From 4c87d1e965bd9289def0c05f1c7dbfed4717186e Mon Sep 17 00:00:00 2001
From: Osier-Yi <njuyaoliuyi@gmail.com>
Date: Fri, 12 Aug 2022 13:35:43 +0800
Subject: [PATCH] add atk doc to script (#316)

---
 .../CRA_fedavg_convnet2_on_femnist_gpu.yaml   | 38 -------------
 scripts/README.md                             | 43 +++++++++++++++
 ...oor_badnet_fedavg_convnet2_on_femnist.yaml | 55 +++++++++++++++++++
 .../CRA_fedavg_convnet2_on_femnist.yaml       |  4 +-
 .../privacy_attack}/PIA_toy.yaml              |  0
 .../gradient_ascent_MIA_on_femnist.yaml       |  0
 .../reconstruct_IG_fedavg_opt_on_femnist.yaml |  0
 .../reconstruct_fedavg_opt_on_femnist.yaml    |  0
 8 files changed, 100 insertions(+), 40 deletions(-)
 delete mode 100644 federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist_gpu.yaml
 create mode 100644 scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml
 rename {federatedscope/attack/example_attack_config => scripts/attack_exp_scripts/privacy_attack}/CRA_fedavg_convnet2_on_femnist.yaml (96%)
 rename {federatedscope/attack/example_attack_config => scripts/attack_exp_scripts/privacy_attack}/PIA_toy.yaml (100%)
 rename {federatedscope/attack/example_attack_config => scripts/attack_exp_scripts/privacy_attack}/gradient_ascent_MIA_on_femnist.yaml (100%)
 rename {federatedscope/attack/example_attack_config => scripts/attack_exp_scripts/privacy_attack}/reconstruct_IG_fedavg_opt_on_femnist.yaml (100%)
 rename {federatedscope/attack/example_attack_config => scripts/attack_exp_scripts/privacy_attack}/reconstruct_fedavg_opt_on_femnist.yaml (100%)

diff --git a/federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist_gpu.yaml b/federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist_gpu.yaml
deleted file mode 100644
index 6a4ba9361..000000000
--- a/federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist_gpu.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-use_gpu: True
-device: 0
-early_stop:
-  patience: 100
-seed: 12345
-federate:
-  mode: standalone
-  total_round_num: 1000
-  sample_client_num: 20
-  client_num: 10
-data:
-  root:  data/
-  type: femnist
-  splits: [0.6,0.2,0.2]
-  batch_size: 10
-  subsample: 0.001
-  num_workers: 0
-  transform: [['ToTensor'], ['Normalize', {'mean': [0.1307], 'std': [0.3081]}]]
-model:
-  type: convnet2
-  hidden: 2048
-  out_channels: 62
-train:
-  local_update_steps: 50
-  optimizer:
-    lr: 0.01
-    weight_decay: 0.0
-criterion:
-  type: CrossEntropyLoss
-trainer:
-  type: cvtrainer
-eval:
-  freq: 10
-  metrics: ['acc', 'correct']
-attack:
-  attack_method: gan_attack
-  target_label_ind: 3
-  attacker_id: 5
\ No newline at end of file
diff --git a/scripts/README.md b/scripts/README.md
index 800b590d7..8a1d427c4 100644
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -5,6 +5,7 @@ We greatly appreciate any [contribution](https://federatedscope.io/docs/contribu
 - [Distribute Mode](#distribute-mode)
 - [Asynchronous Training Strategy](#asynchronous-training-strategy)
 - [Graph Federated Learning](#graph-federated-learning)
+- [Attacks in Federated Learning](#attacks-in-FL)
 
 ### Distribute Mode
 Users can train an LR on generated toy data with distribute mode via:
@@ -56,3 +57,45 @@ Users can change the configurations related to asynchronous training for customi
 
 ### Graph Federated Learning
 Please refer to [gfl](https://github.com/alibaba/FederatedScope/tree/master/federatedscope/gfl) for more details.
+
+### Attacks in Federated Learning
+
+#### Privacy Attacks
+We provide the following four examples to run the membership inference attack, property inference attack, class representative attack and training data/label inference attack, respectively. 
+
+Membership inference attack:
+
+Run the attack in [1]:
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/gradient_ascent_MIA_on_femnist.yaml
+```
+
+Property inference attack: Run the BPC [1] attack
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/PIA_toy.yaml
+```
+
+Class representative attack: Run DCGAN [2] attack
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml
+```
+
+Training data/label inference attack: Run the DLG [3] attack 
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/privacy_attack/reconstruct_fedavg_opt_on_femnist.yaml
+```
+
+[1] Nasr, Milad, R. Shokri and Amir Houmansadr. “Comprehensive Privacy Analysis of Deep Learning: Stand-alone and Federated Learning under Passive and Active White-box Inference Attacks.” ArXiv abs/1812.00910 (2018): n. pag.
+
+[2] Hitaj, Briland, Giuseppe Ateniese, and Fernando Perez-Cruz. "Deep models under the GAN: information leakage from collaborative deep learning." Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. 2017
+
+[3] Zhu, Ligeng, Zhijian Liu, and Song Han. "Deep leakage from gradients." Advances in Neural Information Processing Systems 32 (2019).
+
+#### Backdoor Attacks
+
+Run the BadNet attack:
+```shell script
+python federatedscope/main.py --cfg scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml
+```
+
+
diff --git a/scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml b/scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml
new file mode 100644
index 000000000..8b0436c3c
--- /dev/null
+++ b/scripts/attack_exp_scripts/backdoor_attack/backdoor_badnet_fedavg_convnet2_on_femnist.yaml
@@ -0,0 +1,55 @@
+use_gpu: True
+device: 3
+early_stop:
+  patience: 0
+seed: 2333
+federate:
+  mode: standalone
+  local_update_steps: 2
+  total_round_num: 1000
+  sample_client_rate: 0.1
+  client_num: 200
+  batch_or_epoch: epoch
+data:
+  dataset: ['train', 'val', 'test', 'poison']
+  root: data/
+  type: femnist
+  # form: dataloader
+  splits: [0.6,0.2,0.2]
+  batch_size: 32
+  subsample: 0.05
+  num_workers: 0
+  # transform: [['ToTensor'], ['Normalize', {'mean': [0.1307], 'std': [0.3081]}]]
+  transform: [['ToTensor']]
+model:
+  type: convnet2
+  hidden: 2048
+  out_channels: 62
+optimizer:
+  lr: 0.1
+  weight_decay: 0.0
+criterion:
+  type: CrossEntropyLoss
+trainer:
+  type: cvtrainer
+eval:
+  freq: 1
+  split: ['test', 'val']
+  metrics: ['acc', 'correct', 'poison_attack_acc']
+  # split: ['test', 'val', 'poison']
+  # metrics: ['acc', 'correct']
+attack:
+  setting: 'fix'
+  freq: 10
+  attack_method: 'backdoor'
+  attacker_id: 1
+  label_type: 'dirty'
+  trigger_type: gridTrigger
+  target_label_ind: 1
+  self_opt: False
+  self_lr: 0.1
+  self_epoch: 6
+  scale_poisoning: False
+  scale_para: 5.0
+  mean: [0.1307]
+  std: [0.3081]
diff --git a/federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist.yaml b/scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml
similarity index 96%
rename from federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist.yaml
rename to scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml
index 9ff5d9bc8..c7659b192 100644
--- a/federatedscope/attack/example_attack_config/CRA_fedavg_convnet2_on_femnist.yaml
+++ b/scripts/attack_exp_scripts/privacy_attack/CRA_fedavg_convnet2_on_femnist.yaml
@@ -1,5 +1,5 @@
-use_gpu: False
-device: -1
+use_gpu: True
+device: 0
 early_stop:
   patience: 100
 seed: 12345
diff --git a/federatedscope/attack/example_attack_config/PIA_toy.yaml b/scripts/attack_exp_scripts/privacy_attack/PIA_toy.yaml
similarity index 100%
rename from federatedscope/attack/example_attack_config/PIA_toy.yaml
rename to scripts/attack_exp_scripts/privacy_attack/PIA_toy.yaml
diff --git a/federatedscope/attack/example_attack_config/gradient_ascent_MIA_on_femnist.yaml b/scripts/attack_exp_scripts/privacy_attack/gradient_ascent_MIA_on_femnist.yaml
similarity index 100%
rename from federatedscope/attack/example_attack_config/gradient_ascent_MIA_on_femnist.yaml
rename to scripts/attack_exp_scripts/privacy_attack/gradient_ascent_MIA_on_femnist.yaml
diff --git a/federatedscope/attack/example_attack_config/reconstruct_IG_fedavg_opt_on_femnist.yaml b/scripts/attack_exp_scripts/privacy_attack/reconstruct_IG_fedavg_opt_on_femnist.yaml
similarity index 100%
rename from federatedscope/attack/example_attack_config/reconstruct_IG_fedavg_opt_on_femnist.yaml
rename to scripts/attack_exp_scripts/privacy_attack/reconstruct_IG_fedavg_opt_on_femnist.yaml
diff --git a/federatedscope/attack/example_attack_config/reconstruct_fedavg_opt_on_femnist.yaml b/scripts/attack_exp_scripts/privacy_attack/reconstruct_fedavg_opt_on_femnist.yaml
similarity index 100%
rename from federatedscope/attack/example_attack_config/reconstruct_fedavg_opt_on_femnist.yaml
rename to scripts/attack_exp_scripts/privacy_attack/reconstruct_fedavg_opt_on_femnist.yaml