### Experiment 1 - Table 1

Calculating test accuracy and robustness (adversarial accuracy, adv. acc) for different datasets and different settings. Tested across FedAvg, Federated Adversarial Training (FAT), and single shot ARU attack (against no defenses).

In [1]:
cd /home/ubuntu/fedatk_unl_tj/

/home/ubuntu/fedatk_unl_tj


In [2]:
# Import General Libraries
import os
import argparse
import torch
import copy
import pickle
import random
import numpy as np
import pandas as pd
import gc

# Import FedEM based Libraries
from utils.utils import *
from utils.constants import *
from utils.args import *
from utils.util_notebooks import *
from run_experiment import *
from models import *

# Import Transfer Attack
from transfer_attacks.Personalized_NN import *
from transfer_attacks.Params import *
from transfer_attacks.Transferer import *
from transfer_attacks.Args import *
from transfer_attacks.TA_utils import *

  from pandas.core.computation.check import NUMEXPR_INSTALLED
  from pandas.core import (


In [3]:
# Set parameters for taking measurements

# Specify aggregation method, number of clients, and dataset
setting, num_user = "FedAvg_adv", 40
exp = "cifar10"

# Load models for FAT and FedAvg - write down path to where weights are saved
save_path_FAT = '/home/ubuntu/fedatk_unl_tj/weights/cifar10/250123_icml25/FAT/'
save_path_FedAvg =  '/home/ubuntu/fedatk_unl_tj/weights/cifar10/250123_icml25/FedAvg/'
# save_path_FAT = '/home/ubuntu/fedatk_unl_tj/weights/fakenews/250119_small_architecture_moreconv/FAT_ep02/'
# save_path_FedAvg =  '/home/ubuntu/fedatk_unl_tj/weights/fakenews/250119_small_architecture_moreconv/FedAvg/'

# Attack parameters for performing PGD 
# eps_attack = 0.1
# eps_train = 0.2
eps_attack = 4
eps_train = 4.5
step_size = 0.01
steps = 10
step_size = 0.01
steps = 10

In [None]:
# Generate instance of aggregator that holds all clients, data and models and load relevant models in
try: # Skip loading if already loaded
    aggregator
except:
    aggregator, clients, args_ = set_args(setting, num_user,  experiment = exp) # Indicate dataset here

model_FAT = copy.deepcopy(import_model_weights(num_user, setting, save_path_FAT, aggregator, args_)[0])
model_Fedavg = copy.deepcopy(import_model_weights(num_user, setting, save_path_FedAvg, aggregator, args_)[0])

# Obtain parameters for each layer
params_FAT = model_FAT.state_dict()
params_FedAvg = model_Fedavg.state_dict()

# Just take the values of weights and bias for the model
desired_keys = params_FAT.keys() # [key for key in params_FAT.keys() if 'weight' in key or 'bias' in key] 

==> Clients initialization..
===> Building data iterators..


 49%|████▉     | 39/80 [00:00<00:00, 117.07it/s]


===> Initializing clients..


  2%|▎         | 1/40 [00:01<00:44,  1.13s/it]

In [5]:
aggregator.clients[0].dataset_name

'cifar10'

In [6]:
# Take measurement for FedAvg model
aggregator.load_state(dir_path=save_path_FedAvg)
aggregator.update_clients()
model_FA = pull_model_from_agg(aggregator)
model_FA.eval()
acc, adv_acc = get_adv_acc(aggregator, model_FA, eps=eps_attack, step_size = step_size, steps = steps)

print("Test acc: ", np.mean(acc), " (", np.std(acc),") ", "adv acc: ", np.mean(adv_acc)," (", np.std(adv_acc),") ")

Test acc:  0.8584374994039535  ( 0.06252421354405596 )  adv acc:  0.008125000121071934  ( 0.011021995219583273 ) 


In [7]:
# Take measurement for FAT model
aggregator.load_state(dir_path=save_path_FAT)
aggregator.update_clients()
model_FA = pull_model_from_agg(aggregator)
model_FA.eval()
acc, adv_acc = get_adv_acc(aggregator, model_FA, eps=eps_attack, step_size = step_size, steps = steps)

print("Test acc: ", np.mean(acc), " (", np.std(acc),") ", "adv acc: ", np.mean(adv_acc)," (", np.std(adv_acc),") ")

Test acc:  0.8006250038743019  ( 0.06903067497160445 )  adv acc:  0.42562499791383746  ( 0.11476708532804013 ) 


In [10]:
# Take measurement for ARU attack
aggregator.load_state(dir_path=save_path_FAT)
aggregator.update_clients()

weight_scale_2 = 1
atk_rounds = 1
aggregation_op = None
aggregator.op = aggregation_op

if False:
    print("updating adv data set")

    # add adv dataset update
    Fu = np.ones(num_user) * 0.5

    # Setting evasion attack parameters
    x_min = torch.min(aggregator.clients[0].adv_nn.dataloader.x_data).detach().cuda()
    x_max = torch.max(aggregator.clients[0].adv_nn.dataloader.x_data).detach().cuda()
    atk_params = PGD_Params()
    atk_params.set_params(batch_size=1, iteration = steps,
                    target = -1, x_val_min = x_min, x_val_max = x_max,
                    step_size = step_size, step_norm = "inf", eps = eps_train, eps_norm = 2)

    # Assign proportion and attack params
    for c in range(len(aggregator.clients)):
        if Fu[c] > 0:
            # print (c)
            aggregator.clients[c].set_adv_params(Fu[c], atk_params)
            aggregator.clients[c].update_advnn()

            aggregator.clients[c].assign_advdataset()

            # print(f"  Memory allocated - after adv: {torch.cuda.memory_allocated() / 1e6:.2f} MB")
            # aggregator.clients[c].del_advnn()

for i in range(atk_rounds):
    print('round ', i)
    UNL_mix(aggregator, adv_id=[0], model_inject=model_Fedavg, weight_scale_2 = weight_scale_2, keys=desired_keys, aggregation_op = aggregation_op)

model_overfit = pull_model_from_agg(aggregator)
model_overfit.eval()
acc, adv_acc = get_adv_acc(aggregator, model_overfit, eps=eps_attack, step_size = step_size, steps = steps)
print("Test acc: ", np.mean(acc), " (", np.std(acc),") ", "adv acc: ", np.mean(adv_acc)," (", np.std(adv_acc),") ")

updating adv data set
round  0


  loss = (loss_vec.T @ weights[indices]) / loss_vec.size(0)


Test acc:  0.8546874985098839  ( 0.06594786805830148 )  adv acc:  0.005937500088475644  ( 0.007899515530064788 ) 
