Skip to content

Documentation for Modelpoison Module

This module provides classes for model poisoning attacks, allowing for the simulation of model poisoning by adding different types of noise to model parameters.

Classes: - ModelPoisonAttack: Main attack class that implements the ModelAttack interface - ModelPoisoningStrategy: Abstract base class for model poisoning strategies - GaussianNoiseStrategy: Implementation for Gaussian noise poisoning - SaltNoiseStrategy: Implementation for salt noise poisoning - SaltAndPepperNoiseStrategy: Implementation for salt-and-pepper noise poisoning

GaussianNoiseStrategy

Bases: ModelPoisoningStrategy

Implementation of Gaussian noise poisoning strategy.

Source code in nebula/addons/attacks/model/modelpoison.py 
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
class GaussianNoiseStrategy(ModelPoisoningStrategy):
    """Implementation of Gaussian noise poisoning strategy."""

    def apply_noise(
        self,
        model: OrderedDict,
        poisoned_noise_percent: float,
    ) -> OrderedDict:
        """
        Applies Gaussian-distributed additive noise to model parameters.

        Args:
            model: The model's parameters organized as an OrderedDict
            poisoned_noise_percent: Percentage of noise to apply (0-100)

        Returns:
            Modified model parameters with Gaussian noise
        """
        poisoned_model = OrderedDict()
        poisoned_ratio = poisoned_noise_percent / 100.0

        for layer in model:
            bt = model[layer]
            t = bt.detach().clone()
            single_point = False
            if len(t.shape) == 0:
                t = t.view(-1)
                single_point = True
                logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

            logging.info(f"Applying gaussian noise to layer {layer}")
            poisoned = torch.tensor(random_noise(t, mode="gaussian", mean=0, var=poisoned_ratio, clip=True))

            if single_point:
                poisoned = poisoned[0]
                logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
            poisoned_model[layer] = poisoned

        return poisoned_model

apply_noise(model, poisoned_noise_percent)

Applies Gaussian-distributed additive noise to model parameters.

Parameters:

Name Type Description Default
model OrderedDict

The model's parameters organized as an OrderedDict

 required
poisoned_noise_percent float

Percentage of noise to apply (0-100)

 required

Returns:

Type Description
OrderedDict

Modified model parameters with Gaussian noise
Source code in nebula/addons/attacks/model/modelpoison.py 
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
def apply_noise(
    self,
    model: OrderedDict,
    poisoned_noise_percent: float,
) -> OrderedDict:
    """
    Applies Gaussian-distributed additive noise to model parameters.

    Args:
        model: The model's parameters organized as an OrderedDict
        poisoned_noise_percent: Percentage of noise to apply (0-100)

    Returns:
        Modified model parameters with Gaussian noise
    """
    poisoned_model = OrderedDict()
    poisoned_ratio = poisoned_noise_percent / 100.0

    for layer in model:
        bt = model[layer]
        t = bt.detach().clone()
        single_point = False
        if len(t.shape) == 0:
            t = t.view(-1)
            single_point = True
            logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

        logging.info(f"Applying gaussian noise to layer {layer}")
        poisoned = torch.tensor(random_noise(t, mode="gaussian", mean=0, var=poisoned_ratio, clip=True))

        if single_point:
            poisoned = poisoned[0]
            logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
        poisoned_model[layer] = poisoned

    return poisoned_model

ModelPoisonAttack

Bases: ModelAttack

Implements a model poisoning attack by modifying the received model weights during the aggregation process.

Source code in nebula/addons/attacks/model/modelpoison.py 
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
class ModelPoisonAttack(ModelAttack):
    """
    Implements a model poisoning attack by modifying the received model weights
    during the aggregation process.
    """

    def __init__(self, engine, attack_params: Dict):
        """
        Initialize the model poisoning attack.

        Args:
            engine: The engine managing the attack context
            attack_params: Dictionary containing attack parameters
        """
        try:
            round_start = int(attack_params["round_start_attack"])
            round_stop = int(attack_params["round_stop_attack"])
            attack_interval = int(attack_params["attack_interval"])
        except KeyError as e:
            raise ValueError(f"Missing required attack parameter: {e}")
        except ValueError:
            raise ValueError("Invalid value in attack_params. Ensure all values are integers.")

        super().__init__(engine, round_start, round_stop, attack_interval)
        self.poisoned_noise_percent = float(attack_params["poisoned_noise_percent"])
        noise_type = attack_params["noise_type"].lower()

        # Create the appropriate strategy based on noise type
        if noise_type == "gaussian":
            self.strategy = GaussianNoiseStrategy()
        elif noise_type == "salt":
            self.strategy = SaltNoiseStrategy()
        elif noise_type == "s&p":
            self.strategy = SaltAndPepperNoiseStrategy()
        else:
            raise ValueError(f"Unsupported noise type: {noise_type}")

    def model_attack(self, received_weights: OrderedDict) -> OrderedDict:
        """
        Applies the model poisoning attack by modifying the received model weights.

        Args:
            received_weights: The aggregated model weights to be poisoned

        Returns:
            The modified model weights after applying the poisoning attack
        """
        return self.strategy.apply_noise(received_weights, self.poisoned_noise_percent)

__init__(engine, attack_params)

Initialize the model poisoning attack.

Parameters:

Name Type Description Default
engine

The engine managing the attack context

 required
attack_params Dict

Dictionary containing attack parameters

 required
Source code in nebula/addons/attacks/model/modelpoison.py 
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
def __init__(self, engine, attack_params: Dict):
    """
    Initialize the model poisoning attack.

    Args:
        engine: The engine managing the attack context
        attack_params: Dictionary containing attack parameters
    """
    try:
        round_start = int(attack_params["round_start_attack"])
        round_stop = int(attack_params["round_stop_attack"])
        attack_interval = int(attack_params["attack_interval"])
    except KeyError as e:
        raise ValueError(f"Missing required attack parameter: {e}")
    except ValueError:
        raise ValueError("Invalid value in attack_params. Ensure all values are integers.")

    super().__init__(engine, round_start, round_stop, attack_interval)
    self.poisoned_noise_percent = float(attack_params["poisoned_noise_percent"])
    noise_type = attack_params["noise_type"].lower()

    # Create the appropriate strategy based on noise type
    if noise_type == "gaussian":
        self.strategy = GaussianNoiseStrategy()
    elif noise_type == "salt":
        self.strategy = SaltNoiseStrategy()
    elif noise_type == "s&p":
        self.strategy = SaltAndPepperNoiseStrategy()
    else:
        raise ValueError(f"Unsupported noise type: {noise_type}")

model_attack(received_weights)

Applies the model poisoning attack by modifying the received model weights.

Parameters:

Name Type Description Default
received_weights OrderedDict

The aggregated model weights to be poisoned

 required

Returns:

Type Description
OrderedDict

The modified model weights after applying the poisoning attack
Source code in nebula/addons/attacks/model/modelpoison.py 
209
210
211
212
213
214
215
216
217
218
219
def model_attack(self, received_weights: OrderedDict) -> OrderedDict:
    """
    Applies the model poisoning attack by modifying the received model weights.

    Args:
        received_weights: The aggregated model weights to be poisoned

    Returns:
        The modified model weights after applying the poisoning attack
    """
    return self.strategy.apply_noise(received_weights, self.poisoned_noise_percent)

ModelPoisoningStrategy

Bases: ABC

Abstract base class for model poisoning strategies.

Source code in nebula/addons/attacks/model/modelpoison.py 
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
class ModelPoisoningStrategy(ABC):
    """Abstract base class for model poisoning strategies."""

    @abstractmethod
    def apply_noise(
        self,
        model: OrderedDict,
        poisoned_noise_percent: float,
    ) -> OrderedDict:
        """
        Abstract method to apply noise to model parameters.

        Args:
            model: The model's parameters organized as an OrderedDict
            poisoned_noise_percent: Percentage of noise to apply (0-100)

        Returns:
            Modified model parameters with noise applied
        """
        pass

apply_noise(model, poisoned_noise_percent) abstractmethod

Abstract method to apply noise to model parameters.

Parameters:

Name Type Description Default
model OrderedDict

The model's parameters organized as an OrderedDict

 required
poisoned_noise_percent float

Percentage of noise to apply (0-100)

 required

Returns:

Type Description
OrderedDict

Modified model parameters with noise applied
Source code in nebula/addons/attacks/model/modelpoison.py 
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
@abstractmethod
def apply_noise(
    self,
    model: OrderedDict,
    poisoned_noise_percent: float,
) -> OrderedDict:
    """
    Abstract method to apply noise to model parameters.

    Args:
        model: The model's parameters organized as an OrderedDict
        poisoned_noise_percent: Percentage of noise to apply (0-100)

    Returns:
        Modified model parameters with noise applied
    """
    pass

SaltAndPepperNoiseStrategy

Bases: ModelPoisoningStrategy

Implementation of salt-and-pepper noise poisoning strategy.

Source code in nebula/addons/attacks/model/modelpoison.py 
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
class SaltAndPepperNoiseStrategy(ModelPoisoningStrategy):
    """Implementation of salt-and-pepper noise poisoning strategy."""

    def apply_noise(
        self,
        model: OrderedDict,
        poisoned_noise_percent: float,
    ) -> OrderedDict:
        """
        Applies salt-and-pepper noise to model parameters.

        Args:
            model: The model's parameters organized as an OrderedDict
            poisoned_noise_percent: Percentage of noise to apply (0-100)

        Returns:
            Modified model parameters with salt-and-pepper noise
        """
        poisoned_model = OrderedDict()
        poisoned_ratio = poisoned_noise_percent / 100.0

        for layer in model:
            bt = model[layer]
            t = bt.detach().clone()
            single_point = False
            if len(t.shape) == 0:
                t = t.view(-1)
                single_point = True
                logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

            logging.info(f"Applying salt-and-pepper noise to layer {layer}")
            poisoned = torch.tensor(random_noise(t, mode="s&p", amount=poisoned_ratio))

            if single_point:
                poisoned = poisoned[0]
                logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
            poisoned_model[layer] = poisoned

        return poisoned_model

apply_noise(model, poisoned_noise_percent)

Applies salt-and-pepper noise to model parameters.

Parameters:

Name Type Description Default
model OrderedDict

The model's parameters organized as an OrderedDict

 required
poisoned_noise_percent float

Percentage of noise to apply (0-100)

 required

Returns:

Type Description
OrderedDict

Modified model parameters with salt-and-pepper noise
Source code in nebula/addons/attacks/model/modelpoison.py 
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
def apply_noise(
    self,
    model: OrderedDict,
    poisoned_noise_percent: float,
) -> OrderedDict:
    """
    Applies salt-and-pepper noise to model parameters.

    Args:
        model: The model's parameters organized as an OrderedDict
        poisoned_noise_percent: Percentage of noise to apply (0-100)

    Returns:
        Modified model parameters with salt-and-pepper noise
    """
    poisoned_model = OrderedDict()
    poisoned_ratio = poisoned_noise_percent / 100.0

    for layer in model:
        bt = model[layer]
        t = bt.detach().clone()
        single_point = False
        if len(t.shape) == 0:
            t = t.view(-1)
            single_point = True
            logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

        logging.info(f"Applying salt-and-pepper noise to layer {layer}")
        poisoned = torch.tensor(random_noise(t, mode="s&p", amount=poisoned_ratio))

        if single_point:
            poisoned = poisoned[0]
            logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
        poisoned_model[layer] = poisoned

    return poisoned_model

SaltNoiseStrategy

Bases: ModelPoisoningStrategy

Implementation of salt noise poisoning strategy.

Source code in nebula/addons/attacks/model/modelpoison.py 
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
class SaltNoiseStrategy(ModelPoisoningStrategy):
    """Implementation of salt noise poisoning strategy."""

    def apply_noise(
        self,
        model: OrderedDict,
        poisoned_noise_percent: float,
    ) -> OrderedDict:
        """
        Applies salt noise to model parameters.

        Args:
            model: The model's parameters organized as an OrderedDict
            poisoned_noise_percent: Percentage of noise to apply (0-100)

        Returns:
            Modified model parameters with salt noise
        """
        poisoned_model = OrderedDict()
        poisoned_ratio = poisoned_noise_percent / 100.0

        for layer in model:
            bt = model[layer]
            t = bt.detach().clone()
            single_point = False
            if len(t.shape) == 0:
                t = t.view(-1)
                single_point = True
                logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

            logging.info(f"Applying salt noise to layer {layer}")
            poisoned = torch.tensor(random_noise(t, mode="salt", amount=poisoned_ratio))

            if single_point:
                poisoned = poisoned[0]
                logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
            poisoned_model[layer] = poisoned

        return poisoned_model

apply_noise(model, poisoned_noise_percent)

Applies salt noise to model parameters.

Parameters:

Name Type Description Default
model OrderedDict

The model's parameters organized as an OrderedDict

 required
poisoned_noise_percent float

Percentage of noise to apply (0-100)

 required

Returns:

Type Description
OrderedDict

Modified model parameters with salt noise
Source code in nebula/addons/attacks/model/modelpoison.py 
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
def apply_noise(
    self,
    model: OrderedDict,
    poisoned_noise_percent: float,
) -> OrderedDict:
    """
    Applies salt noise to model parameters.

    Args:
        model: The model's parameters organized as an OrderedDict
        poisoned_noise_percent: Percentage of noise to apply (0-100)

    Returns:
        Modified model parameters with salt noise
    """
    poisoned_model = OrderedDict()
    poisoned_ratio = poisoned_noise_percent / 100.0

    for layer in model:
        bt = model[layer]
        t = bt.detach().clone()
        single_point = False
        if len(t.shape) == 0:
            t = t.view(-1)
            single_point = True
            logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")

        logging.info(f"Applying salt noise to layer {layer}")
        poisoned = torch.tensor(random_noise(t, mode="salt", amount=poisoned_ratio))

        if single_point:
            poisoned = poisoned[0]
            logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
        poisoned_model[layer] = poisoned

    return poisoned_model