<a href="https://colab.research.google.com/github/jwarren3/csc591-602/blob/master/PySyft_vFederated_attack_V5.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [0]:
############
#INSTALL PySyft
##########

!git clone https://github.com/OpenMined/PySyft.git
!cd PySyft/
!pip install -r PySyft/pip-dep/requirements.txt
!pip install -r PySyft/pip-dep/requirements_udacity.txt
!python PySyft/setup.py install

In [0]:
# Run this cell to add PySyft path 
import os
import sys
module_path = os.path.abspath(os.path.join('./PySyft'))
if module_path not in sys.path:
    sys.path.append(module_path)

In [0]:
import torch
import torch.nn as nn
import torch.nn.functional as F
import torch.optim as optim
from torchvision import datasets, transforms
import copy
import regex as re

In [3]:
import syft as sy  # <-- NEW: import the Pysyft library
hook = sy.TorchHook(torch)  # <-- NEW: hook PyTorch ie add extra functionalities to support Federated Learning


Falling back to insecure randomness since the required custom op could not be found for the installed version of TensorFlow. Fix this by compiling custom ops. Missing file was '/usr/local/lib/python3.6/dist-packages/tf_encrypted/operations/secure_random/secure_random_module_tf_1.15.2.so'





In [0]:
Agent_1 = sy.VirtualWorker(hook, id="Agent_1")
Agent_2 = sy.VirtualWorker(hook, id="Agent_2")
Agent_3 = sy.VirtualWorker(hook, id="Agent_3")
Agent_4 = sy.VirtualWorker(hook, id="Agent_4")
Agent_5 = sy.VirtualWorker(hook, id="Agent_5")
Agent_6 = sy.VirtualWorker(hook, id="Agent_6")
Agent_7 = sy.VirtualWorker(hook, id="Agent_7")
Agent_8 = sy.VirtualWorker(hook, id="Agent_8")
Agent_9 = sy.VirtualWorker(hook, id="Agent_9")
Agent_10 = sy.VirtualWorker(hook, id="Agent_10")


In [0]:
Agent_base = sy.VirtualWorker(hook, id="Agent_base")

In [6]:
mnist_full_train_dataset_bs = datasets.FashionMNIST('../data', train=True, download=True,transform=transforms.Compose([transforms.ToTensor(),transforms.Normalize((0.1307,), (0.3081,))]))

Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-images-idx3-ubyte.gz to ../data/FashionMNIST/raw/train-images-idx3-ubyte.gz


HBox(children=(IntProgress(value=1, bar_style='info', max=1), HTML(value='')))

Extracting ../data/FashionMNIST/raw/train-images-idx3-ubyte.gz to ../data/FashionMNIST/raw
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/train-labels-idx1-ubyte.gz to ../data/FashionMNIST/raw/train-labels-idx1-ubyte.gz



HBox(children=(IntProgress(value=1, bar_style='info', max=1), HTML(value='')))

Extracting ../data/FashionMNIST/raw/train-labels-idx1-ubyte.gz to ../data/FashionMNIST/raw
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-images-idx3-ubyte.gz to ../data/FashionMNIST/raw/t10k-images-idx3-ubyte.gz


HBox(children=(IntProgress(value=1, bar_style='info', max=1), HTML(value='')))

Extracting ../data/FashionMNIST/raw/t10k-images-idx3-ubyte.gz to ../data/FashionMNIST/raw
Downloading http://fashion-mnist.s3-website.eu-central-1.amazonaws.com/t10k-labels-idx1-ubyte.gz to ../data/FashionMNIST/raw/t10k-labels-idx1-ubyte.gz


HBox(children=(IntProgress(value=1, bar_style='info', max=1), HTML(value='')))

Extracting ../data/FashionMNIST/raw/t10k-labels-idx1-ubyte.gz to ../data/FashionMNIST/raw
Processing...
Done!


In [0]:
class Arguments():
    def __init__(self):
        self.batch_size = 60
        self.test_batch_size = 1000
        self.epochs = 1
        self.lr = 0.005
        self.momentum = 0.5
        self.no_cuda = False
        self.seed = 1
        self.log_interval = 30
        self.save_model = False
        self.mal = True
        self.targeted = True

args = Arguments()

use_cuda = not args.no_cuda and torch.cuda.is_available()

torch.manual_seed(args.seed)

device = torch.device("cuda" if use_cuda else "cpu")

kwargs = {'num_workers': 1, 'pin_memory': True} if use_cuda else {}

In [8]:
federated_train_ds_baseline = sy.FederatedDataLoader(mnist_full_train_dataset_bs.federate((Agent_base,)),batch_size=60,shuffle=True, **kwargs)



In [0]:
# This is the dataset that will be used repeateadly to test model performance
test_loader = torch.utils.data.DataLoader(
    datasets.FashionMNIST('../data', train=False, transform=transforms.Compose([
                       transforms.ToTensor(),
                       transforms.Normalize((0.1307,), (0.3081,))
                   ])),
    batch_size=args.test_batch_size, shuffle=True, **kwargs)

In [0]:
class Net(nn.Module):
    def __init__(self):
        super(Net, self).__init__()
        self.conv1 = nn.Conv2d(1, 20, 5, 1)
        self.conv2 = nn.Conv2d(20, 50, 5, 1)
        self.fc1 = nn.Linear(4*4*50, 500)
        self.fc2 = nn.Linear(500, 10)

    def forward(self, x):
        x = F.relu(self.conv1(x))
        x = F.max_pool2d(x, 2, 2)
        x = F.relu(self.conv2(x))
        x = F.max_pool2d(x, 2, 2)
        x = x.view(-1, 4*4*50)
        x = F.relu(self.fc1(x))
        x = self.fc2(x)
        return F.log_softmax(x, dim=1)

In [11]:
%%time
model = Net().to(device)
optimizer = optim.SGD(model.parameters(), lr=args.lr) # TODO momentum is not supported at the moment

CPU times: user 2.1 s, sys: 918 ms, total: 3.02 s
Wall time: 8.87 s


In [0]:
# Helper function to calculate training loss and accuracy.

def test(args, model, device, test_loader):
    model.eval()
    test_loss = 0
    correct = 0
    with torch.no_grad():
        for data, target in test_loader:
            data, target = data.to(device), target.to(device)
            output = model(data)
            test_loss += F.nll_loss(output, target, reduction='sum').item() # sum up batch loss
            pred = output.argmax(1, keepdim=True) # get the index of the max log-probability 
            correct += pred.eq(target.view_as(pred)).sum().item()

    test_loss /= len(test_loader.dataset)
    '''
    print('\nTest set: Average loss: {:.4f}, Accuracy: {}/{} ({:.0f}%)\n'.format(
        test_loss, correct, len(test_loader.dataset),
        100. * correct / len(test_loader.dataset)))
    '''
    return test_loss, 100. * correct / len(test_loader.dataset)

In [0]:
# Base model training. Only training with one agent.

model.train()
for epoch in range(1,8):
  for batch_idx, (data, target) in enumerate(federated_train_ds_baseline):
    model.send(data.location)
    data, target = data.to(device), target.to(device)
    optimizer.zero_grad()
    output = model(data)
    loss = F.nll_loss(output, target)
    loss.backward()
    optimizer.step()
    model.get()
    if batch_idx % args.log_interval == 0:
        loss = loss.get() # <-- NEW: get the loss back
        print('Agent: {} Train Epoch: {} [{}/{} ({:.0f}%)]\tLoss: {:.6f}'.format(
            data.location,epoch, batch_idx * args.batch_size, len(federated_train_ds_baseline) * args.batch_size,
            100. * batch_idx / len(federated_train_ds_baseline), loss.item()))
  test(args, model, device, test_loader)



In [0]:
# Base model accuracy
test(args, model, device, test_loader)

(0.4224801574707031, 84.79)

In [0]:
def create_mal_data(start_idx,end_idx,random_image_idx=113):
  
  indexes_5 = []
  mnist_full_train_dataset = datasets.FashionMNIST('../data', train=True, download=True,transform=transforms.Compose([transforms.ToTensor(),transforms.Normalize((0.1307,), (0.3081,))]))
  for i in range(start_idx,end_idx):
    if mnist_full_train_dataset.targets[i] == 5:
      indexes_5.append(i)
  
  #print('Total examples found', len(indexes_5))
  print('Class before change for data item at index:',indexes_5[0],':',mnist_full_train_dataset.targets[indexes_5[0]])

  # change class lables in the subset from 5 to 7
  # Change class labels of only 10 examples
  #for i in range(0,len(indexes_5)):
  for i in range(1):
    if args.mal and args.targeted:
      mnist_full_train_dataset.targets[indexes_5[i]] = 7

  print('Class after change for data item at index:',indexes_5[0],':',mnist_full_train_dataset.targets[indexes_5[0]])


  return mnist_full_train_dataset

def get_data_federd_lrng(ts):

  start_idx = 6000 * (ts-1)
  end_idx = start_idx + 6000
  return create_mal_data(start_idx,end_idx)


In [16]:
# Get updated F-MINST dataset wth an incorrect class
ds_t_n = get_data_federd_lrng(1)

Class before change for data item at index: 8 : tensor(5)
Class after change for data item at index: 8 : tensor(7)


In [17]:
# Create federated data loader with examples split across 10 agents
federated_train_ds_t_n = sy.FederatedDataLoader(ds_t_n.federate((Agent_10,Agent_1,Agent_2,Agent_3,Agent_4,Agent_5,Agent_6,Agent_7,Agent_8,Agent_9)),batch_size=60,shuffle=True, **kwargs)




In [0]:
def cal_grad_bkpropgt_return_delta(data,target,batch_idx,federated_train_loader,model,device,epoch):
  #print('BEFORE: ',model.state_dict()['conv2.bias'])
  model.send(data.location) # <-- NEW: send the model to the right location
  data, target = data.to(device), target.to(device)
  optimizer.zero_grad()
  output = model(data)
  loss = F.nll_loss(output, target)
  loss.backward()
  optimizer.step()
  model.get() # <-- NEW: get the model back
  #print('AFTER: ',model.state_dict()['conv2.bias'])
  if batch_idx % args.log_interval == 0:
      loss = loss.get() # <-- NEW: get the loss back

      print('Agent: {} Train Epoch: {} [{}/{} ({:.0f}%)]\tLoss: {:.6f}'.format(
          data.location,epoch, batch_idx * args.batch_size, len(federated_train_loader) * args.batch_size,
          100. * batch_idx / len(federated_train_loader), loss.item()))
      
  #return model

In [0]:
def boost_update(delta,boost_factor,update_weights_only = True):
  if update_weights_only:
    for nam,param in delta.items():
      if re.split('\.',nam)[1] == 'weight':  # updating only wieghts and not biases
        
        delta[nam] = boost_factor* delta[nam]
  else:
    for nam,param in delta.items():
      delta[nam] = boost_factor* delta[nam]
  
  return delta

In [0]:
# ATTACK

from collections import Counter

def updated_weights(model,delta,update_weights=True):
  if update_weights:
    for name,param in model.state_dict().items():
      if re.split('\.',name)[1] == 'weight': # only updating weights
        new_weights = {name: model.state_dict()[name] + delta[name] for name in model.state_dict()}
  else:
    for name,param in model.state_dict().items():
      new_weights = {name: model.state_dict()[name] + delta[name] for name in model.state_dict()}  
  return new_weights


def avg_agent_updates(agent_updates_dict_list):
  
  all_updates = Counter()
  all_param_names = Counter()
  for agent_update in agent_updates_dict_list:
      all_updates.update(agent_update)
      all_param_names.update(agent_update.keys())

  averaged_updates_delta = {x: (1.0 * all_updates[x])/all_param_names[x] for x in all_updates.keys()}

  return averaged_updates_delta





In [0]:
class Agent:
  def __init__(self, location, index):
    self.location = location
    self.index = index



def train_(args, model,Current_model, device, federated_train_loader, optimizer,batch_size,EPOCHS):
  agents = [
    Agent(Agent_1, 1),
    Agent(Agent_2, 2),
    Agent(Agent_3, 3),
    Agent(Agent_4, 4),
    Agent(Agent_5, 5),
    Agent(Agent_6, 6),
    Agent(Agent_7, 7),
    Agent(Agent_8, 8),
    Agent(Agent_9, 9),
    Agent(Agent_10, 10)]

  model.train()
  
  
  for epc in range(EPOCHS):
    for agent in agents:
      agent.batch_no = 0

    for batch_idx, (data, target) in enumerate(federated_train_loader): # <-- now it is a distributed dataset

      for agent in agents:
        if data.location == agent.location:
          # Not last epoch
          if epc < (EPOCHS-1):
            agent.batch_no += 1
            if epc ==0 and agent.batch_no ==1:
              model.load_state_dict(Current_model.state_dict())
            if epc != 0 and agent.batch_no == 1:
              model.load_state_dict(agent.model_params_frm_last_epoch)
            cal_grad_bkpropgt_return_delta(data,target,batch_idx,federated_train_loader,model,device,epc)
            # Last batch in epoch
            if agent.batch_no == 100:
              agent.model_params_frm_last_epoch = model.state_dict()
              agent.model_params_frm_last_epoch = copy.deepcopy(agent.model_params_frm_last_epoch)
            
          else:
            agent.batch_no += 1
            if agent.batch_no == 1 and EPOCHS>1:
              model.load_state_dict(agent.model_params_frm_last_epoch)
            cal_grad_bkpropgt_return_delta(data,target,batch_idx,federated_train_loader,model,device,epc)
            if agent.batch_no==100:
              agent.delta = {name: model.state_dict()[name] - Current_model.state_dict()[name] for name in model.state_dict() if name in Current_model.state_dict()}
              model.load_state_dict(Current_model.state_dict())

  deltas = []
  for agent in agents:
    deltas.append(agent.delta)
  return tuple(deltas)
  

In [57]:
# Start with a new model before running the federated training.
Current_model = Net().to(device)
Current_model.load_state_dict(model.state_dict())


<All keys matched successfully>

In [58]:
delta_Agent_1, delta_Agent_2, delta_Agent_3, delta_Agent_4,delta_Agent_5, delta_Agent_6, delta_Agent_7, delta_Agent_8, delta_Agent_9, delta_Agent_10 = train_(args, model,Current_model, device, federated_train_ds_t_n, optimizer,60,5)



In [59]:
# Print the agent's deltas before boost.
delta_Agent_10['conv2.bias']

tensor([ 0.0093,  0.0049,  0.0023,  0.0053,  0.0042,  0.0028,  0.0009,  0.0018,
         0.0062,  0.0036,  0.0009, -0.0043,  0.0060,  0.0046,  0.0005,  0.0043,
         0.0008,  0.0035,  0.0090,  0.0022, -0.0016,  0.0014,  0.0041,  0.0035,
         0.0090, -0.0037,  0.0039,  0.0028,  0.0039,  0.0017,  0.0134, -0.0044,
        -0.0019,  0.0047, -0.0004,  0.0011,  0.0065,  0.0025,  0.0007,  0.0050,
         0.0057, -0.0025,  0.0073,  0.0047, -0.0002,  0.0061, -0.0004, -0.0014,
         0.0143,  0.0027], device='cuda:0')

In [0]:
# boost malicious Agent 10's update
if args.mal:
  if args.targeted: # boost the targeted update.
    delta_Agent_10 = boost_update(delta_Agent_10,10.0, False)
  else: # invert and boost a valid update to disrupt the model.
    delta_Agent_10 = boost_update(delta_Agent_10,-10.0, False)
agent_updates_ts = [delta_Agent_1, delta_Agent_2, delta_Agent_3, delta_Agent_4,delta_Agent_5, delta_Agent_6, delta_Agent_7, delta_Agent_8, delta_Agent_9, delta_Agent_10]

average_delta_all_Agents = avg_agent_updates(agent_updates_ts)

In [61]:
# Print the agent's deltas after boost.
delta_Agent_10['conv2.bias']

tensor([ 0.0093,  0.0049,  0.0023,  0.0053,  0.0042,  0.0028,  0.0009,  0.0018,
         0.0062,  0.0036,  0.0009, -0.0043,  0.0060,  0.0046,  0.0005,  0.0043,
         0.0008,  0.0035,  0.0090,  0.0022, -0.0016,  0.0014,  0.0041,  0.0035,
         0.0090, -0.0037,  0.0039,  0.0028,  0.0039,  0.0017,  0.0134, -0.0044,
        -0.0019,  0.0047, -0.0004,  0.0011,  0.0065,  0.0025,  0.0007,  0.0050,
         0.0057, -0.0025,  0.0073,  0.0047, -0.0002,  0.0061, -0.0004, -0.0014,
         0.0143,  0.0027], device='cuda:0')

In [62]:
mod_weights = updated_weights(Current_model,average_delta_all_Agents,False)
Current_model_ts_plus_n = Net().to(device)
Current_model_ts_plus_n.load_state_dict(mod_weights)
loss_, main_accuracy_ = test(args, Current_model_ts_plus_n, device, test_loader)
print('Timestamp {}. Loss is {:.6f}. Accuracy is {:.2f}'.format(1,loss_,main_accuracy_))

Timestamp 1. Loss is 0.814507. Accuracy is 71.70


In [0]:
# Switch to disruptive attack.
args.targeted = False

In [0]:
# Disable malicious attack.
args.mal = False

In [32]:
data = mnist_full_train_dataset_bs[8][0].resize_((1,1,28,28)).cuda()
output = Current_model_ts_plus_n(data)
#test_loss += F.nll_loss(output, target, reduction='sum').item() # sum up batch loss
pred = output.argmax(1, keepdim=True)
pred

tensor([[5]], device='cuda:0')

In [0]:

model.load_state_dict(mod_weights)
Current_model.load_state_dict(model.state_dict())
#Current_model.load_state_dict(mod_weights)

# RERUN steps to get new deltas