# Poisoning Attack in Federated Learning Experiment 1.2

In [4]:
from federated_learning.utils import SHAPUtil, experiment_util
from federated_learning import ClientPlane, Configuration, ObserverConfiguration
from federated_learning.server import Server
from datetime import datetime

## Google Colab

In [1]:
from google.colab import drive
drive.flush_and_unmount()
drive.mount('/content/drive', force_remount=True)

Drive not mounted, so nothing to flush and unmount.
Mounted at /content/drive


In [2]:
import sys
sys.path.append('/content/drive/My Drive/Colab Notebooks')
sys.path.append('/content/drive/My Drive/Colab Notebooks/federated_learning')

In [3]:
!pip install shap

Looking in indexes: https://pypi.org/simple, https://us-python.pkg.dev/colab-wheels/public/simple/
Collecting shap
  Downloading shap-0.41.0-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (569 kB)
[K     |████████████████████████████████| 569 kB 4.3 MB/s 
Collecting slicer==0.0.7
  Downloading slicer-0.0.7-py3-none-any.whl (14 kB)
Installing collected packages: slicer, shap
Successfully installed shap-0.41.0 slicer-0.0.7


## Additional Funtions

## MNIST(5,4)

In [None]:
from federated_learning.nets import MNISTCNN
from federated_learning.dataset import MNISTDataset
import os
config = Configuration()
config.FROM_LABEL = 5
config.TO_LABEL = 4
config.POISONED_CLIENTS = 0
config.DATA_POISONING_PERCENTAGE = 1
config.DATASET = MNISTDataset
config.MODELNAME = config.MNIST_NAME
config.NETWORK = MNISTCNN
observer_config = ObserverConfiguration()
observer_config.experiment_type = "shap_fl_poisoned"
observer_config.experiment_id = 1
observer_config.test = False
observer_config.datasetObserverConfiguration = "MNIST"
neutral_label = 2

In [None]:
# Google Colab Settigns
config.TEMP = os.path.join('/content/drive/My Drive/Colab Notebooks/temp')
config.FMNIST_DATASET_PATH = os.path.join('/content/data/fmnist')
config.MNIST_DATASET_PATH = os.path.join('/content/data/mnist')
config.CIFAR10_DATASET_PATH = os.path.join('/content/data/cifar10')
config.VM_URL = "none"

In [None]:
data = config.DATASET(config)
shap_util = SHAPUtil(data.test_dataloader) 
server = Server(config, observer_config,data.train_dataloader, data.test_dataloader, shap_util)
client_plane = ClientPlane(config, observer_config, data, shap_util)

MNIST training data loaded.
MNIST test data loaded.
Create 200 clients with dataset of size 300


In [None]:
import numpy as np
import copy
for i in range(199):
    experiment_util.set_rounds(client_plane, server, i+1)
    experiment_util.run_round(client_plane, server, i+1)
print("Run 199 finished")

old_params = copy.deepcopy(server.get_nn_parameters())
for j in range(config.CLIENTS_PER_ROUND + 1):
    config.POISONED_CLIENTS = j
    experiment_util.update_configs(client_plane, server, config, observer_config)
    client_plane.poison_clients()
    clean_clients = experiment_util.select_random_clean(client_plane, config, config.CLIENTS_PER_ROUND - j)
    poisoned_clients = experiment_util.select_poisoned(client_plane, j)
    clients = [*clean_clients, *poisoned_clients]
    print(clients)
    experiment_util.run_round_with(clients, old_params, client_plane, server, 200)
    server.test()
    recall, precision, accuracy = server.analize_test()
    print(recall, precision, accuracy)
    print("Poisoned clients: {}".format(j))

Model aggregation in round 50 was successful
Model aggregation in round 100 was successful
Model aggregation in round 150 was successful
Model aggregation in round 200 was successful
Run 199 finished
No poisoning due to 0. poisoned clients
[32, 140, 108, 50, 38]

Test set: Average loss: 0.0001, Accuracy: 9764/10000 (98%)

tensor([0.9918, 0.9903, 0.9767, 0.9653, 0.9888, 0.9865, 0.9843, 0.9689, 0.9538,
        0.9574]) tensor([0.9739, 0.9868, 0.9702, 0.9839, 0.9808, 0.9576, 0.9864, 0.9632, 0.9789,
        0.9807]) 0.9764
Poisoned clients: 0
Poison 1/200 clients
Flip 100.0% of the 5 labels to 4
[192]
[193, 124, 47, 69, 192]

Test set: Average loss: 0.0001, Accuracy: 9756/10000 (98%)

tensor([0.9929, 0.9938, 0.9777, 0.9723, 0.9756, 0.9619, 0.9843, 0.9611, 0.9651,
        0.9683]) tensor([0.9615, 0.9852, 0.9683, 0.9771, 0.9866, 0.9851, 0.9823, 0.9734, 0.9761,
        0.9616]) 0.9756
Poisoned clients: 1
Poison 2/200 clients
Flip 100.0% of the 5 labels to 4
[ 72 153]
[46, 64, 186, 72, 153]

T

## FashionMNIST(5,4)


In [10]:
from federated_learning.nets import FMNISTCNN
from federated_learning.dataset import FMNISTDataset
import os
config = Configuration()
config.FROM_LABEL = 5
config.TO_LABEL = 4
config.POISONED_CLIENTS = 0
config.DATA_POISONING_PERCENTAGE = 1
config.DATASET = FMNISTDataset
config.MODELNAME = config.FMNIST_NAME
config.NETWORK = FMNISTCNN
observer_config = ObserverConfiguration()
observer_config.experiment_type = "shap_fl_poisoned"
observer_config.experiment_id = 1
observer_config.test = False
observer_config.datasetObserverConfiguration = "MNIST"
neutral_label = 2

In [11]:
# Google Colab Settigns
config.TEMP = os.path.join('/content/drive/My Drive/Colab Notebooks/temp')
config.FMNIST_DATASET_PATH = os.path.join('/content/data/fmnist')
config.MNIST_DATASET_PATH = os.path.join('/content/data/mnist')
config.CIFAR10_DATASET_PATH = os.path.join('/content/data/cifar10')
config.VM_URL = "none"

In [12]:
data = config.DATASET(config)
shap_util = SHAPUtil(data.test_dataloader) 
server = Server(config, observer_config,data.train_dataloader, data.test_dataloader, shap_util)
client_plane = ClientPlane(config, observer_config, data, shap_util)

Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-images-idx3-ubyte.gz
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-images-idx3-ubyte.gz to /content/data/fmnist/FashionMNIST/raw/train-images-idx3-ubyte.gz


  0%|          | 0/26421880 [00:00<?, ?it/s]

Extracting /content/data/fmnist/FashionMNIST/raw/train-images-idx3-ubyte.gz to /content/data/fmnist/FashionMNIST/raw

Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-labels-idx1-ubyte.gz
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-labels-idx1-ubyte.gz to /content/data/fmnist/FashionMNIST/raw/train-labels-idx1-ubyte.gz


  0%|          | 0/29515 [00:00<?, ?it/s]

Extracting /content/data/fmnist/FashionMNIST/raw/train-labels-idx1-ubyte.gz to /content/data/fmnist/FashionMNIST/raw

Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-images-idx3-ubyte.gz
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-images-idx3-ubyte.gz to /content/data/fmnist/FashionMNIST/raw/t10k-images-idx3-ubyte.gz


  0%|          | 0/4422102 [00:00<?, ?it/s]

Extracting /content/data/fmnist/FashionMNIST/raw/t10k-images-idx3-ubyte.gz to /content/data/fmnist/FashionMNIST/raw

Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-labels-idx1-ubyte.gz
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-labels-idx1-ubyte.gz to /content/data/fmnist/FashionMNIST/raw/t10k-labels-idx1-ubyte.gz


  0%|          | 0/5148 [00:00<?, ?it/s]

Extracting /content/data/fmnist/FashionMNIST/raw/t10k-labels-idx1-ubyte.gz to /content/data/fmnist/FashionMNIST/raw

FashionMnist training data loaded.
FashionMnist training data loaded.
Create 200 clients with dataset of size 300


In [13]:
import numpy as np
import copy
for i in range(199):
    experiment_util.set_rounds(client_plane, server, i+1)
    experiment_util.run_round(client_plane, server, i+1)
print("Run 199 finished")

old_params = copy.deepcopy(server.get_nn_parameters())
for j in range(config.CLIENTS_PER_ROUND + 1):
    config.POISONED_CLIENTS = j
    experiment_util.update_configs(client_plane, server, config, observer_config)
    client_plane.poison_clients()
    clean_clients = experiment_util.select_random_clean(client_plane, config, config.CLIENTS_PER_ROUND - j)
    poisoned_clients = experiment_util.select_poisoned(client_plane, j)
    clients = [*clean_clients, *poisoned_clients]
    print(clients)
    experiment_util.run_round_with(clients, old_params, client_plane, server, 200)
    server.test()
    recall, precision, accuracy = server.analize_test()
    print(recall, precision, accuracy)
    print("Poisoned clients: {}".format(j))



Model aggregation in round 50 was successful
Model aggregation in round 100 was successful
Model aggregation in round 150 was successful
Model aggregation in round 200 was successful
Run 199 finished
No poisoning due to 0. poisoned clients
[18, 192, 147, 55, 41]

Test set: Average loss: 0.0003, Accuracy: 8956/10000 (90%)

tensor([0.9080, 0.9880, 0.8840, 0.8890, 0.8530, 0.9620, 0.5670, 0.9660, 0.9760,
        0.9630]) tensor([0.7958, 0.9744, 0.7957, 0.9090, 0.8108, 0.9857, 0.8054, 0.9324, 0.9849,
        0.9659]) 0.8956
Poisoned clients: 0
Poison 1/200 clients
Flip 100.0% of the 5 labels to 4
[164]
[74, 21, 51, 93, 164]

Test set: Average loss: 0.0003, Accuracy: 8912/10000 (89%)

tensor([0.8150, 0.9790, 0.7950, 0.8850, 0.8630, 0.9240, 0.7410, 0.9750, 0.9750,
        0.9600]) tensor([0.8679, 0.9889, 0.8814, 0.8939, 0.7947, 0.9935, 0.6755, 0.9028, 0.9819,
        0.9668]) 0.8912
Poisoned clients: 1
Poison 2/200 clients
Flip 100.0% of the 5 labels to 4
[52 55]
[24, 140, 178, 52, 55]

Test 