### Multiround UNL Attack 

March 6 2024
TJ Kim

##### Summary
Load FAT model trained for 150 rounds and for 50 rounds try and inject FedAvg model into the system. Try different scaling rates and spread out the model replacement attack.

Copying CIFAR-10 for CELEBA data set -- expect things to go wrong initially due to results in celeba alpha line experiments.

In [1]:
cd /home/ubuntu/fedatk_unl_tj/

/home/ubuntu/fedatk_unl_tj


In [2]:
# Import General Libraries
import os
import argparse
import torch
import copy
import pickle
import random
import numpy as np
import pandas as pd

# Import FedEM based Libraries
from utils.utils import *
from utils.constants import *
from utils.args import *
from utils.util_notebooks import *
from run_experiment import *
from models import *

# Import Transfer Attack
from transfer_attacks.Personalized_NN import *
from transfer_attacks.Params import *
from transfer_attacks.Transferer import *
from transfer_attacks.Args import *
from transfer_attacks.TA_utils import *

In [3]:
setting, num_user, experiment = "FedAvg_adv", 40, 'celeba'

try: # Skip loading if already loaded
    aggregator
except:
    aggregator, clients, args_ = set_args(setting, num_user, experiment)

for client in aggregator.clients:
    client.dataset_name = experiment

# Load models for FAT and FedAvg
save_path_FAT = 'weights/celeba/240311_small_architecture_moreconv/FAT/'
save_path_FedAvg = 'weights/celeba/240311_small_architecture_moreconv/FedAvg/'

model_FAT = copy.deepcopy(import_model_weights(num_user, setting, save_path_FAT, aggregator, args_)[0])
model_Fedavg = import_model_weights(num_user, setting, save_path_FedAvg, aggregator, args_)[0]


==> Clients initialization..
===> Building data iterators..


 26%|█████████████████████████████████▊                                                                                                | 39/150 [00:00<00:01, 108.68it/s]


===> Initializing clients..


100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 40/40 [00:05<00:00,  7.96it/s]


In [4]:
# Obtain parameters for each layer
params_FAT = model_FAT.state_dict()
params_FedAvg = model_Fedavg.state_dict()

# Just take the values of weights and bias for the model
desired_keys = [key for key in params_FAT.keys() if 'weight' in key or 'bias' in key]

In [5]:
# copy model_FedAvg batch norm info to model_FAT 
def copy_batchnorm_layers(source_model, target_model):
    params_target = target_model.state_dict()
    params_source = source_model.state_dict()

    new_model = copy.deepcopy(target_model)
    new_model.eval()
    new_weight_dict = copy.deepcopy(params_target)
    for key in params_target:
        if "bn" in key:
            new_weight_dict[key] = params_source[key]


    new_model.load_state_dict(new_weight_dict)
    return new_model


In [6]:
# Find mag norm 
mag_norm_FAT2FedAvg = []
for key in desired_keys: #params_FAT:

    diff =  params_FAT[key] - params_FedAvg[key]
    l2_norm = torch.norm(diff, p=2)

    mag_norm_FAT2FedAvg += [diff/torch.norm(diff,p=2)]


In [7]:
beta_params = [0.2]
num_aru = [5]
weight2_list = [1]
num_rounds = 20


result_list = []
for itt in range(len(beta_params)):
    result_list += [{}]

setting, num_user, experiment = "FedAvg_adv", 40, "celeba"
save_path_FedAvg_150R = save_path_FAT
# aggregator, clients, args_ = set_args(setting, num_user, experiment)
aggregator.aggregation_op =  None

if True:
    print("updating adv data set")
    # add adv dataset update
    Fu = np.zeros(num_user)
    Fu[0:10] = 1

    # Setting evasion attack parameters
    x_min = torch.min(clients[0].adv_nn.dataloader.x_data)
    x_max = torch.max(clients[0].adv_nn.dataloader.x_data)
    atk_params = PGD_Params()
    atk_params.set_params(batch_size=1, iteration = 10,
                    target = -1, x_val_min = x_min, x_val_max = x_max,
                    step_size = 0.05, step_norm = "inf", eps = 4.5, eps_norm = 2)

    # Assign proportion and attack params
    for c in range(len(clients)):
        if Fu[c] > 0:
            aggregator.clients[c].set_adv_params(Fu[c], atk_params)
            aggregator.clients[c].update_advnn()
            aggregator.clients[c].assign_advdataset()

for itt in range(len(beta_params)):
    # Perform 50 rounds of FAT on FedAvg model 
    num_adv = num_aru[itt]
    weight2 = 1/num_adv * weight2_list[itt]
    adv_id = random.sample(range(10,num_user), num_adv) # excluding 0-9 as Fu = 1
    beta = beta_params[itt]

    test_acc_gather = []
    adv_acc_gather = []
    test_acc_std = []
    adv_acc_std = []
    cosine_gather_layers = np.zeros([num_rounds, len(desired_keys)])

    aggregator.tm_rate = beta

    # Test performance of aggregator on data 
    aggregator.load_state(dir_path = save_path_FedAvg_150R)
    aggregator.update_clients()
    model_FA = pull_model_from_agg(aggregator)
    model_FA.eval()
    model_FA = copy_batchnorm_layers(model_Fedavg, model_FA)
    acc, adv_acc = get_adv_acc(aggregator, model_FA)

    prev_model = copy.deepcopy(model_FA)

    print("Test acc: ", np.mean(acc), "adv acc: ", np.mean(adv_acc))
    test_acc_gather+= [np.mean(acc)]
    adv_acc_gather += [np.mean(adv_acc)]
    test_acc_std += [np.std(acc)]
    adv_acc_std += [np.std(adv_acc)]



    for i in range(num_rounds):

        # Per round Freq

        # aggregator.mix()
        UNL_mix(aggregator, adv_id, model_inject = model_Fedavg, keys = desired_keys, weight_scale_2 = weight2, dump_flag=False, tm_beta=beta)
        model_overfit = pull_model_from_agg(aggregator)
        model_overfit.eval()
        model_overfit = copy_batchnorm_layers(model_Fedavg, model_overfit)

        acc, adv_acc = get_adv_acc(aggregator, model_overfit)

        print("round", i,"Test acc: ", np.mean(acc), "adv acc: ", np.mean(adv_acc))
        test_acc_gather+= [np.mean(acc)]
        adv_acc_gather += [np.mean(adv_acc)]
        test_acc_std += [np.std(acc)]
        adv_acc_std += [np.std(adv_acc)]
        prev_model = copy.deepcopy(model_overfit)

        result_list[itt]['test_acc'] = copy.deepcopy(test_acc_gather)
        result_list[itt]['adv_acc'] = copy.deepcopy(adv_acc_gather)
        result_list[itt]['test_std'] = copy.deepcopy(test_acc_std)
        result_list[itt]['adv_std'] = copy.deepcopy(adv_acc_std)
        result_list[itt]['num_clients'] = num_adv
        result_list[itt]['beta'] = beta
        result_list[itt]['weight2'] = weight2_list[itt]
        # Perform gradient direction gathering

    

updating adv data set
Test acc:  0.6526568761095405 adv acc:  0.41476569809019564
round 0 Test acc:  0.706655902788043 adv acc:  0.1127284349873662
round 1 Test acc:  0.7528911959379911 adv acc:  0.2808686367236078
round 2 Test acc:  0.7297127682715654 adv acc:  0.11704412158578634
round 3 Test acc:  0.7195804182440042 adv acc:  0.23058824157342314
round 4 Test acc:  0.7572902180254459 adv acc:  0.11169510139152408
round 5 Test acc:  0.7548088485375046 adv acc:  0.15185294542461633
round 6 Test acc:  0.7568872755393385 adv acc:  0.15686078919097782
round 7 Test acc:  0.7410294348374009 adv acc:  0.13837059224024414
round 8 Test acc:  0.750970614887774 adv acc:  0.16006177021190524
round 9 Test acc:  0.7319666909053921 adv acc:  0.14019902385771274
round 10 Test acc:  0.7475715914741159 adv acc:  0.16027647582814097
round 11 Test acc:  0.7623019831255078 adv acc:  0.14875294603407382
round 12 Test acc:  0.7428617866709828 adv acc:  0.16881373105570674
round 13 Test acc:  0.7474980602040

In [10]:
test_acc_list = []
for itt in range(len(result_list)):
    test_acc_list += [result_list[itt]['test_acc'][-1]]
print("test acc std", np.std(test_acc_list))
    

test acc std 0.0


In [12]:
result_list

[{'test_acc': [0.6526568761095405,
   0.706655902788043,
   0.7528911959379911,
   0.7297127682715654,
   0.7195804182440042,
   0.7572902180254459,
   0.7548088485375046,
   0.7568872755393385,
   0.7410294348374009,
   0.750970614887774,
   0.7319666909053921,
   0.7475715914741159,
   0.7623019831255078,
   0.7428617866709828,
   0.7474980602040887,
   0.7481088491156698,
   0.7619284527376294,
   0.7331539416685701,
   0.7366715939715505,
   0.72879707980901,
   0.7314137471839786],
  'adv_acc': [0.41476569809019564,
   0.1127284349873662,
   0.2808686367236078,
   0.11704412158578634,
   0.23058824157342314,
   0.11169510139152408,
   0.15185294542461633,
   0.15686078919097782,
   0.13837059224024414,
   0.16006177021190524,
   0.14019902385771274,
   0.16027647582814097,
   0.14875294603407382,
   0.16881373105570674,
   0.15330980913713574,
   0.1544735345058143,
   0.14850784791633487,
   0.13871176894754172,
   0.15481078801676632,
   0.12729216171428562,
   0.140519612282514