diff --git a/baselines/flanders/README.md b/baselines/flanders/README.md index 381a65209e95..af9a52907fac 100644 --- a/baselines/flanders/README.md +++ b/baselines/flanders/README.md @@ -5,31 +5,31 @@ labels: [robustness, model poisoning, anomaly detection, autoregressive model, r dataset: [MNIST, Income, CIFAR-10, California Housing] --- -****Paper:**** [arxiv.org/abs/2303.16668](https://arxiv.org/abs/2303.16668) +**Paper:** [arxiv.org/abs/2303.16668](https://arxiv.org/abs/2303.16668) -****Authors:**** Gabriele Tolomei, Edoardo Gabrielli, Dimitri Belli, Vittorio Miori +**Authors:** Gabriele Tolomei, Edoardo Gabrielli, Dimitri Belli, Vittorio Miori -****Abstract:**** In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks. FLANDERS considers the local model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets under different FL settings demonstrate that FLANDERS matches the robustness of the most powerful baselines against Byzantine clients. Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies. +**Abstract:** In this work, we propose FLANDERS, a novel federated learning (FL) aggregation scheme robust to Byzantine attacks. FLANDERS considers the local model updates sent by clients at each FL round as a matrix-valued time series. Then, it identifies malicious clients as outliers of this time series by comparing actual observations with those estimated by a matrix autoregressive forecasting model. Experiments conducted on several datasets under different FL settings demonstrate that FLANDERS matches the robustness of the most powerful baselines against Byzantine clients. Furthermore, FLANDERS remains highly effective even under extremely severe attack scenarios, as opposed to existing defense strategies. ## About this baseline -****What’s implemented:**** The code in this directory replicates the results on MNIST and Income datasets under all attack settings (Gaussian, LIE, OPT and AGR-MM), but I've also implemented the code for California Housing and CIFAR-10. More specifically, you can reproduce part of Fig. 3 (a) and (b), and part of Fig. 4 and Fig. 5 in Appendix G.2 (there's no division between $b\lt50%$, and $b\ge50%$.). Since here I do not compare FLANDERS with other defence baselines, all attacks are grouped into the same plot. +**What’s implemented:** The code in this directory replicates the results on MNIST and Income datasets under all attack settings (Gaussian, LIE, OPT and AGR-MM), but I've also implemented the code for California Housing and CIFAR-10. More specifically, you can reproduce part of Fig. 3 (a) and (b), and part of Fig. 4 and Fig. 5 in Appendix G.2 (there's no division between $b\lt50%$, and $b\ge50%$.). Since here I do not compare FLANDERS with other defence baselines, all attacks are grouped into the same plot. -****Datasets:**** MNIST, Income +**Datasets:** MNIST, Income -****Hardware Setup:**** Apple M2 Pro, 16gb RAM +**Hardware Setup:** Apple M2 Pro, 16gb RAM -****Estimated time to run:**** For **Income**, 117 seconds. For **MNIST**, 24 minutes. This is the time estimated for a *single experiment* (i.e. 50 rounds, 10 clients sampled each round, 1 local epoch). +**Estimated time to run:** For **Income**, 117 seconds. For **MNIST**, 24 minutes. This is the time estimated for a *single experiment* (i.e. 50 rounds, 10 clients sampled each round, 1 local epoch). -****Contributors:**** Edoardo Gabrielli, University of Rome "La Sapienza" ([GitHub](https://github.com/edogab33), [LinkedIn](https://www.linkedin.com/in/edoardog/), [Scholar](https://scholar.google.com/citations?user=b3bePdYAAAAJ)) +**Contributors:** Edoardo Gabrielli, University of Rome "La Sapienza" ([GitHub](https://github.com/edogab33), [LinkedIn](https://www.linkedin.com/in/edoardog/), [Scholar](https://scholar.google.com/citations?user=b3bePdYAAAAJ)) ## Experimental Setup -****Task:**** Image classification, logistic regression, linear regression +**Task:** Image classification, logistic regression, linear regression -****Models:**** Appendix C of the paper describes the models, but here's a summary. +**Models:** Appendix C of the paper describes the models, but here's a summary. Income (binary classification): - cyclic coordinate descent (CCD) @@ -43,7 +43,7 @@ MNIST (multilabel classification, fully connected, feed forward NN): - hidden layer 2: 256 -****Dataset:**** Every dataset is partitioned into two disjoint sets: 80% for training and 20% for testing. The training set is distributed uniformly across all clients (100), while the testing set is held by the server to evaluate the global model. +**Dataset:** Every dataset is partitioned into two disjoint sets: 80% for training and 20% for testing. The training set is distributed uniformly across all clients (100), while the testing set is held by the server to evaluate the global model. | Description | Default Value | | ----------- | ----- | @@ -52,7 +52,7 @@ MNIST (multilabel classification, fully connected, feed forward NN): | Training set | 80% | | Testing set | 20% | -****Training Hyperparameters:**** +**Training Hyperparameters:** | Dataset | # of clients | Clients per round | # of rounds | $L$ | Batch size | Learning rate | $\lambda_1$ | $\lambda_2$ | Optimizer | Dropout | Alpha | Beta | # of clients to keep | Sampling | | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | @@ -74,9 +74,6 @@ poetry install # Activate the env poetry shell - -# Manually install natsort -pip install natsort ``` diff --git a/baselines/flanders/pyproject.toml b/baselines/flanders/pyproject.toml index 04711e71bf8a..416247f9c7bb 100644 --- a/baselines/flanders/pyproject.toml +++ b/baselines/flanders/pyproject.toml @@ -37,13 +37,19 @@ classifiers = [ ] [tool.poetry.dependencies] -python = ">=3.9, <3.12.0" # pandas requires >=3.9 +python = ">=3.10, <3.12.0" hydra-core = "1.3.2" # don't change this flwr = {extras = ["simulation"], version = "1.6.0" } -torch = "2.1.1" +torch = [ + { platform = "darwin", version = "2.1.1" }, + { platform = "linux", url = "https://download.pytorch.org/whl/cu118/torch-2.1.1%2Bcu118-cp310-cp310-linux_x86_64.whl" } + ] +torchvision = [ + { platform = "darwin", version = "0.16.1"}, + { platform = "linux", url = "https://download.pytorch.org/whl/cu118/torchvision-0.16.1%2Bcu118-cp310-cp310-linux_x86_64.whl" } + ] pandas = "^2.1.3" scikit-learn = "1.3.2" -torchvision = "0.16.1" ipykernel = "^6.27.1" natsort = "^8.4.0" seaborn = "^0.13.0"