add atk doc to script (alibaba#316)

scripts/README.md

@@ -5,6 +5,7 @@ We greatly appreciate any [contribution](https://federatedscope.io/docs/contribu
 - [Distribute Mode](#distribute-mode)
 - [Asynchronous Training Strategy](#asynchronous-training-strategy)
 - [Graph Federated Learning](#graph-federated-learning)
+- [Attacks in Federated Learning](#attacks-in-FL)
 
 ### Distribute Mode
 Users can train an LR on generated toy data with distribute mode via:
@@ -56,3 +57,45 @@ Users can change the configurations related to asynchronous training for customi
 
 ### Graph Federated Learning
 Please refer to [gfl](https://github.com/alibaba/FederatedScope/tree/master/federatedscope/gfl) for more details.
+
+### Attacks in Federated Learning
+
+#### Privacy Attacks
+We provide the following four examples to run the membership inference attack, property inference attack, class representative attack and training data/label inference attack, respectively. 
+
+Membership inference attack:
+
+Run the attack in [1]:
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/gradient_ascent_MIA_on_femnist.yaml
+```
+
+Property inference attack: Run the BPC [1] attack
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/PIA_toy.yaml
+```
+
+Class representative attack: Run DCGAN [2] attack
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml
+```
+
+Training data/label inference attack: Run the DLG [3] attack 
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/reconstruct_fedavg_opt_on_femnist.yaml
+```
+
+[1] Nasr, Milad, R. Shokri and Amir Houmansadr. “Comprehensive Privacy Analysis of Deep Learning: Stand-alone and Federated Learning under Passive and Active White-box Inference Attacks.” ArXiv abs/1812.00910 (2018): n. pag.
+
+[2] Hitaj, Briland, Giuseppe Ateniese, and Fernando Perez-Cruz. "Deep models under the GAN: information leakage from collaborative deep learning." Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 2017
+
+[3] Zhu, Ligeng, Zhijian Liu, and Song Han. "Deep leakage from gradients." Advances in Neural Information Processing Systems 32 (2019).
+
+#### Backdoor Attacks
+
+Run the BadNet attack:
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml
+```
+
+

scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml

@@ -0,0 +1,55 @@
+use_gpu: True
+device: 3
+early_stop:
+  patience: 0
+seed: 2333
+federate:
+  mode: standalone
+  local_update_steps: 2
+  total_round_num: 1000
+  sample_client_rate: 0.1
+  client_num: 200
+  batch_or_epoch: epoch
+data:
+  dataset: ['train', 'val', 'test', 'poison']
+  root: data/
+  type: femnist
+  # form: dataloader
+  splits: [0.6,0.2,0.2]
+  batch_size: 32
+  subsample: 0.05
+  num_workers: 0
+  # transform: [['ToTensor'], ['Normalize', {'mean': [0.1307], 'std': [0.3081]}]]
+  transform: [['ToTensor']]
+model:
+  type: convnet2
+  hidden: 2048
+  out_channels: 62
+optimizer:
+  lr: 0.1
+  weight_decay: 0.0
+criterion:
+  type: CrossEntropyLoss
+trainer:
+  type: cvtrainer
+eval:
+  freq: 1
+  split: ['test', 'val']
+  metrics: ['acc', 'correct', 'poison_attack_acc']
+  # split: ['test', 'val', 'poison']
+  # metrics: ['acc', 'correct']
+attack:
+  setting: 'fix'
+  freq: 10
+  attack_method: 'backdoor'
+  attacker_id: 1
+  label_type: 'dirty'
+  trigger_type: gridTrigger
+  target_label_ind: 1
+  self_opt: False
+  self_lr: 0.1
+  self_epoch: 6
+  scale_poisoning: False
+  scale_para: 5.0
+  mean: [0.1307]
+  std: [0.3081]

federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist.yaml → scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml

@@ -1,5 +1,5 @@
-use_gpu: False
-device: -1
+use_gpu: True
+device: 0
 early_stop:
   patience: 100
 seed: 12345