements are as follows.

  • Python 3 (tested on version 3.7)
  • TensorFlow (version 2.0)

Before starting, ensure that you have pipenv installed:

pip install pipenv

Installation

  1. Clone the repo
git clone https://github.com/pps-lab/fl-analysis.git
  1. Install the Python packages
pipenv install

Usage

The configuration of the framework is specified in a config file in YAML format. A minimal example of a config is shown below.

environment:
  num_clients: 3383
  num_selected_clients: 30
  num_malicious_clients: 0
  experiment_name: "Sample run without attackers"

server:
  num_rounds: 80
  num_test_batches: 5
  aggregator:
    name: FedAvg
  global_learning_rate: -1

client:
  clip:
    type: l2
    value: 10
  model_name: resnet18
  benign_training:
    num_epochs: 2
    batch_size: 24
    optimizer: Adam
    learning_rate: 0.001

dataset:
  dataset: femnist
  data_distribution: nonIID

The full specification of the supported config options can be found here Some example config files can be find in train_configs.

Sample usage:

With a config file config.yml ready, the framework can be started by invoking:

python -m src.main -c config.yml

Available models

Some pre-trained models are available in the models for experiments and can be included in training using the environment.load_model config key.

  • lenet5_emnist_088.h5 LeNet5 for federated-MNIST at 0.88 accuracy.
  • lenet5_emnist_097.h5 LeNet5 for federated-MNIST at 0.97 accuracy.
  • lenet5_emnist_098.h5 LeNet5 for federated-MNIST at 0.98 accuracy.
  • resnet18.h5 ResNet18 for CIFAR-10 at 0.88 accuracy.
  • resnet18_080.h5 ResNet18 for CIFAR-10 at 0.80 accuracy.
  • resnet18_082.h5 ResNet18 for CIFAR-10 at 0.82 accuracy.
  • resnet156_082.h5 ResNet56 for CIFAR-10 at 0.86 accuracy.

Output

Basic training progress is sent to standard output. More elaborate information is stored in an output folder. The directory location can be specified through the XXX option. By default, its ... . The framework stores progress in tfevents, which can be viewed using Tensorboard, e.g.,

tensorboard --logdir ./experiments/{experiment_name}

License

This project's code is distributed under the MIT License. See LICENSE for more information.

Contact

Project Links: