## Plan

- [x] FL base framework
- [x] implement non-iid sampling function following dirichlet dist

#### Attack simulation
- [x] untargeted model poisoning
    - Local model poisoning attacks to Byzantine-robust federated learning <br>
    https://github.com/vrt1shjwlkr/NDSS21-Model-Poisoning fang attack <br>
    krum-attack, trimmed-mean/median attack
- [x] targeted model poisoning
    - Analyzing federated learning through an adversarial lens <br>
    https://github.com/inspire-group/ModelPoisoning
- [x] data poisoning
    - DBA: Distributed backdoor attacks against federated learning <br>
    https://github.com/AI-secure/DBA
    
#### Defense baseline
- [x] FedAvg
- [x] Krum
- [x] Multi-Krum
- [x] Bulyan
- [x] Coordinate median
- [x] FLARE

#### Proposed method
- [x] extract PLRs
- [x] apply RBF hypersphere CKA

In [1]:
from IPython.display import display, HTML
display(HTML("<style>.container { width:90% !important; }</style>"))

In [2]:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Python version: 3.6


import os
os.environ["KMP_DUPLICATE_LIB_OK"]="TRUE"
import copy
import time
import pickle
import numpy as np
from tqdm import tqdm
from collections import OrderedDict

import torch
from tensorboardX import SummaryWriter

from options import args_parser
from update import LocalUpdate, test_inference, mal_inference
from models import MLP, CNNMnist, CNNFashion_Mnist, CNNCifar, Alexnet, modelC, LeNet5
from utils import get_dataset, get_mal_dataset, exp_details, flatten, construct_ordered_dict
from aggregate import fedavg, multi_krum, krum, coomed, bulyan, tr_mean, fed_align, fed_cc, flare, fltrust
from attacks import get_malicious_updates_untargeted_mkrum, get_malicious_updates_untargeted_med, get_malicious_updates_targeted
from cka import linear_CKA, kernel_CKA
# python src/federated_main.py --model=cnn --dataset=cifar --gpu=0 --iid=1 --epochs=10

import warnings
# warnings.filterwarnings('ignore')

# Targeted Model Poisoning Attack (label flipping)

In [7]:
class Args(object):
    
    # federated parameters (default values are set)
    epochs = 40
    num_users = 10
    frac = 1 # fraction of clients
    local_ep = 3 # num of local epoch
    local_bs = 100 # batch size
    lr = 0.001
    momentum = 0.9
    aggregation = 'mkrum' # trmean, flare, fltrust, fedcc fedavg, krum, mkrum, trmean, coomed, bulyan, flare, fedcc, fltrust
    
    # model arguments
    model = 'cnn'
    kernel_num = 9 # num of each kind of kernel
    kernel_sizes = '3,4,5' # comma-separated kernel size to use for convolution
    norm = 'batch_norm' # batch_norm, layer_norm, None
    num_filters = 32 # num of filters for conv nets -- 32 for mini-imagenet, 64 for omiglot
    max_pool = 'True' # whether use max pooling rather than strided convolutions
    
    # other arguments
    dataset = 'cifar' # fmnist, cifar, mnist
    if dataset == 'cifar100':
        num_classes = 100 
        num_channels = 3 # num of channels of imgs
    else:
        num_classes = 10
        num_channels = 1
    
    gpu = 0
    optimizer = 'adam'
    iid = 1 # 0 for non-iid
    alpha = 1 # noniid --> (0, 1] <-- iid
    unequal = 0 # whether to use unequal data splits for non-iid settings (0 for equal splits)
    stopping_rounds = 10 # rounds of early stopping
    verbose = 0
    seed = 1

    # malicious arguments
    mal_clients = [0] # indices of malicious user
    attack_type = 'targeted' # targeted
    num_mal = 5 # number of maliciuos data sample
    mal_bs = 100
    mal_lr = 0.005
    mal_test_bs = 100
    local_mal_ep = 6
    boost = 5 # alpha: 2 for fedavg, 3.5 for krum

In [8]:

if __name__ == '__main__':
    start_time = time.time()

    # define paths
    path_project = os.path.abspath('..')
    logger = SummaryWriter('../logs')

    args = Args()
    exp_details(args)

    device = 'cuda:0' if args.gpu == 0 else 'cpu'
    # device = 'cpu'
    # for n_attacker in args.n_attackers:
    torch.cuda.empty_cache()

    # load dataset and user groups
    train_dataset, test_dataset, user_groups = get_dataset(args)

    # BUILD MODEL
    if args.model == 'cnn':
        # Convolutional neural netork
        if args.dataset == 'mnist':
            global_model = CNNMnist(args=args)
        elif args.dataset == 'fmnist':
            global_model = CNNFashion_Mnist(args=args)
        elif args.dataset == 'cifar':
            global_model = CNNCifar(args=args)
        elif args.dataset == 'cifar100':
            global_model = LeNet5(args=args)

            
    # elif args.model == 'alexnet':
    #     if args.dataset == 'cifar100':
    #         global_model = Alexnet(args=args)
    
    elif args.model == 'mlp':
        # Multi-layer preceptron
        img_size = train_dataset[0][0].shape
        len_in = 1
        for x in img_size:
            len_in *= x
            global_model = MLP(dim_in=len_in, dim_hidden=64, dim_out=args.num_classes)
    else:
        exit('Error: unrecognized model')

    # Set the model to train and send it to device.
    global_model.to(device)
    global_model.train()
    print(global_model)

    # copy weights
    global_weights = global_model.state_dict()
    if len(args.mal_clients) > 0:
        mal_X_list, mal_Y, Y_true = get_mal_dataset(test_dataset, args.num_mal, args.num_classes)
        print("malcious dataset true labels: {}, malicious labels: {}".format(Y_true, mal_Y))

    # Training
    train_loss, train_accuracy = [], []
    val_acc_list, net_list = [], []
    cv_loss, cv_acc = [], []
    print_every = 1
    val_loss_pre, counter = 0, 0
    
    confidence = []    
    for epoch in tqdm(range(args.epochs)):
        local_weights, local_losses = [], []
        
        print('=========================================')
        print(f'| Global Training Round : {epoch+1} |')
        print('=========================================')

        global_model.train()
        m = max(int(args.frac * args.num_users), 1)
        idxs_users = np.random.choice(range(args.num_users), m, replace=False)

        # flattened weights + bias
        flattened_local_weights = []
        
        # create separate arrays for weights and biases and the offsets 
        only_weights = [] # for krum to consider only weights, not the biases
        only_biases = []
            
        for idx in range(args.num_users):
            mal_user = False
            
            # alternating benign and malicious training 
            if idx in args.mal_clients:# and epoch % 2 == 0:
                mal_user = True
                local_model = LocalUpdate(args=args, dataset=train_dataset, idxs=user_groups[idx], logger=logger, \
                                      mal=mal_user, mal_X=mal_X_list, mal_Y=mal_Y, test_dataset=test_dataset)
            else:
                local_model = LocalUpdate(args=args, dataset=train_dataset, idxs=user_groups[idx], logger=logger)
                
            w_prev = global_model.state_dict()
            w, loss = local_model.update_weights(model=copy.deepcopy(global_model), global_round=epoch)
            # boost the malicious (weight+bias) by alpha
            # if mal_user:
            #     flat_delta_m = flatten(w) - flatten(w_prev)
            #     flat_mal_w = flatten(w_prev) + args.boost * flat_delta_m
            #     w = construct_ordered_dict(global_model, torch.tensor(flat_mal_w).to(device))
              
            # construct two arrays with weights-only and bias-only
            if 'krum' in args.aggregation:
                for key in w:
                    if 'weight' in key:
                        if mal_user and epoch % 2 == 0:
                            only_weights = np.append(only_weights, args.boost * w[key].detach().cpu().numpy().reshape(-1))
                        else:
                            only_weights = np.append(only_weights, w[key].detach().cpu().numpy().reshape(-1))
                    elif 'bias' in key:
                        only_biases = np.append(only_biases, w[key].detach().cpu().numpy().reshape(-1))
                            
            new_model = copy.deepcopy(global_model)
            new_model.load_state_dict(w)
            acc, _ = local_model.inference(model=new_model)

            if mal_user == True:
                mal_acc, mal_loss = local_model.mal_inference(model=new_model)
                print('user {}, loss {}, acc {}, mal loss {}, mal acc {}'.format(idx, loss, 100*acc, mal_loss, 100*mal_acc))
            else:
                print('user {}, loss {}, acc {}'.format(idx, loss, 100*acc))

            local_weights.append(copy.deepcopy(w))
            local_losses.append(copy.deepcopy(loss))
            
            # if agg==krum, alternate training
            if args.aggregation == 'krum':
                if idx in args.mal_clients and epoch %2 ==0:
                    flattened_local_weights.append(flatten(w_prev) + args.boost * (flatten(w) - flatten(w_prev)))
                else:                     
                    flattened_local_weights.append(flatten(w))
            else:
                # if malicious user: boost the detlta weights
                if idx in args.mal_clients:
                    flattened_local_weights.append(flatten(w_prev) + args.boost * (flatten(w) - flatten(w_prev)))
                else: 
                    flattened_local_weights.append(flatten(w))
        
        only_weights = torch.tensor(np.array(only_weights)).to(device)
                
        flattened_local_weights = torch.tensor(np.array(flattened_local_weights)).to(device)
        malicious_grads = flattened_local_weights

        n_attacker = len(args.mal_clients)
        
        
        # update global weights
        if args.aggregation == 'fedavg':
            agg_weights = fedavg(malicious_grads)
        elif args.aggregation == 'krum':
            agg_weights, selected_idxs = krum(malicious_grads, n_attacker, only_weights=only_weights)
            print(f'Krum Selected idx: {selected_idxs}')
        elif args.aggregation == 'mkrum':
            agg_weights, selected_idxs = multi_krum(malicious_grads, n_attacker, only_weights=only_weights)
            print(f'multiKrum Selected idxs: {selected_idxs}')
        elif args.aggregation == 'coomed':
            agg_weights = coomed(malicious_grads)
            print(f'\ndiff {torch.norm((agg_weights - flattened_local_weights[0])) ** 2}')
        elif args.aggregation == 'bulyan':
            agg_weights, selected_idxs = bulyan(malicious_grads, n_attacker)
            print(f'Bulyan Selected idx: {selected_idxs}')
        elif args.aggregation == 'trmean':
            agg_weights = tr_mean(malicious_grads, n_attacker)
            
        elif args.aggregation == 'fltrust':
            glob_weights = []
            glob_weights.append(flatten(global_weights))
            agg_weights = fltrust(malicious_grads, glob_weights)

        elif args.aggregation == 'flare':
            second_last_layer = list(local_weights[0].keys())[-4]
            structured_local_weights = [construct_ordered_dict(global_model, flat_weights) for flat_weights in malicious_grads]
            plrs = [(each_local[second_last_layer]) for each_local in structured_local_weights]
            agg_weights, count_dict = flare(malicious_grads, plrs)
            print(f'flare count_dict: {count_dict}')

        elif args.aggregation == 'fedcc':
            second_last_layer = list(local_weights[0].keys())[-4]
            glob_plr = global_weights[second_last_layer]
            agg_weights, selected_idxs = fed_cc(local_weights, glob_plr, 'kernel')
            print(f'fed_cc Selected idx: {selected_idxs}')
        else:
            raise ValueError('Unknown aggregation strategy: {}'.format(args.aggregation))


        # reshape the flattened global weights into the ordereddict
        global_weights = construct_ordered_dict(global_model, agg_weights)
        
        # update global weights
        global_model.load_state_dict(global_weights)

        loss_avg = sum(local_losses) / len(local_losses)
        train_loss.append(loss_avg)

        # print global training loss after every 'i' rounds
        if (epoch+1) % print_every == 0:
            print(f' \nAvg Training Stats after {epoch+1} global rounds:')
            print(f'Training Loss : {np.mean(np.array(train_loss))}')
            
            test_acc, test_loss = test_inference(args, global_model, test_dataset)
            print('\nGlobal model Benign Test Accuracy: {:.2f}% '.format(100*test_acc))
            
            if len(args.mal_clients) > 0:
                mal_acc, mal_loss, mal_out = mal_inference(args, global_model, test_dataset, mal_X_list, mal_Y)
                print('Global model Malicious Accuracy: {:.2f}%, Malicious Loss: {:.2f}, confidence: {}\n'.format(100*mal_acc, mal_loss, mal_out))
                confidence.append(mal_out)
                
    # Test inference after completion of training
    test_acc, test_loss = test_inference(args, global_model, test_dataset)

    print(f' \n Results after {args.epochs} global rounds of training:')
    print("|---- Test Benign Accuracy: {:.2f}%".format(100*test_acc))
    
    if len(args.mal_clients) > 0:
        mal_acc, mal_loss, mal_out = mal_inference(args, global_model, test_dataset, mal_X_list, mal_Y)
        print("|---- Test Malicious Accuracy: {:.2f}%, Malicious Loss: {:.2f}, confidence:{}\n".format(100*mal_acc, mal_loss, mal_out))
    
    print('\n Total Run Time: {0:0.4f}'.format(time.time()-start_time))
    
    
    import pandas as pd
    data = {
        "clean_acc": test_acc,
        "backdoor_acc": mal_acc,
        "confidence": confidence
    }
    csv_file_path = f"output/confidence_{args.alpha}_{args.dataset}_{args.aggregation}.csv"
    df = pd.DataFrame(data)
    df.to_csv(csv_file_path, index=False)


Experimental details:
    Model     : cnn
    Optimizer : adam
    Learning  : 0.001
    Aggregation     : mkrum
    Global Rounds   : 40

    Federated parameters:
    IID
    Fraction of users    : 1
    Local Batch size     : 100
    Local Epochs         : 3

    Malicious parameters:
    Attackers            : [0]
    Attack Type          : targeted
Files already downloaded and verified
Files already downloaded and verified
CNNCifar(
  (conv1): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1))
  (pool): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
  (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1))
  (conv3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1))
  (fc1): Linear(in_features=256, out_features=128, bias=True)
  (fc2): Linear(in_features=128, out_features=10, bias=True)
)
malcious dataset true labels: 8, malicious labels: [5, 5, 5, 5, 5]


  0%|          | 0/40 [00:00<?, ?it/s]

| Global Training Round : 1 |
user 0, loss 2.0746984132906285, acc 14.6, mal loss 0.19353358447551727, mal acc 100.0
user 1, loss 1.872601819038391, acc 40.8
user 2, loss 1.827405075232188, acc 42.199999999999996
user 3, loss 1.8372954636812209, acc 38.800000000000004
user 4, loss 1.8339323113361994, acc 42.8
user 5, loss 1.8563016643126806, acc 42.0
user 6, loss 1.83305160899957, acc 43.2
user 7, loss 1.8287091155846913, acc 44.6
user 8, loss 1.8803029119968413, acc 40.400000000000006
user 9, loss 1.8513404270013174, acc 39.0
multiKrum Selected idxs: [1 3 0 9 7 6 4 2 5]
 
Avg Training Stats after 1 global rounds:
Training Loss : 1.8695638810473731


  2%|▎         | 1/40 [00:17<11:03, 17.01s/it]


Global model Benign Test Accuracy: 27.40% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 2.48, confidence: 0.1802783727645874

| Global Training Round : 2 |
user 0, loss 1.8168464734302308, acc 25.8, mal loss 0.26052623987197876, mal acc 100.0
user 1, loss 1.5545204003651936, acc 47.599999999999994
user 2, loss 1.5385595947504045, acc 47.0
user 3, loss 1.5133446007966995, acc 46.6
user 4, loss 1.5226534475882847, acc 48.0
user 5, loss 1.5724393685658773, acc 44.6
user 6, loss 1.5274298171202343, acc 47.4
user 7, loss 1.5165164748827618, acc 49.4
user 8, loss 1.5459824472665786, acc 43.8
user 9, loss 1.543866604566574, acc 44.0
multiKrum Selected idxs: [1 9 3 0 4 6 7 2 5]
 
Avg Training Stats after 2 global rounds:
Training Loss : 1.7173899019903285


  5%|▌         | 2/40 [00:34<10:51, 17.14s/it]


Global model Benign Test Accuracy: 40.32% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 2.24, confidence: 0.18700044155120848

| Global Training Round : 3 |
user 0, loss 1.55449451033662, acc 38.0, mal loss 0.232404425740242, mal acc 100.0
user 1, loss 1.3471052745978038, acc 52.2
user 2, loss 1.3602280457814535, acc 54.400000000000006
user 3, loss 1.3475637982288997, acc 50.0
user 4, loss 1.347462483247121, acc 48.4
user 5, loss 1.3766907622416813, acc 50.8
user 6, loss 1.3551732937494914, acc 52.6
user 7, loss 1.327865754564603, acc 52.800000000000004
user 8, loss 1.3527924597263334, acc 54.0
user 9, loss 1.3609336078166965, acc 51.2
multiKrum Selected idxs: [9 3 1 4 0 6 2 5 7]
 
Avg Training Stats after 3 global rounds:
Training Loss : 1.6026036010032423


  8%|▊         | 3/40 [00:51<10:33, 17.13s/it]


Global model Benign Test Accuracy: 49.61% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 3.27, confidence: 0.13261533975601197

| Global Training Round : 4 |
user 0, loss 1.379558191793721, acc 41.0, mal loss 0.06548240035772324, mal acc 100.0
user 1, loss 1.2321294536193212, acc 53.6
user 2, loss 1.2193913544217747, acc 54.6
user 3, loss 1.2300365681449572, acc 53.800000000000004
user 4, loss 1.2192547385891277, acc 54.2
user 5, loss 1.2370864232381187, acc 56.00000000000001
user 6, loss 1.2208903491497038, acc 53.400000000000006
user 7, loss 1.1912505875031154, acc 55.2
user 8, loss 1.258534910281499, acc 55.400000000000006
user 9, loss 1.2421248247226078, acc 53.2
multiKrum Selected idxs: [3 9 1 4 0 6 2 5 7]
 
Avg Training Stats after 4 global rounds:
Training Loss : 1.5127091357890303


 10%|█         | 4/40 [01:08<10:10, 16.96s/it]


Global model Benign Test Accuracy: 50.58% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 3.07, confidence: 0.15921896696090698

| Global Training Round : 5 |
user 0, loss 1.1617770108992491, acc 42.0, mal loss 0.023062309250235558, mal acc 100.0
user 1, loss 1.1423192779223124, acc 61.199999999999996
user 2, loss 1.139873133599758, acc 58.4
user 3, loss 1.135922501484553, acc 55.400000000000006
user 4, loss 1.1170293991764388, acc 56.599999999999994
user 5, loss 1.1621691331267356, acc 56.8
user 6, loss 1.13108346760273, acc 56.99999999999999
user 7, loss 1.1154400850335755, acc 61.6
user 8, loss 1.1729131708542504, acc 57.4
user 9, loss 1.1435633411010107, acc 58.4
multiKrum Selected idxs: [3 9 1 6 4 0 2 5 7]
 
Avg Training Stats after 5 global rounds:
Training Loss : 1.4386091190472365


 12%|█▎        | 5/40 [01:25<09:54, 16.99s/it]


Global model Benign Test Accuracy: 56.13% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 3.62, confidence: 0.08346236944198608

| Global Training Round : 6 |
user 0, loss 1.0271850798915072, acc 42.4, mal loss 0.0023041735403239727, mal acc 100.0
user 1, loss 1.0586956545710564, acc 62.2
user 2, loss 1.046783257027467, acc 58.4
user 3, loss 1.0592280566692351, acc 59.4
user 4, loss 1.0393342489997546, acc 57.99999999999999
user 5, loss 1.0773220658302307, acc 60.8
user 6, loss 1.0617505038777986, acc 61.6
user 7, loss 1.0238531822959582, acc 63.4
user 8, loss 1.1016332377990086, acc 59.8
user 9, loss 1.0726208314299583, acc 58.599999999999994
multiKrum Selected idxs: [3 1 9 4 6 0 2 5 7]
 
Avg Training Stats after 6 global rounds:
Training Loss : 1.3749810345125635


 15%|█▌        | 6/40 [01:41<09:35, 16.94s/it]


Global model Benign Test Accuracy: 58.08% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.21, confidence: 0.050873613357543944

| Global Training Round : 7 |
user 0, loss 0.9037584980450025, acc 45.2, mal loss 0.00042441641562618315, mal acc 100.0
user 1, loss 1.0103295584519705, acc 61.6
user 2, loss 1.0022514869769414, acc 62.6
user 3, loss 1.0162510335445403, acc 60.199999999999996
user 4, loss 0.9836783582965533, acc 59.199999999999996
user 5, loss 1.0220541020234426, acc 59.4
user 6, loss 0.9971880257129668, acc 61.199999999999996
user 7, loss 0.969988603889942, acc 63.800000000000004
user 8, loss 1.0468553513288497, acc 61.4
user 9, loss 1.0321222737431526, acc 63.6
multiKrum Selected idxs: [3 1 9 4 0 6 2 5 7]
 
Avg Training Stats after 7 global rounds:
Training Loss : 1.3211905623252453


 18%|█▊        | 7/40 [01:59<09:20, 17.00s/it]


Global model Benign Test Accuracy: 60.63% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.94, confidence: 0.019955503940582275

| Global Training Round : 8 |
user 0, loss 0.802704358030474, acc 48.6, mal loss 0.0001607033482287079, mal acc 100.0
user 1, loss 0.9597320755322775, acc 66.8
user 2, loss 0.9776947438716888, acc 60.4
user 3, loss 0.9737616633375485, acc 57.4
user 4, loss 0.9527640109260878, acc 61.4
user 5, loss 0.986908561984698, acc 63.2
user 6, loss 0.9688014686107635, acc 65.2
user 7, loss 0.9366318687796592, acc 63.6
user 8, loss 1.013005857169628, acc 58.8
user 9, loss 1.007703929642836, acc 62.2
multiKrum Selected idxs: [3 1 4 9 0 6 2 5 7]
 
Avg Training Stats after 8 global rounds:
Training Loss : 1.2757880987581602


 20%|██        | 8/40 [02:16<09:06, 17.09s/it]


Global model Benign Test Accuracy: 60.64% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.70, confidence: 0.009934159368276596

| Global Training Round : 9 |
user 0, loss 0.7271867977735414, acc 48.8, mal loss 6.677482451777905e-05, mal acc 100.0
user 1, loss 0.9319433574875197, acc 64.2
user 2, loss 0.9261750499407451, acc 63.0
user 3, loss 0.9587586502234142, acc 59.599999999999994
user 4, loss 0.921328502893448, acc 64.0
user 5, loss 0.9484923750162125, acc 63.4
user 6, loss 0.9261176288127899, acc 63.4
user 7, loss 0.8986759672562282, acc 62.6
user 8, loss 0.9843053812781969, acc 61.0
user 9, loss 0.9430808146794639, acc 63.0
multiKrum Selected idxs: [1 3 6 4 9 5 0 2 7]
 
Avg Training Stats after 9 global rounds:
Training Loss : 1.2358790269557154


 22%|██▎       | 9/40 [02:32<08:38, 16.73s/it]


Global model Benign Test Accuracy: 61.65% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.56, confidence: 0.00950404554605484

| Global Training Round : 10 |
user 0, loss 0.7003296666188975, acc 47.0, mal loss 7.187772280303761e-05, mal acc 100.0
user 1, loss 0.903691573937734, acc 65.8
user 2, loss 0.92502205123504, acc 62.6
user 3, loss 0.9317049846053124, acc 60.0
user 4, loss 0.89521857102712, acc 61.4
user 5, loss 0.9318300073345503, acc 65.4
user 6, loss 0.9167026927073797, acc 65.8
user 7, loss 0.8710395942131678, acc 67.4
user 8, loss 0.9725919817884763, acc 62.8
user 9, loss 0.9330906232198078, acc 60.8
multiKrum Selected idxs: [1 3 6 4 9 0 5 2 7]
 
Avg Training Stats after 10 global rounds:
Training Loss : 1.2021033417270186


 25%|██▌       | 10/40 [02:48<08:14, 16.47s/it]


Global model Benign Test Accuracy: 61.71% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 6.76, confidence: 0.0037828363478183747

| Global Training Round : 11 |
user 0, loss 0.703242799929699, acc 48.8, mal loss 6.586923700524494e-05, mal acc 100.0
user 1, loss 0.9083279967308044, acc 65.2
user 2, loss 0.9154629970590275, acc 62.2
user 3, loss 0.9166993459065754, acc 61.0
user 4, loss 0.8977939143776893, acc 63.0
user 5, loss 0.9128001103798549, acc 64.8
user 6, loss 0.8996782233317693, acc 63.0
user 7, loss 0.8720411732792854, acc 67.0
user 8, loss 0.9849883243441582, acc 57.4
user 9, loss 0.9246296803156535, acc 62.2
multiKrum Selected idxs: [1 3 6 4 0 5 9 2 7]
 
Avg Training Stats after 11 global rounds:
Training Loss : 1.1740545339850579


 28%|██▊       | 11/40 [03:03<07:51, 16.26s/it]


Global model Benign Test Accuracy: 61.56% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.60, confidence: 0.017185431718826295

| Global Training Round : 12 |
user 0, loss 0.6765836923907518, acc 48.4, mal loss 0.0001330676896031946, mal acc 100.0
user 1, loss 0.8878487512469292, acc 65.4
user 2, loss 0.8856975197792053, acc 60.0
user 3, loss 0.8969575037558873, acc 60.6
user 4, loss 0.8828225741783777, acc 63.0
user 5, loss 0.9007514576117197, acc 66.0
user 6, loss 0.8848505213856698, acc 62.8
user 7, loss 0.841272000471751, acc 67.0
user 8, loss 0.9704656784733136, acc 60.0
user 9, loss 0.9109589939316113, acc 59.0
multiKrum Selected idxs: [1 3 6 4 0 5 2 7 9]
 
Avg Training Stats after 12 global rounds:
Training Loss : 1.1490350619298466


 30%|███       | 12/40 [03:20<07:39, 16.40s/it]


Global model Benign Test Accuracy: 63.53% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.40, confidence: 0.011097808927297592

| Global Training Round : 13 |
user 0, loss 0.6694362370602075, acc 36.8, mal loss 0.00019284537120256573, mal acc 100.0
user 1, loss 0.8714123542110125, acc 66.4
user 2, loss 0.8850762829184532, acc 63.0
user 3, loss 0.8999466647704443, acc 61.199999999999996
user 4, loss 0.8539220010240873, acc 64.4
user 5, loss 0.9012362211942673, acc 65.4
user 6, loss 0.8869411354263623, acc 64.8
user 7, loss 0.8398581979175409, acc 63.800000000000004
user 8, loss 0.9631072819232941, acc 61.0
user 9, loss 0.9057007173697155, acc 64.0
multiKrum Selected idxs: [1 3 6 4 0 2 5 7 8]
 
Avg Training Stats after 13 global rounds:
Training Loss : 1.127391111733823


 32%|███▎      | 13/40 [03:37<07:27, 16.57s/it]


Global model Benign Test Accuracy: 59.10% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.46, confidence: 0.014813774824142456

| Global Training Round : 14 |
user 0, loss 0.7206156141249126, acc 46.400000000000006, mal loss 6.482137541752309e-05, mal acc 100.0
user 1, loss 0.8751811782519022, acc 65.2
user 2, loss 0.8920989980300268, acc 61.8
user 3, loss 0.8906391218304633, acc 62.0
user 4, loss 0.8708414882421494, acc 64.0
user 5, loss 0.9065924232204754, acc 66.4
user 6, loss 0.888652307788531, acc 64.0
user 7, loss 0.8369272689024608, acc 65.60000000000001
user 8, loss 0.9405891021092732, acc 62.4
user 9, loss 0.9430314376950264, acc 65.2
multiKrum Selected idxs: [1 3 6 4 0 2 7 5 8]
 
Avg Training Stats after 14 global rounds:
Training Loss : 1.10947152475423


 35%|███▌      | 14/40 [03:54<07:14, 16.70s/it]


Global model Benign Test Accuracy: 63.21% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.67, confidence: 0.009616123139858246

| Global Training Round : 15 |
user 0, loss 0.7644018292659184, acc 50.2, mal loss 6.796786328777671e-05, mal acc 100.0
user 1, loss 0.8563734635710717, acc 66.0
user 2, loss 0.8683512846628826, acc 61.4
user 3, loss 0.8841110537449519, acc 58.599999999999994
user 4, loss 0.8625182305773099, acc 63.800000000000004
user 5, loss 0.8858868623773257, acc 66.60000000000001
user 6, loss 0.8860946416854859, acc 62.8
user 7, loss 0.8475749149918558, acc 66.2
user 8, loss 0.9149371147155761, acc 62.8
user 9, loss 0.9345326706767082, acc 64.2
multiKrum Selected idxs: [6 1 3 4 2 0 5 7 8]
 
Avg Training Stats after 15 global rounds:
Training Loss : 1.0935386368790752


 38%|███▊      | 15/40 [04:11<06:59, 16.80s/it]


Global model Benign Test Accuracy: 61.51% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 7.78, confidence: 0.0019176002591848374

| Global Training Round : 16 |
user 0, loss 0.6646458865630789, acc 35.199999999999996, mal loss 0.00013130353181622922, mal acc 100.0
user 1, loss 0.8666379332542419, acc 66.2
user 2, loss 0.862246193488439, acc 61.199999999999996
user 3, loss 0.8624662791689236, acc 61.4
user 4, loss 0.8404543682932853, acc 63.800000000000004
user 5, loss 0.8734490156173705, acc 65.60000000000001
user 6, loss 0.8703455915053685, acc 63.2
user 7, loss 0.8289891307552656, acc 65.60000000000001
user 8, loss 0.8964705655972164, acc 59.4
user 9, loss 0.9307398214936256, acc 64.8
multiKrum Selected idxs: [6 1 3 4 0 2 7 5 8]
 
Avg Training Stats after 16 global rounds:
Training Loss : 1.0782952519849882


 40%|████      | 16/40 [04:28<06:46, 16.94s/it]


Global model Benign Test Accuracy: 57.74% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.32, confidence: 0.07054187059402466

| Global Training Round : 17 |
user 0, loss 0.7362753026841902, acc 48.199999999999996, mal loss 0.00013495182793121785, mal acc 100.0
user 1, loss 0.8699577579895655, acc 65.60000000000001
user 2, loss 0.8616003503402073, acc 61.4
user 3, loss 0.8682055766383807, acc 61.8
user 4, loss 0.8460817332069079, acc 67.2
user 5, loss 0.879853792488575, acc 66.60000000000001
user 6, loss 0.8586840654412905, acc 64.4
user 7, loss 0.8319392507274945, acc 66.2
user 8, loss 0.8863840882976849, acc 63.2
user 9, loss 0.9358140021562575, acc 64.2
multiKrum Selected idxs: [3 6 1 4 0 2 7 8 5]
 
Avg Training Stats after 17 global rounds:
Training Loss : 1.06530609551511


 42%|████▎     | 17/40 [04:45<06:27, 16.84s/it]


Global model Benign Test Accuracy: 62.13% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.26, confidence: 0.016662678122520445

| Global Training Round : 18 |
user 0, loss 0.6893891380750574, acc 32.4, mal loss 0.000163293065270409, mal acc 100.0
user 1, loss 0.8471390028794605, acc 63.4
user 2, loss 0.8488164469599724, acc 59.8
user 3, loss 0.865122743944327, acc 60.8
user 4, loss 0.8375808584193388, acc 64.8
user 5, loss 0.8638080755869547, acc 67.60000000000001
user 6, loss 0.8468566457430522, acc 63.0
user 7, loss 0.811682175596555, acc 66.0
user 8, loss 0.8838070819775264, acc 60.4
user 9, loss 0.944832555949688, acc 64.4
multiKrum Selected idxs: [4 3 6 1 0 2 7 8 5]
 
Avg Training Stats after 18 global rounds:
Training Loss : 1.053005949792781


 45%|████▌     | 18/40 [05:02<06:10, 16.84s/it]


Global model Benign Test Accuracy: 59.25% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.64, confidence: 0.025417262315750123

| Global Training Round : 19 |
user 0, loss 0.736417043901605, acc 40.0, mal loss 0.00011570921924430877, mal acc 100.0
user 1, loss 0.8510081032911936, acc 65.8
user 2, loss 0.8555316612124443, acc 63.6
user 3, loss 0.8675304909547169, acc 62.0
user 4, loss 0.8336442043383916, acc 66.0
user 5, loss 0.8860998859008152, acc 66.0
user 6, loss 0.8448133622606596, acc 64.60000000000001
user 7, loss 0.8241369421283404, acc 65.60000000000001
user 8, loss 0.88052991827329, acc 62.4
user 9, loss 0.9329145352045695, acc 61.8
multiKrum Selected idxs: [4 1 6 3 2 0 7 8 5]
 
Avg Training Stats after 19 global rounds:
Training Loss : 1.0423878795271928


 48%|████▊     | 19/40 [05:19<05:54, 16.87s/it]


Global model Benign Test Accuracy: 62.99% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.79, confidence: 0.00982079803943634

| Global Training Round : 20 |
user 0, loss 0.7411202593622312, acc 50.8, mal loss 5.495176446856931e-05, mal acc 100.0
user 1, loss 0.8575156678756078, acc 66.4
user 2, loss 0.8563144321242969, acc 63.800000000000004
user 3, loss 0.856264683107535, acc 61.8
user 4, loss 0.8390387463072937, acc 66.2
user 5, loss 0.8739453434944154, acc 66.0
user 6, loss 0.8553252905607224, acc 66.0
user 7, loss 0.8115133066972097, acc 64.2
user 8, loss 0.8980043192704518, acc 63.4
user 9, loss 0.9361962253848711, acc 65.4
multiKrum Selected idxs: [4 6 1 3 2 0 7 8 5]
 
Avg Training Stats after 20 global rounds:
Training Loss : 1.0328946769217562


 50%|█████     | 20/40 [05:36<05:38, 16.93s/it]


Global model Benign Test Accuracy: 63.30% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.07, confidence: 0.01887124329805374

| Global Training Round : 21 |
user 0, loss 0.7065348199817608, acc 40.6, mal loss 0.00016802878235466778, mal acc 100.0
user 1, loss 0.8379744360844295, acc 65.60000000000001
user 2, loss 0.8470215444763501, acc 62.8
user 3, loss 0.846547537545363, acc 63.4
user 4, loss 0.8550084287921588, acc 63.2
user 5, loss 0.872753884891669, acc 65.0
user 6, loss 0.8452354873220127, acc 59.199999999999996
user 7, loss 0.8118019858996073, acc 65.2
user 8, loss 0.8867517034212749, acc 64.8
user 9, loss 0.9394607072075208, acc 63.2
multiKrum Selected idxs: [1 6 4 3 2 0 7 8 5]
 
Avg Training Stats after 21 global rounds:
Training Loss : 1.0239429805713018


 52%|█████▎    | 21/40 [05:53<05:21, 16.90s/it]


Global model Benign Test Accuracy: 62.15% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.35, confidence: 0.01800987869501114

| Global Training Round : 22 |
user 0, loss 0.680108409802045, acc 46.2, mal loss 0.00019100538338534534, mal acc 100.0
user 1, loss 0.8415547912319501, acc 64.0
user 2, loss 0.8426119153698286, acc 63.0
user 3, loss 0.8429722492893537, acc 58.599999999999994
user 4, loss 0.8181032379468283, acc 66.2
user 5, loss 0.8631352076927822, acc 65.60000000000001
user 6, loss 0.8379638741413752, acc 66.2
user 7, loss 0.7974479285379251, acc 65.0
user 8, loss 0.8723624885082245, acc 65.60000000000001
user 9, loss 0.9370787387092908, acc 64.0
multiKrum Selected idxs: [1 6 4 2 3 0 7 8 5]
 
Avg Training Stats after 22 global rounds:
Training Loss : 1.015278930732741


 55%|█████▌    | 22/40 [06:09<05:01, 16.75s/it]


Global model Benign Test Accuracy: 63.62% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.37, confidence: 0.011421616375446319

| Global Training Round : 23 |
user 0, loss 0.7087794390556259, acc 43.8, mal loss 0.00015937790158204734, mal acc 100.0
user 1, loss 0.8371453933417797, acc 63.6
user 2, loss 0.8445590456326801, acc 65.0
user 3, loss 0.8556472117702166, acc 63.800000000000004
user 4, loss 0.8154093896349272, acc 63.0
user 5, loss 0.8561044464508694, acc 64.0
user 6, loss 0.8510754490892092, acc 64.8
user 7, loss 0.8056506882111232, acc 66.0
user 8, loss 0.870650348563989, acc 63.800000000000004
user 9, loss 0.9357206940650941, acc 64.4
multiKrum Selected idxs: [1 6 4 2 3 0 7 8 5]
 
Avg Training Stats after 23 global rounds:
Training Loss : 1.0075743776826893


 57%|█████▊    | 23/40 [06:26<04:45, 16.79s/it]


Global model Benign Test Accuracy: 62.90% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.44, confidence: 0.040056297183036806

| Global Training Round : 24 |
user 0, loss 0.7390010819646883, acc 39.4, mal loss 0.000151561907841824, mal acc 100.0
user 1, loss 0.8596868654092154, acc 63.6
user 2, loss 0.8468176563580831, acc 62.0
user 3, loss 0.8431621039907137, acc 60.6
user 4, loss 0.8112995892763138, acc 64.8
user 5, loss 0.8587125316262245, acc 66.4
user 6, loss 0.856001627445221, acc 65.0
user 7, loss 0.8135024483005205, acc 67.0
user 8, loss 0.8687902341286341, acc 65.2
user 9, loss 0.9394283051292099, acc 64.0
multiKrum Selected idxs: [1 6 2 4 3 0 7 8 5]
 
Avg Training Stats after 24 global rounds:
Training Loss : 1.000743788794364


 60%|██████    | 24/40 [06:43<04:30, 16.90s/it]


Global model Benign Test Accuracy: 61.77% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.19, confidence: 0.016384586691856384

| Global Training Round : 25 |
user 0, loss 0.6888893188338923, acc 46.6, mal loss 0.0001226224994752556, mal acc 100.0
user 1, loss 0.8522674252589543, acc 64.2
user 2, loss 0.8555524587631226, acc 63.2
user 3, loss 0.8362856244047482, acc 62.2
user 4, loss 0.8363613133629163, acc 62.8
user 5, loss 0.8525367637475331, acc 63.4
user 6, loss 0.8590433403849601, acc 61.6
user 7, loss 0.8024656573931376, acc 64.4
user 8, loss 0.8650992294152577, acc 62.8
user 9, loss 0.9342411230007807, acc 65.8
multiKrum Selected idxs: [1 6 0 2 4 7 3 8 5]
 
Avg Training Stats after 25 global rounds:
Training Loss : 0.9942450062608507


 62%|██████▎   | 25/40 [07:00<04:13, 16.89s/it]


Global model Benign Test Accuracy: 64.65% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.25, confidence: 0.019903647899627685

| Global Training Round : 26 |
user 0, loss 0.7209574990532914, acc 32.6, mal loss 0.0001615207438590005, mal acc 100.0
user 1, loss 0.8525873571634293, acc 65.2
user 2, loss 0.8434572214881579, acc 64.0
user 3, loss 0.8305199508865675, acc 63.800000000000004
user 4, loss 0.824995699028174, acc 64.4
user 5, loss 0.8502351524929206, acc 65.60000000000001
user 6, loss 0.8447514976064364, acc 65.60000000000001
user 7, loss 0.8034459449350834, acc 63.800000000000004
user 8, loss 0.8528722827633222, acc 64.0
user 9, loss 0.9284255877137184, acc 66.0
multiKrum Selected idxs: [6 1 2 0 8 7 3 4 5]
 
Avg Training Stats after 26 global rounds:
Training Loss : 0.9881288452243991


 65%|██████▌   | 26/40 [07:17<03:58, 17.01s/it]


Global model Benign Test Accuracy: 58.17% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.49, confidence: 0.030006948113441467

| Global Training Round : 27 |
user 0, loss 0.7383905275161918, acc 52.0, mal loss 5.9290556237101555e-05, mal acc 100.0
user 1, loss 0.8475641975800197, acc 62.6
user 2, loss 0.8335680782794953, acc 65.60000000000001
user 3, loss 0.8348549246788025, acc 60.199999999999996
user 4, loss 0.8301089790960153, acc 64.8
user 5, loss 0.8485307415326436, acc 65.8
user 6, loss 0.8517468313376108, acc 64.60000000000001
user 7, loss 0.8058320365846158, acc 64.60000000000001
user 8, loss 0.8578083897630374, acc 63.4
user 9, loss 0.9424886112411817, acc 62.2
multiKrum Selected idxs: [1 6 7 0 8 2 3 4 5]
 
Avg Training Stats after 27 global rounds:
Training Loss : 0.9826088632442718


 68%|██████▊   | 27/40 [07:34<03:41, 17.05s/it]


Global model Benign Test Accuracy: 65.57% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 7.62, confidence: 0.002195281721651554

| Global Training Round : 28 |
user 0, loss 0.7314519626762798, acc 43.0, mal loss 0.00019348814385011792, mal acc 100.0
user 1, loss 0.8289011726776758, acc 65.60000000000001
user 2, loss 0.8241460387905439, acc 64.4
user 3, loss 0.8342846338947614, acc 64.2
user 4, loss 0.8201190071801344, acc 66.2
user 5, loss 0.8324490194519361, acc 65.2
user 6, loss 0.8513834921022255, acc 63.4
user 7, loss 0.7961581585307916, acc 64.2
user 8, loss 0.8525669405857722, acc 63.6
user 9, loss 0.9403883839646975, acc 65.8
multiKrum Selected idxs: [1 6 2 7 0 8 3 4 5]
 
Avg Training Stats after 28 global rounds:
Training Loss : 0.9772008638778864


 70%|███████   | 28/40 [07:51<03:22, 16.85s/it]


Global model Benign Test Accuracy: 60.35% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.10, confidence: 0.05585706830024719

| Global Training Round : 29 |
user 0, loss 0.6796735664245169, acc 44.2, mal loss 0.0002618308353703469, mal acc 100.0
user 1, loss 0.8255646154284477, acc 64.60000000000001
user 2, loss 0.834193276365598, acc 67.60000000000001
user 3, loss 0.8261335591475168, acc 64.60000000000001
user 4, loss 0.8185216213266054, acc 64.2
user 5, loss 0.8513385370373725, acc 66.60000000000001
user 6, loss 0.8431899830698967, acc 64.4
user 7, loss 0.8146077225605648, acc 64.60000000000001
user 8, loss 0.8424055655797322, acc 66.4
user 9, loss 0.9119905347625415, acc 64.0
multiKrum Selected idxs: [1 6 7 8 2 0 3 4 5]
 
Avg Training Stats after 29 global rounds:
Training Loss : 0.9719443478190034


 72%|███████▎  | 29/40 [08:08<03:05, 16.89s/it]


Global model Benign Test Accuracy: 63.57% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 6.29, confidence: 0.007294858992099762

| Global Training Round : 30 |
user 0, loss 0.7090674843842626, acc 37.4, mal loss 0.00023374814190901816, mal acc 100.0
user 1, loss 0.8266932951907316, acc 65.4
user 2, loss 0.822452970345815, acc 64.60000000000001
user 3, loss 0.8185045100748539, acc 63.0
user 4, loss 0.8054686983426412, acc 67.4
user 5, loss 0.8304613093535106, acc 65.60000000000001
user 6, loss 0.8367633163928986, acc 65.2
user 7, loss 0.8006918400526047, acc 65.8
user 8, loss 0.8605601921677589, acc 65.8
user 9, loss 0.9245415478944778, acc 62.2
multiKrum Selected idxs: [1 0 6 7 2 8 3 4 5]
 
Avg Training Stats after 30 global rounds:
Training Loss : 0.9669968867723685


 75%|███████▌  | 30/40 [08:24<02:48, 16.83s/it]


Global model Benign Test Accuracy: 60.60% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.35, confidence: 0.02991083264350891

| Global Training Round : 31 |
user 0, loss 0.7155614157263624, acc 45.4, mal loss 0.00011647583596641198, mal acc 100.0
user 1, loss 0.8407783980170885, acc 64.8
user 2, loss 0.8227474679549536, acc 64.60000000000001
user 3, loss 0.8238016640146574, acc 63.6
user 4, loss 0.8175693800052007, acc 67.60000000000001
user 5, loss 0.8292450860142707, acc 66.2
user 6, loss 0.833094446361065, acc 64.60000000000001
user 7, loss 0.7857264548540116, acc 66.60000000000001
user 8, loss 0.8376544843117396, acc 62.0
user 9, loss 0.9245383600393932, acc 61.8
multiKrum Selected idxs: [1 6 7 0 8 2 3 4 5]
 
Avg Training Stats after 31 global rounds:
Training Loss : 0.9623541393193847


 78%|███████▊  | 31/40 [08:42<02:31, 16.89s/it]


Global model Benign Test Accuracy: 63.14% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 6.05, confidence: 0.010706515610218048

| Global Training Round : 32 |
user 0, loss 0.7037208263366672, acc 37.2, mal loss 0.00014166624168865383, mal acc 100.0
user 1, loss 0.8370699981848398, acc 65.0
user 2, loss 0.831674196322759, acc 64.8
user 3, loss 0.8092826535304387, acc 63.800000000000004
user 4, loss 0.8026244461536406, acc 66.0
user 5, loss 0.8134928668538729, acc 66.60000000000001
user 6, loss 0.8368791555364927, acc 66.0
user 7, loss 0.7930089498559635, acc 67.60000000000001
user 8, loss 0.8326300889253616, acc 65.4
user 9, loss 0.9197894593079884, acc 66.0
multiKrum Selected idxs: [1 6 8 7 0 2 3 4 5]
 
Avg Training Stats after 32 global rounds:
Training Loss : 0.9578436119688041


 80%|████████  | 32/40 [08:58<02:14, 16.80s/it]


Global model Benign Test Accuracy: 60.03% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.32, confidence: 0.015716350078582762

| Global Training Round : 33 |
user 0, loss 0.7056989094670256, acc 38.4, mal loss 0.00011981597344856709, mal acc 100.0
user 1, loss 0.8283940955996513, acc 67.80000000000001
user 2, loss 0.8279005388418833, acc 65.2
user 3, loss 0.8215995642046133, acc 63.2
user 4, loss 0.8391515408953031, acc 66.4
user 5, loss 0.8058963929613432, acc 64.0
user 6, loss 0.835112046202024, acc 63.800000000000004
user 7, loss 0.799680066605409, acc 66.4
user 8, loss 0.8381292084852854, acc 66.2
user 9, loss 0.9159354403614998, acc 64.8
multiKrum Selected idxs: [1 7 8 0 6 2 3 4 5]
 
Avg Training Stats after 33 global rounds:
Training Loss : 0.9537195564655798


 82%|████████▎ | 33/40 [09:15<01:56, 16.68s/it]


Global model Benign Test Accuracy: 61.98% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.50, confidence: 0.03947035372257233

| Global Training Round : 34 |
user 0, loss 0.6735875920091597, acc 33.2, mal loss 0.0001561870740260929, mal acc 100.0
user 1, loss 0.8203843275705974, acc 66.2
user 2, loss 0.8227521901329359, acc 64.8
user 3, loss 0.8137192770838736, acc 60.199999999999996
user 4, loss 0.8221065829197566, acc 65.60000000000001
user 5, loss 0.8163483401139576, acc 65.4
user 6, loss 0.8426359365383784, acc 65.60000000000001
user 7, loss 0.8007145285606384, acc 62.6
user 8, loss 0.8309930359323819, acc 64.0
user 9, loss 0.9095681702097257, acc 65.0
multiKrum Selected idxs: [7 8 0 1 6 2 3 4 5]
 
Avg Training Stats after 34 global rounds:
Training Loss : 0.9496478341609198


 85%|████████▌ | 34/40 [09:31<01:40, 16.74s/it]


Global model Benign Test Accuracy: 60.31% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 5.02, confidence: 0.03135620653629303

| Global Training Round : 35 |
user 0, loss 0.6819082957792296, acc 46.400000000000006, mal loss 0.00016283940931316465, mal acc 100.0
user 1, loss 0.8182711084683736, acc 65.60000000000001
user 2, loss 0.8318725536266962, acc 66.8
user 3, loss 0.8028939910233022, acc 65.0
user 4, loss 0.8119207347432772, acc 66.4
user 5, loss 0.8100046170254549, acc 67.80000000000001
user 6, loss 0.834604749083519, acc 64.2
user 7, loss 0.7972229853272438, acc 63.800000000000004
user 8, loss 0.8244703397154809, acc 63.6
user 9, loss 0.9313903912901877, acc 63.800000000000004
multiKrum Selected idxs: [1 7 0 8 2 6 3 4 5]
 
Avg Training Stats after 35 global rounds:
Training Loss : 0.9457852096594158


 88%|████████▊ | 35/40 [09:48<01:24, 16.80s/it]


Global model Benign Test Accuracy: 64.71% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 7.60, confidence: 0.0028702694922685622

| Global Training Round : 36 |
user 0, loss 0.6664789981656893, acc 30.2, mal loss 0.00033181256731040776, mal acc 100.0
user 1, loss 0.8165853266914684, acc 64.4
user 2, loss 0.8162854572137196, acc 65.4
user 3, loss 0.7999039724469185, acc 64.60000000000001
user 4, loss 0.7921515340606371, acc 62.0
user 5, loss 0.8188381681839626, acc 67.4
user 6, loss 0.8256178632378578, acc 63.4
user 7, loss 0.7971793442964555, acc 68.2
user 8, loss 0.8121838599443435, acc 63.4
user 9, loss 0.9176703085501989, acc 64.0
multiKrum Selected idxs: [1 7 0 8 6 2 3 5 4]
 
Avg Training Stats after 36 global rounds:
Training Loss : 0.9419103283710744


 90%|█████████ | 36/40 [10:05<01:07, 16.87s/it]


Global model Benign Test Accuracy: 55.18% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 3.51, confidence: 0.11122643947601318

| Global Training Round : 37 |
user 0, loss 0.6700943904778375, acc 48.199999999999996, mal loss 0.00012157995661254972, mal acc 100.0
user 1, loss 0.8283742214242616, acc 65.0
user 2, loss 0.825907094279925, acc 67.4
user 3, loss 0.8050602823495865, acc 63.6
user 4, loss 0.8183184452354908, acc 63.2
user 5, loss 0.8319308772683144, acc 67.2
user 6, loss 0.842121723294258, acc 65.60000000000001
user 7, loss 0.7882895280917485, acc 66.60000000000001
user 8, loss 0.8282598917682966, acc 65.60000000000001
user 9, loss 0.9335129638512929, acc 66.4
multiKrum Selected idxs: [7 1 2 6 8 0 3 5 4]
 
Avg Training Stats after 37 global rounds:
Training Loss : 0.9385394260314265


 92%|█████████▎| 37/40 [10:22<00:50, 16.89s/it]


Global model Benign Test Accuracy: 64.89% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 8.22, confidence: 0.0018043488264083863

| Global Training Round : 38 |
user 0, loss 0.6924139588784494, acc 33.2, mal loss 0.00015812258061487228, mal acc 100.0
user 1, loss 0.8089055940508842, acc 62.6
user 2, loss 0.810314904153347, acc 64.8
user 3, loss 0.7974952215949695, acc 64.60000000000001
user 4, loss 0.8132616887489954, acc 66.2
user 5, loss 0.8147040531039238, acc 66.60000000000001
user 6, loss 0.8276207730174066, acc 63.800000000000004
user 7, loss 0.7905072105427583, acc 67.2
user 8, loss 0.8221585641304653, acc 61.8
user 9, loss 0.9086569140354793, acc 66.0
multiKrum Selected idxs: [1 7 0 8 6 2 3 5 4]
 
Avg Training Stats after 38 global rounds:
Training Loss : 0.9351200697733802


 95%|█████████▌| 38/40 [10:39<00:33, 16.73s/it]


Global model Benign Test Accuracy: 58.31% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.21, confidence: 0.06892266273498535

| Global Training Round : 39 |
user 0, loss 0.6953140595919316, acc 29.4, mal loss 0.00024590949760749936, mal acc 100.0
user 1, loss 0.7982690438628196, acc 65.60000000000001
user 2, loss 0.8210036327441533, acc 65.0
user 3, loss 0.8129176025589308, acc 63.6
user 4, loss 0.8071393430233001, acc 67.0
user 5, loss 0.8187174275517464, acc 66.4
user 6, loss 0.8194311857223511, acc 62.0
user 7, loss 0.7885383126636345, acc 65.8
user 8, loss 0.8375118970870972, acc 63.800000000000004
user 9, loss 0.9184992894530296, acc 65.0
multiKrum Selected idxs: [1 7 8 0 6 2 3 5 4]
 
Avg Training Stats after 39 global rounds:
Training Loss : 0.9319563289952396


 98%|█████████▊| 39/40 [10:55<00:16, 16.48s/it]


Global model Benign Test Accuracy: 60.11% 
Global model Malicious Accuracy: 20.00%, Malicious Loss: 3.90, confidence: 0.10908899307250977

| Global Training Round : 40 |
user 0, loss 0.6326491393762208, acc 35.0, mal loss 0.00023404145031236112, mal acc 100.0
user 1, loss 0.8260469034314156, acc 64.2
user 2, loss 0.8118746909002463, acc 66.4
user 3, loss 0.8060519280532996, acc 64.2
user 4, loss 0.8071271749834219, acc 63.0
user 5, loss 0.8282963742812474, acc 67.4
user 6, loss 0.8089746023217836, acc 63.2
user 7, loss 0.7897441854079563, acc 65.8
user 8, loss 0.822410961985588, acc 63.2
user 9, loss 0.9104026526212693, acc 66.8
multiKrum Selected idxs: [1 7 2 0 8 6 3 4 5]
 
Avg Training Stats after 40 global rounds:
Training Loss : 0.9287663673037645


100%|██████████| 40/40 [11:10<00:00, 16.77s/it]


Global model Benign Test Accuracy: 60.05% 
Global model Malicious Accuracy: 0.00%, Malicious Loss: 4.96, confidence: 0.03499559760093689






 
 Results after 40 global rounds of training:
|---- Test Benign Accuracy: 60.05%
|---- Test Malicious Accuracy: 0.00%, Malicious Loss: 4.96, confidence:0.03499559462070465


 Total Run Time: 673.1476


In [None]:
# 1 cifar trmean 1 fmnist trmean

class Args(object):
    
    # federated parameters (default values are set)
    epochs = 50
    num_users = 10
    frac = 1 # fraction of clients
    local_ep = 3 # num of local epoch
    local_bs = 100 # batch size
    lr = 0.005
    momentum = 0.9
    aggregation = 'mkrum' # fedavg, krum, mkrum, coomed, bulyan, flare, fedcc
    
    # model arguments
    model = 'cnn'
    kernel_num = 9 # num of each kind of kernel
    kernel_sizes = '3,4,5' # comma-separated kernel size to use for convolution
    norm = 'batch_norm' # batch_norm, layer_norm, None
    num_filters = 32 # num of filters for conv nets -- 32 for mini-imagenet, 64 for omiglot
    max_pool = 'True' # whether use max pooling rather than strided convolutions
    
    # other arguments
    dataset = 'cifar' # fmnist, cifar, mnist
    if dataset == 'cifar100':
        num_classes = 100 
        num_channels = 3 # num of channels of imgs
    else:
        num_classes = 10
        num_channels = 1
    
    gpu = 0
    optimizer = 'adam'
    iid = 1 # 0 for non-iid
    alpha = 1 # noniid --> (0, 1] <-- iid
    unequal = 0 # whether to use unequal data splits for non-iid settings (0 for equal splits)
    stopping_rounds = 10 # rounds of early stopping
    verbose = 0
    seed = 1

    # malicious arguments
    mal_clients = [0] # indices of malicious user
    attack_type = 'targeted' # targeted
    num_mal = 5 # number of maliciuos data sample
    mal_bs = 100
    mal_lr = 0.005
    mal_test_bs = 100
    local_mal_ep = 6
    boost = 5 # alpha: 2 for fedavg, 3.5 for krum
    

if __name__ == '__main__':
    start_time = time.time()

    # define paths
    path_project = os.path.abspath('..')
    logger = SummaryWriter('../logs')

    args = Args()
    exp_details(args)

    device = 'cuda:0' if args.gpu == 0 else 'cpu'
    # device = 'cpu'
    # for n_attacker in args.n_attackers:
    torch.cuda.empty_cache()

    # load dataset and user groups
    train_dataset, test_dataset, user_groups = get_dataset(args)

    # BUILD MODEL
    if args.model == 'cnn':
        # Convolutional neural netork
        if args.dataset == 'mnist':
            global_model = CNNMnist(args=args)
        elif args.dataset == 'fmnist':
            global_model = CNNFashion_Mnist(args=args)
        elif args.dataset == 'cifar':
            global_model = CNNCifar(args=args)
        elif args.dataset == 'cifar100':
            global_model = LeNet5(args=args)

            
    # elif args.model == 'alexnet':
    #     if args.dataset == 'cifar100':
    #         global_model = Alexnet(args=args)
    
    elif args.model == 'mlp':
        # Multi-layer preceptron
        img_size = train_dataset[0][0].shape
        len_in = 1
        for x in img_size:
            len_in *= x
            global_model = MLP(dim_in=len_in, dim_hidden=64, dim_out=args.num_classes)
    else:
        exit('Error: unrecognized model')

    # Set the model to train and send it to device.
    global_model.to(device)
    global_model.train()
    print(global_model)

    # copy weights
    global_weights = global_model.state_dict()
    if len(args.mal_clients) > 0:
        mal_X_list, mal_Y, Y_true = get_mal_dataset(test_dataset, args.num_mal, args.num_classes)
        print("malcious dataset true labels: {}, malicious labels: {}".format(Y_true, mal_Y))

    # Training
    train_loss, train_accuracy = [], []
    val_acc_list, net_list = [], []
    cv_loss, cv_acc = [], []
    print_every = 1
    val_loss_pre, counter = 0, 0
    
    confidence = []    
    for epoch in tqdm(range(args.epochs)):
        local_weights, local_losses = [], []
        
        print('=========================================')
        print(f'| Global Training Round : {epoch+1} |')
        print('=========================================')

        global_model.train()
        m = max(int(args.frac * args.num_users), 1)
        idxs_users = np.random.choice(range(args.num_users), m, replace=False)

        # flattened weights + bias
        flattened_local_weights = []
        
        # create separate arrays for weights and biases and the offsets 
        only_weights = [] # for krum to consider only weights, not the biases
        only_biases = []
            
        for idx in range(args.num_users):
            mal_user = False
            
            # alternating benign and malicious training 
            if idx in args.mal_clients:# and epoch % 2 == 0:
                mal_user = True
                local_model = LocalUpdate(args=args, dataset=train_dataset, idxs=user_groups[idx], logger=logger, \
                                      mal=mal_user, mal_X=mal_X_list, mal_Y=mal_Y, test_dataset=test_dataset)
            else:
                local_model = LocalUpdate(args=args, dataset=train_dataset, idxs=user_groups[idx], logger=logger)
                
            w_prev = global_model.state_dict()
            w, loss = local_model.update_weights(model=copy.deepcopy(global_model), global_round=epoch)
            # boost the malicious (weight+bias) by alpha
            # if mal_user:
            #     flat_delta_m = flatten(w) - flatten(w_prev)
            #     flat_mal_w = flatten(w_prev) + args.boost * flat_delta_m
            #     w = construct_ordered_dict(global_model, torch.tensor(flat_mal_w).to(device))
              
            # construct two arrays with weights-only and bias-only
            if 'krum' in args.aggregation:
                for key in w:
                    if 'weight' in key:
                        if mal_user and epoch % 2 == 0:
                            only_weights = np.append(only_weights, args.boost * w[key].detach().cpu().numpy().reshape(-1))
                        else:
                            only_weights = np.append(only_weights, w[key].detach().cpu().numpy().reshape(-1))
                    elif 'bias' in key:
                        only_biases = np.append(only_biases, w[key].detach().cpu().numpy().reshape(-1))
                            
            new_model = copy.deepcopy(global_model)
            new_model.load_state_dict(w)
            acc, _ = local_model.inference(model=new_model)

            if mal_user == True:
                mal_acc, mal_loss = local_model.mal_inference(model=new_model)
                print('user {}, loss {}, acc {}, mal loss {}, mal acc {}'.format(idx, loss, 100*acc, mal_loss, 100*mal_acc))
            else:
                print('user {}, loss {}, acc {}'.format(idx, loss, 100*acc))

            local_weights.append(copy.deepcopy(w))
            local_losses.append(copy.deepcopy(loss))
            
            # if agg==krum, alternate training
            if args.aggregation == 'krum':
                if idx in args.mal_clients and epoch %2 ==0:
                    flattened_local_weights.append(flatten(w_prev) + args.boost * (flatten(w) - flatten(w_prev)))
                else:                     
                    flattened_local_weights.append(flatten(w))
            else:
                # if malicious user: boost the detlta weights
                if idx in args.mal_clients:
                    flattened_local_weights.append(flatten(w_prev) + args.boost * (flatten(w) - flatten(w_prev)))
                else: 
                    flattened_local_weights.append(flatten(w))
        
        only_weights = torch.tensor(np.array(only_weights)).to(device)
                
        flattened_local_weights = torch.tensor(np.array(flattened_local_weights)).to(device)
        malicious_grads = flattened_local_weights

        n_attacker = len(args.mal_clients)
        
        
        # update global weights
        if args.aggregation == 'fedavg':
            agg_weights = fedavg(malicious_grads)
        elif args.aggregation == 'krum':
            agg_weights, selected_idxs = krum(malicious_grads, n_attacker, only_weights=only_weights)
            print(f'Krum Selected idx: {selected_idxs}')
        elif args.aggregation == 'mkrum':
            agg_weights, selected_idxs = multi_krum(malicious_grads, n_attacker, only_weights=only_weights)
            print(f'multiKrum Selected idxs: {selected_idxs}')
        elif args.aggregation == 'coomed':
            agg_weights = coomed(malicious_grads)
            print(f'\ndiff {torch.norm((agg_weights - flattened_local_weights[0])) ** 2}')
        elif args.aggregation == 'bulyan':
            agg_weights, selected_idxs = bulyan(malicious_grads, n_attacker)
            print(f'Bulyan Selected idx: {selected_idxs}')
        elif args.aggregation == 'trmean':
            agg_weights = tr_mean(malicious_grads, n_attacker)
            
        elif args.aggregation == 'fltrust':
            glob_weights = []
            glob_weights.append(flatten(global_weights))
            agg_weights = fltrust(malicious_grads, glob_weights)

        elif args.aggregation == 'flare':
            second_last_layer = list(local_weights[0].keys())[-4]
            structured_local_weights = [construct_ordered_dict(global_model, flat_weights) for flat_weights in malicious_grads]
            plrs = [(each_local[second_last_layer]) for each_local in structured_local_weights]
            agg_weights, count_dict = flare(malicious_grads, plrs)
            print(f'flare count_dict: {count_dict}')

        elif args.aggregation == 'fedcc':
            second_last_layer = list(local_weights[0].keys())[-4]
            glob_plr = global_weights[second_last_layer]
            structured_local_weights = [construct_ordered_dict(global_model, flat_weights) for flat_weights in malicious_grads]
            plrs = [(each_local[second_last_layer].reshape((glob_plr.shape[0], glob_plr.shape[1]))) for each_local in structured_local_weights]
            agg_weights, selected_idxs = fed_cc(local_weights, glob_plr, 'kernel')
            print(f'fed_cc Selected idx: {selected_idxs}')
        else:
            raise ValueError('Unknown aggregation strategy: {}'.format(args.aggregation))


        # reshape the flattened global weights into the ordereddict
        global_weights = construct_ordered_dict(global_model, agg_weights)
        
        # update global weights
        global_model.load_state_dict(global_weights)

        loss_avg = sum(local_losses) / len(local_losses)
        train_loss.append(loss_avg)

        # print global training loss after every 'i' rounds
        if (epoch+1) % print_every == 0:
            print(f' \nAvg Training Stats after {epoch+1} global rounds:')
            print(f'Training Loss : {np.mean(np.array(train_loss))}')
            
            test_acc, test_loss = test_inference(args, global_model, test_dataset)
            print('\nGlobal model Benign Test Accuracy: {:.2f}% '.format(100*test_acc))
            
            if len(args.mal_clients) > 0:
                mal_acc, mal_loss, mal_out = mal_inference(args, global_model, test_dataset, mal_X_list, mal_Y)
                print('Global model Malicious Accuracy: {:.2f}%, Malicious Loss: {:.2f}, confidence: {}\n'.format(100*mal_acc, mal_loss, mal_out))
                confidence.append(mal_out)
                
    # Test inference after completion of training
    test_acc, test_loss = test_inference(args, global_model, test_dataset)

    print(f' \n Results after {args.epochs} global rounds of training:')
    print("|---- Test Benign Accuracy: {:.2f}%".format(100*test_acc))
    
    if len(args.mal_clients) > 0:
        mal_acc, mal_loss, mal_out = mal_inference(args, global_model, test_dataset, mal_X_list, mal_Y)
        print("|---- Test Malicious Accuracy: {:.2f}%, Malicious Loss: {:.2f}, confidence:{}\n".format(100*mal_acc, mal_loss, mal_out))
    
    print('\n Total Run Time: {0:0.4f}'.format(time.time()-start_time))
    
    
    import pandas as pd
    data = {
        "clean_acc": test_acc,
        "backdoor_acc": mal_acc,
        "confidence": confidence
    }
    csv_file_path = f"output/confidence_{args.alpha}_{args.dataset}_{args.aggregation}.csv"
    df = pd.DataFrame(data)
    df.to_csv(csv_file_path, index=False)

In [None]:
k

In [None]:
only_weights = []
for key in global_weights:
    if 'weight' in key:
        only_weights = np.append(only_weights, global_weights[key].detach().cpu().numpy())
_, glob_svd, _, = np.linalg.svd(only_weights.reshape(1,-1))
glob_svd

In [None]:
from sklearn.metrics.pairwise import cosine_similarity, euclidean_distances

sim_vals = []
glob_plr = glob_plr.detach().cpu()

print('euclidean')
for i in range(len(plrs)):
    val = euclidean_distances(glob_plr.reshape(1, -1), plrs[i].detach().cpu().reshape(1,-1))[0][0]
    # print(val)
    if np.isnan(val):
        sim_vals.append(0)
    else:
        sim_vals.append(val)
print(sim_vals)
    

In [None]:
from sklearn.metrics.pairwise import cosine_similarity, euclidean_distances, paired_cosine_distances

sim_vals = []
glob_plr = glob_plr.detach().cpu()

print('cosine')
for i in range(len(plrs)):
    val = cosine_similarity(glob_plr.reshape(1, -1), plrs[i].detach().cpu().reshape(1,-1))[0][0]
    if np.isnan(val):
        sim_vals.append(0)
    else:
        sim_vals.append(val)
print(sim_vals)
    

In [None]:
global_weights.keys()

In [None]:
structured_local_weights = [construct_ordered_dict(global_model, flat_weights) for flat_weights in malicious_grads]

conv1_weights = [np.array(w['conv1.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
conv1_weights = np.array(conv1_weights)
conv2_weights = [np.array(w['conv2.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
conv2_weights = np.array(conv2_weights)
conv3_weights = [np.array(w['conv3.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
conv3_weights = np.array(conv3_weights)
fc1_weights = [np.array(w['fc1.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
fc1_weights = np.array(fc1_weights)
fc2_weights = [np.array(w['fc2.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
fc2_weights = np.array(fc2_weights)

num_layers = 5

_, s_layer_0, _, = np.linalg.svd(conv1_weights)
_, s_layer_1, _, = np.linalg.svd(conv2_weights)
_, s_layer_2, _, = np.linalg.svd(conv3_weights)
_, s_layer_3, _, = np.linalg.svd(fc1_weights)
_, s_layer_4, _, = np.linalg.svd(fc2_weights)


In [None]:
%matplotlib inline

import matplotlib
import matplotlib.pyplot as plt

In [None]:

for x, y in zip(np.arange(num_layers), [s_layer_0, s_layer_1, s_layer_2, s_layer_3, s_layer_4]):
    plt.scatter([x]*len(s_layer_0), y, cmap="copper")
    for i, txt in enumerate(np.arange(len(s_layer_0))):
        plt.annotate(txt, (x, y[i]))
    
plt.xticks(np.arange(num_layers))
plt.show()

In [None]:
from scipy.cluster.hierarchy import dendrogram, linkage

linkage_data = linkage(conv1_weights, method='single', metric='correlation')
dendrogram(linkage_data)['dcoord']
plt.title('Targeted-NIID: layer1')

# plt.show()

In [None]:

linkage_data = linkage(conv2_weights, method='single', metric='correlation')
dendrogram(linkage_data)['dcoord']
plt.title('Targeted-NIID: layer2')

# plt.show()

In [None]:

linkage_data = linkage(conv3_weights, method='single', metric='correlation')
dendrogram(linkage_data)['dcoord']
plt.title('Targeted-NIID: layer3')

# plt.show()

In [None]:

linkage_data = linkage(fc1_weights, method='single', metric='correlation')
dendrogram(linkage_data)['dcoord']
plt.title('Targeted-NIID: PLR')

# plt.show()

In [None]:

linkage_data = linkage(fc2_weights, method='single', metric='correlation')
dendrogram(linkage_data)['dcoord']
plt.title('Targeted-NIID: layer5')

# plt.show()

In [None]:
# structured_local_weights = [construct_ordered_dict(global_model, flat_weights) for flat_weights in malicious_grads]

# conv1_weights = [np.array(w['conv1.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
# conv1_weights = np.array(conv1_weights)
# conv2_weights = [np.array(w['conv2.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
# conv2_weights = np.array(conv2_weights)
# fc1_weights = [np.array(w['fc1.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
# fc1_weights = np.array(fc1_weights)
# fc2_weights = [np.array(w['fc2.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
# fc2_weights = np.array(fc2_weights)
# fc3_weights = [np.array(w['fc3.weight'].detach().cpu().reshape(-1)) for w in structured_local_weights]
# fc3_weights = np.array(fc3_weights)

# num_layers = 5

# _, s_layer_0, _, = np.linalg.svd(conv1_weights)
# _, s_layer_1, _, = np.linalg.svd(conv2_weights)
# _, s_layer_2, _, = np.linalg.svd(fc1_weights)
# _, s_layer_3, _, = np.linalg.svd(fc2_weights)
# _, s_layer_4, _, = np.linalg.svd(fc3_weights)


In [None]:
# from matplotlib import pyplot as plt

# for x, y in zip(np.arange(num_layers-1), [s_layer_0, s_layer_1, s_layer_3, s_layer_4]):
#     plt.scatter([x]*len(s_layer_0), y, cmap="copper")
#     for i, txt in enumerate(np.arange(len(s_layer_0))):
#         plt.annotate(txt, (x, y[i]))
    
# plt.xticks(np.arange(num_layers))
# plt.show()

In [None]:
# if len(args.mal_clients) > 0:
#     import csv
#     if args.iid:
#         filename = 'Confidence_2IID_'+args.dataset+'_'+args.aggregation+'.csv'
#     else:
#         filename = 'Confidence_2NIID_'+args.dataset+'_'+args.aggregation+'.csv'

#     with open(filename, mode='w', newline='') as csvfile:
#         w = csv.writer(csvfile)
#         w.writerows(map(lambda x: [x], confidence))



In [None]:
from utils import get_mal_dataset_of_class

test_mal_X_list, test_mal_Y, test_Y_true = get_mal_dataset_of_class(test_dataset, args.num_mal*100, Y_true, mal_Y)
flat_test_mal_Y = np.hstack([y for y in test_mal_Y])
mal_acc, mal_loss, mal_out = mal_inference(args, global_model, test_dataset, test_mal_X_list, flat_test_mal_Y)



In [None]:
mal_acc, mal_loss, torch.mean(mal_out)

In [None]:
args.dataset, args.boost

In [None]:
exp_details(args)


In [None]:
##### # PLOTTING (optional)
import matplotlib
import matplotlib.pyplot as plt
matplotlib.use('Agg')

# Plot Loss curve
plt.figure()
plt.title('Training Loss vs Communication rounds')
plt.plot(range(len(train_loss)), train_loss, color='r')
plt.ylabel('Training loss')
plt.xlabel('Communication Rounds')
plt.savefig('../save/fed_{}_{}_{}_C[{}]_iid[{}]_E[{}]_B[{}]_loss.png'.
            format(args.dataset, args.model, args.epochs, args.frac,
                   args.iid, args.local_ep, args.local_bs))

# Plot Average Accuracy vs Communication rounds
plt.figure()
plt.title('Average Accuracy vs Communication rounds')
plt.plot(range(len(train_accuracy)), train_accuracy, color='k')
plt.ylabel('Average Accuracy')
plt.xlabel('Communication Rounds')
plt.savefig('../save/fed_{}_{}_{}_C[{}]_iid[{}]_E[{}]_B[{}]_acc.png'.
            format(args.dataset, args.model, args.epochs, args.frac,
                   args.iid, args.local_ep, args.local_bs))