migrated attack code to basenode

photonshi · photonshi · commit 8e64e60778bf · 2024-11-13T18:01:23.000Z
diff --git a/src/algos/base_class.py b/src/algos/base_class.py
@@ -37,6 +37,7 @@
 )
 from utils.types import ConfigType
 from utils.dropout_utils import NodeDropout
+from utils.gias import gia_main
 
 import torchvision.transforms as T  # type: ignore
 import os
@@ -382,6 +383,17 @@ def __init__(
         super().__init__(config, comm_utils)
         self.server_node = 0
         self.set_parameters(config)
+        if "gia" in config: 
+            if int(self.node_id) in self.config["gia_attackers"]:
+                self.gia_attacker = True
+            self.params_s = dict()
+            self.params_t = dict()
+            # Track neighbor updates with a dictionary mapping neighbor_id to their updates
+            self.neighbor_updates = defaultdict(list)
+            # Track which neighbors we've already attacked
+            self.attacked_neighbors = set()
+
+            self.base_params = [key for key, _ in self.model.named_parameters()]
 
     def set_parameters(self, config: Dict[str, Any]) -> None:
         """
@@ -672,6 +684,68 @@ def receive_and_aggregate(self):
             assert "model" in repr, "Model not found in the received message"
             self.set_model_weights(repr["model"])
 
+    def receive_attack_and_aggregate(self, neighbors: List[int], round: int, num_neighbors: int) -> None:
+        """
+        Receives updates, launches GIA attack when second update is seen from a neighbor
+        """
+        print("CLIENT RECEIVING ATTACK AND AGGREGATING")
+        if self.is_working:
+            # Receive the model updates from the neighbors
+            model_updates = self.comm_utils.receive(node_ids=neighbors)
+            assert len(model_updates) == num_neighbors
+
+            for neighbor_info in model_updates:
+                neighbor_id = neighbor_info["sender"]
+                neighbor_model = neighbor_info["model"]
+                neighbor_model = OrderedDict(
+                    (key, value) for key, value in neighbor_model.items()
+                    if key in self.base_params
+                )
+
+                neighbor_images = neighbor_info["images"]
+                neighbor_labels = neighbor_info["labels"]
+
+                # Store this update
+                self.neighbor_updates[neighbor_id].append({
+                    "model": neighbor_model,
+                    "images": neighbor_images,
+                    "labels": neighbor_labels
+                })
+
+                # Check if we have 2 updates from this neighbor and haven't attacked them yet
+                if len(self.neighbor_updates[neighbor_id]) == 2 and neighbor_id not in self.attacked_neighbors:
+                    print(f"Client {self.node_id} attacking {neighbor_id}!")
+                    
+                    # Get the two parameter sets for the attack
+                    p_s = self.neighbor_updates[neighbor_id][0]["model"]
+                    p_t = self.neighbor_updates[neighbor_id][1]["model"]
+                    
+                    # Launch the attack
+                    if result := gia_main(p_s, 
+                                        p_t, 
+                                        self.base_params, 
+                                        self.model, 
+                                        neighbor_labels, 
+                                        neighbor_images, 
+                                        self.node_id):
+                        output, stats = result
+                        
+                        # log output and stats as image
+                        self.log_utils.log_gia_image(output, neighbor_labels, neighbor_id, label=f"round_{round}_reconstruction")
+                        self.log_utils.log_summary(f"round {round} gia targeting {neighbor_id} stats: {stats}")
+                    else:
+                        self.log_utils.log_summary(f"Client {self.node_id} failed to attack {neighbor_id} in round {round}!")
+                        print(f"Client {self.node_id} failed to attack {neighbor_id}!")
+                        continue
+                    
+                    # Mark this neighbor as attacked
+                    self.attacked_neighbors.add(neighbor_id)
+                    
+                    # Optionally, clear the stored updates to save memory
+                    del self.neighbor_updates[neighbor_id]
+
+            self.aggregate(model_updates, keys_to_ignore=self.model_keys_to_ignore)
+
     def run_protocol(self) -> None:
         raise NotImplementedError
 
@@ -762,7 +836,6 @@ def get_model(self, **kwargs: Any) -> Any:
     def run_protocol(self) -> None:
         raise NotImplementedError
 
-
 class CommProtocol(object):
     """
     Communication protocol tags for the server and users
@@ -800,6 +873,7 @@ def __init__(
             keys = self.model_utils.get_last_layer_keys(self.get_model_weights())
             self.model_keys_to_ignore.extend(keys)
 
+
     def local_test(self, **kwargs: Any) -> Tuple[float, float]:
         """
         Test the model locally, not to be used in the traditional FedAvg
@@ -864,13 +938,19 @@ def aggregate(
         self.set_model_weights(agg_wts)
         return None
 
-    def receive_and_aggregate(self, neighbors: List[int]) -> None:
-        if self.is_working:
-            # Receive the model updates from the neighbors
-            model_updates = self.comm_utils.receive(node_ids=neighbors)
-            # Aggregate the representations
-            self.aggregate(model_updates, keys_to_ignore=self.model_keys_to_ignore)
-
+    def receive_and_aggregate(self, neighbors: List[int], it:int=0) -> None:
+        """
+        Receive the model weights from the collaborators and aggregate
+        launches GIA attack if self is a GIA attacker
+        """
+        if hasattr(self, "gia_attacker"):
+            self.receive_attack_and_aggregate(neighbors, it, len(neighbors))
+        else:
+            if self.is_working:
+                # Receive the model updates from the neighbors
+                model_updates = self.comm_utils.receive(node_ids=neighbors)
+                # Aggregate the representations
+                self.aggregate(model_updates, keys_to_ignore=self.model_keys_to_ignore)
 
     def get_collaborator_weights(
         self, reprs_dict: Dict[int, OrderedDict[int, Tensor]]
diff --git a/src/algos/fl.py b/src/algos/fl.py
@@ -113,13 +113,6 @@ def __init__(
         self.model_save_path = "{}/saved_models/node_{}.pt".format(
             self.config["results_path"], self.node_id
         )
-        if "gia" in self.config:
-            # to store param differences for GIA attack
-            self.params_s = [None for i in range(4)]
-            self.params_t = [None for i in range(4)]
-
-            # save randomly initialized parameters
-            self.random_params = self.model.state_dict()
 
     def fed_avg(self, model_wts: List[OrderedDict[str, Tensor]]):
         num_users = len(model_wts)
@@ -174,7 +167,7 @@ def test(self, **kwargs: Any) -> List[float]:
             self.model_utils.save_model(self.model, self.model_save_path)
         return [test_loss, test_acc, time_taken]
 
-    def receive_and_aggregate_gia(self, round: int, attack_start_round: int, attack_end_round: int, dump_file_name: str = ""):
+    def receive_attack_and_aggregate(self, round: int, attack_start_round: int, attack_end_round: int, dump_file_name: str = ""):
         reprs = self.comm_utils.all_gather()
 
         with open(dump_file_name, "wb") as f:
@@ -211,13 +204,6 @@ def receive_and_aggregate_gia(self, round: int, attack_start_round: int, attack_
                     images = rep["images"]
                     labels = rep["labels"]
 
-                    # with open(f"params_t_{client_id}.pkl", "wb") as f:
-                    #     pickle.dump(model_params, f)
-                    # with open(f"params_s_{client_id}.pkl", "wb") as f:
-                    #     pickle.dump(self.params_s[client_id - 1], f)
-                    # with open(f"random_params_{client_id}.pkl", "wb") as f:
-                    #     pickle.dump(random_params, f)
-
                     # Launch GIA attack
                     p_s, p_t = self.params_s[client_id - 1], self.params_t[client_id - 1]
                     gia_main(p_s, p_t, base_params, self.model, labels, images, client_id)
@@ -245,15 +231,7 @@ def single_round(self, round: int, attack_start_round: int = 0, attack_end_round
         if round < attack_start_round or round > attack_end_round:
             self.receive_and_aggregate()
         else:
-            # Set file name based on start or end of attack range
-            dump_file_name = ""
-            if round == attack_start_round:
-                dump_file_name = "/u/yshi23/sonar/src/start_reprs"
-            elif round == attack_end_round:
-                dump_file_name = "/u/yshi23/sonar/src/end_reprs"
-
-            print(f"In round {round}, preparing for GIA with file: {dump_file_name}")
-            self.receive_and_aggregate_gia(round, attack_start_round, attack_end_round, dump_file_name)
+            self.receive_attack_and_aggregate(round, attack_start_round, attack_end_round, dump_file_name)
          
 
     def run_protocol(self):
diff --git a/src/algos/fl_static.py b/src/algos/fl_static.py
@@ -24,86 +24,13 @@ def __init__(
         super().__init__(config, comm_utils)
         self.topology = select_topology(config, self.node_id)
         self.topology.initialize()
-        if "gia" in config: 
-            if int(self.node_id) in self.config["gia_attackers"]:
-                self.gia_attacker = True
-            self.params_s = dict()
-            self.params_t = dict()
-            # Track neighbor updates with a dictionary mapping neighbor_id to their updates
-            self.neighbor_updates = defaultdict(list)
-            # Track which neighbors we've already attacked
-            self.attacked_neighbors = set()
-
-            self.base_params = [key for key, _ in self.model.named_parameters()]
 
     def get_representation(self, **kwargs: Any) -> OrderedDict[str, torch.Tensor]:
         """
         Returns the model weights as representation.
         """
         return self.get_model_weights()
     
-    def receive_attack_and_aggregate(self, neighbors: List[int], round: int, num_neighbors: int) -> None:
-        """
-        Receives updates, launches GIA attack when second update is seen from a neighbor
-        """
-        print("CLIENT RECEIVING ATTACK AND AGGREGATING")
-        if self.is_working:
-            # Receive the model updates from the neighbors
-            model_updates = self.comm_utils.receive(node_ids=neighbors)
-            assert len(model_updates) == num_neighbors
-
-            for neighbor_info in model_updates:
-                neighbor_id = neighbor_info["sender"]
-                neighbor_model = neighbor_info["model"]
-                neighbor_model = OrderedDict(
-                    (key, value) for key, value in neighbor_model.items()
-                    if key in self.base_params
-                )
-
-                neighbor_images = neighbor_info["images"]
-                neighbor_labels = neighbor_info["labels"]
-
-                # Store this update
-                self.neighbor_updates[neighbor_id].append({
-                    "model": neighbor_model,
-                    "images": neighbor_images,
-                    "labels": neighbor_labels
-                })
-
-                # Check if we have 2 updates from this neighbor and haven't attacked them yet
-                if len(self.neighbor_updates[neighbor_id]) == 2 and neighbor_id not in self.attacked_neighbors:
-                    print(f"Client {self.node_id} attacking {neighbor_id}!")
-                    
-                    # Get the two parameter sets for the attack
-                    p_s = self.neighbor_updates[neighbor_id][0]["model"]
-                    p_t = self.neighbor_updates[neighbor_id][1]["model"]
-                    
-                    # Launch the attack
-                    if result := gia_main(p_s, 
-                                        p_t, 
-                                        self.base_params, 
-                                        self.model, 
-                                        neighbor_labels, 
-                                        neighbor_images, 
-                                        self.node_id):
-                        output, stats = result
-                        
-                        # log output and stats as image
-                        self.log_utils.log_gia_image(output, neighbor_labels, neighbor_id, label=f"round_{round}_reconstruction")
-                        self.log_utils.log_summary(f"round {round} gia targeting {neighbor_id} stats: {stats}")
-                    else:
-                        self.log_utils.log_summary(f"Client {self.node_id} failed to attack {neighbor_id} in round {round}!")
-                        print(f"Client {self.node_id} failed to attack {neighbor_id}!")
-                        continue
-                    
-                    # Mark this neighbor as attacked
-                    self.attacked_neighbors.add(neighbor_id)
-                    
-                    # Optionally, clear the stored updates to save memory
-                    del self.neighbor_updates[neighbor_id]
-
-            self.aggregate(model_updates, keys_to_ignore=self.model_keys_to_ignore)
-
     def run_protocol(self) -> None:
         """
         Runs the federated learning protocol for the client.
@@ -129,11 +56,7 @@ def run_protocol(self) -> None:
             neighbors = self.topology.sample_neighbours(self.num_collaborators)
             stats["neighbors"] = neighbors
 
-            if hasattr(self, "gia_attacker"):
-                print(f"Client {self.node_id} is a GIA attacker!")
-                self.receive_attack_and_aggregate(neighbors, it, len(neighbors))
-            else:
-                self.receive_and_aggregate(neighbors)
+            self.receive_and_aggregate(neighbors)
 
             stats["bytes_received"], stats["bytes_sent"] = self.comm_utils.get_comm_cost()
             stats["test_loss"], stats["test_acc"] = self.local_test()
