CyberDataLab
diff --git a/‎nebula/addons/attacks/dataset/datapoison.py‎
Lines changed: 25 additions & 20 deletions b/‎nebula/addons/attacks/dataset/datapoison.py‎
Lines changed: 25 additions & 20 deletions
diff --git a/‎nebula/addons/attacks/dataset/labelflipping.py‎
Lines changed: 16 additions & 7 deletions b/‎nebula/addons/attacks/dataset/labelflipping.py‎
Lines changed: 16 additions & 7 deletions
diff --git a/‎nebula/addons/attacks/model/modelpoison.py‎
Lines changed: 17 additions & 8 deletions b/‎nebula/addons/attacks/model/modelpoison.py‎
Lines changed: 17 additions & 8 deletions
@@ -32,11 +32,11 @@ class SamplePoisoningAttack(DatasetAttack):
         engine (object): The training engine object, including the associated
                          datamodule.
         attack_params (dict): Attack parameters including:
-            - poisoned_percent (float): The percentage of data points to be poisoned.
-            - poisoned_ratio (float): The ratio of poisoned data relative to the total dataset.
+            - poisoned_sample_percent (float): The percentage of data points to be poisoned (0-100).
+            - poisoned_noise_percent (float): The percentage of noise to be added to poisoned data (0-100).
             - targeted (bool): Whether the attack is targeted at a specific label.
-            - target_label (int): The target label for the attack (used if targeted is True).
-            - noise_type (str): The type of noise to introduce during the attack.
+            - target_label/targetLabel (int): The target label for the attack (used if targeted is True).
+            - noise_type/noiseType (str): The type of noise to introduce during the attack.
     """
 
     def __init__(self, engine, attack_params):
@@ -58,15 +58,17 @@ def __init__(self, engine, attack_params):
 
         super().__init__(engine, round_start, round_stop, attack_interval)
         self.datamodule = engine._trainer.datamodule
-        self.poisoned_percent = float(attack_params["poisoned_percent"])
-        self.poisoned_ratio = float(attack_params["poisoned_ratio"])
+        self.poisoned_percent = float(attack_params["poisoned_sample_percent"])
+        self.poisoned_noise_percent = float(attack_params["poisoned_noise_percent"])
         self.targeted = attack_params["targeted"]
-        self.target_label = int(attack_params["target_label"])
-        self.noise_type = attack_params["noise_type"].lower()
+        
+        # Handle both camelCase and snake_case parameter names
+        self.target_label = int(attack_params.get("target_label") or attack_params.get("targetLabel", 4))
+        self.noise_type = (attack_params.get("noise_type") or attack_params.get("noiseType", "Gaussian")).lower()
 
-    def apply_noise(self, t, noise_type, poisoned_ratio):
+    def apply_noise(self, t, noise_type, poisoned_noise_percent):
         """
-        Applies noise to a tensor based on the specified noise type and poisoning ratio.
+        Applies noise to a tensor based on the specified noise type and poisoning percentage.
 
         Args:
             t (torch.Tensor): The input tensor to which noise will be applied.
@@ -75,7 +77,7 @@ def apply_noise(self, t, noise_type, poisoned_ratio):
                 - "gaussian": Gaussian noise with mean 0 and specified variance.
                 - "s&p": Salt-and-pepper noise.
                 - "nlp_rawdata": Applies a custom NLP raw data poisoning function.
-            poisoned_ratio (float): The ratio or variance of noise to be applied, depending on the noise type.
+            poisoned_noise_percent (float): The percentage of noise to be applied (0-100).
 
         Returns:
             torch.Tensor: The tensor with noise applied. If the noise type is not supported,
@@ -90,6 +92,9 @@ def apply_noise(self, t, noise_type, poisoned_ratio):
              the `skimage.util` package, and returned as a `torch.Tensor`.
         """
         arr = t.detach().cpu().numpy() if isinstance(t, torch.Tensor) else np.array(t)
+        
+        # Convert percentage to ratio for noise application
+        poisoned_ratio = poisoned_noise_percent / 100.0
 
         if noise_type == "salt":
             return torch.tensor(random_noise(arr, mode=noise_type, amount=poisoned_ratio))
@@ -108,7 +113,7 @@ def datapoison(
         dataset,
         indices,
         poisoned_percent,
-        poisoned_ratio,
+        poisoned_noise_percent,
         targeted=False,
         target_label=3,
         noise_type="salt",
@@ -118,14 +123,14 @@ def datapoison(
 
         This function applies noise to randomly selected samples within a dataset.
         Noise can be targeted or non-targeted. In non-targeted poisoning, random samples
-        are chosen and altered using the specified noise type and ratio. In targeted poisoning,
+        are chosen and altered using the specified noise type and percentage. In targeted poisoning,
         only samples with a specified label are altered by adding an 'X' pattern.
 
         Args:
             dataset (Dataset): The dataset to poison, expected to have `.data` and `.targets` attributes.
             indices (list of int): The list of indices in the dataset to consider for poisoning.
-            poisoned_percent (float): The percentage of `indices` to poison, as a fraction (0 <= poisoned_percent <= 1).
-            poisoned_ratio (float): The intensity or probability parameter for the noise, depending on the noise type.
+            poisoned_percent (float): The percentage of `indices` to poison (0-100).
+            poisoned_noise_percent (float): The percentage of noise to apply to poisoned samples (0-100).
             targeted (bool, optional): If True, applies targeted poisoning by adding an 'X' only to samples with `target_label`.
                                        Default is False.
             target_label (int, optional): The label to target when `targeted` is True. Default is 3.
@@ -139,11 +144,11 @@ def datapoison(
             Dataset: A deep copy of the original dataset with poisoned data in `.data`.
 
         Raises:
-            ValueError: If `poisoned_percent` is not between 0 and 1, or if `noise_type` is unsupported.
+            ValueError: If `poisoned_percent` or `poisoned_noise_percent` is not between 0 and 100, or if `noise_type` is unsupported.
 
         Notes:
             - Non-targeted poisoning randomly selects samples from `indices` based on `poisoned_percent`.
-            - Targeted poisoning modifies only samples with `target_label` by adding an 'X' pattern, regardless of `poisoned_ratio`.
+            - Targeted poisoning modifies only samples with `target_label` by adding an 'X' pattern, regardless of `poisoned_noise_percent`.
         """
         new_dataset = copy.deepcopy(dataset)
         if not isinstance(new_dataset.targets, np.ndarray):
@@ -156,7 +161,7 @@ def datapoison(
             noise_type = noise_type[0]
 
         if not targeted:
-            num_poisoned = int(poisoned_percent * num_indices)
+            num_poisoned = int(poisoned_percent * num_indices / 100.0)  # Convert percentage to count
             if num_indices == 0:
                 return new_dataset
             if num_poisoned > num_indices:
@@ -168,7 +173,7 @@ def datapoison(
                 t = new_dataset.data[i]
                 if isinstance(t, tuple):
                     t = t[0]
-                poisoned = self.apply_noise(t, noise_type, poisoned_ratio)
+                poisoned = self.apply_noise(t, noise_type, poisoned_noise_percent)
                 if isinstance(t, tuple):
                     poisoned = (poisoned, t[1])
                 if isinstance(poisoned, torch.Tensor):
@@ -267,7 +272,7 @@ def get_malicious_dataset(self):
             self.datamodule.train_set,
             self.datamodule.train_set_indices,
             self.poisoned_percent,
-            self.poisoned_ratio,
+            self.poisoned_noise_percent,
             self.targeted,
             self.target_label,
             self.noise_type,
 
@@ -22,6 +22,14 @@ class LabelFlippingAttack(DatasetAttack):
 
     This attack alters the labels of certain data points in the training set to
     mislead the training process.
+
+    Args:
+        engine (object): The training engine object.
+        attack_params (dict): Parameters for the attack, including:
+            - poisoned_sample_percent (float): The percentage of data points to be poisoned (0-100).
+            - targeted (bool): Whether the attack is targeted at a specific label.
+            - target_label/targetLabel (int): The target label for the attack (used if targeted is True).
+            - target_changed_label/targetChangedLabel (int): The label to change to when targeted is True.
     """
 
     def __init__(self, engine, attack_params):
@@ -44,10 +52,12 @@ def __init__(self, engine, attack_params):
 
         super().__init__(engine, round_start, round_stop, attack_interval)
         self.datamodule = engine._trainer.datamodule
-        self.poisoned_percent = float(attack_params["poisoned_percent"])
+        self.poisoned_percent = float(attack_params["poisoned_sample_percent"])
         self.targeted = attack_params["targeted"]
-        self.target_label = int(attack_params["target_label"])
-        self.target_changed_label = int(attack_params["target_changed_label"])
+        
+        # Handle both camelCase and snake_case parameter names
+        self.target_label = int(attack_params.get("target_label") or attack_params.get("targetLabel", 4))
+        self.target_changed_label = int(attack_params.get("target_changed_label") or attack_params.get("targetChangedLabel", 7))
 
     def labelFlipping(
         self,
@@ -69,8 +79,7 @@ def labelFlipping(
             dataset (Dataset): The dataset containing training data, expected to be a PyTorch dataset
                                with a `.targets` attribute.
             indices (list of int): The list of indices in the dataset to consider for label flipping.
-            poisoned_percent (float, optional): The ratio of labels to change, expressed as a fraction
-                                                (0 <= poisoned_percent <= 1). Default is 0.
+            poisoned_percent (float, optional): The percentage of labels to change (0-100). Default is 0.
             targeted (bool, optional): If True, flips only labels matching `target_label` to `target_changed_label`.
                                        Default is False.
             target_label (int, optional): The label to change when `targeted` is True. Default is 4.
@@ -80,7 +89,7 @@ def labelFlipping(
             Dataset: A deep copy of the original dataset with modified labels in `.targets`.
 
         Raises:
-            ValueError: If `poisoned_percent` is not between 0 and 1, or if `flipping_percent` is invalid.
+            ValueError: If `poisoned_percent` is not between 0 and 100.
 
         Notes:
             - When not in targeted mode, labels are flipped for a random selection of indices based on the specified
@@ -98,7 +107,7 @@ def labelFlipping(
 
         if not targeted:
             num_indices = len(indices)
-            num_flipped = int(poisoned_percent * num_indices)
+            num_flipped = int(poisoned_percent * num_indices / 100.0)  # Convert percentage to count
             if num_indices == 0 or num_flipped > num_indices:
                 return
             flipped_indices = random.sample(indices, num_flipped)
 
@@ -29,7 +29,7 @@ class ModelPoisonAttack(ModelAttack):
     Args:
         engine (object): The training engine object that manages the aggregator.
         attack_params (dict): Parameters for the attack, including:
-            - poisoned_ratio (float): The ratio of model weights to be poisoned.
+            - poisoned_noise_percent (float): The percentage of noise to be added to model weights (0-100).
             - noise_type (str): The type of noise to introduce during the attack.
     """
 
@@ -52,21 +52,21 @@ def __init__(self, engine, attack_params):
 
         super().__init__(engine, round_start, round_stop, attack_interval)
 
-        self.poisoned_ratio = float(attack_params["poisoned_ratio"])
+        self.poisoned_noise_percent = float(attack_params["poisoned_noise_percent"])
         self.noise_type = attack_params["noise_type"].lower()
 
-    def modelPoison(self, model: OrderedDict, poisoned_ratio, noise_type="gaussian"):
+    def modelPoison(self, model: OrderedDict, poisoned_noise_percent, noise_type="gaussian"):
         """
         Adds random noise to the parameters of a model for the purpose of data poisoning.
 
         This function modifies the model's parameters by injecting noise according to the specified
-        noise type and ratio. Various types of noise can be applied, including salt noise, Gaussian
+        noise type and percentage. Various types of noise can be applied, including salt noise, Gaussian
         noise, and salt-and-pepper noise.
 
         Args:
             model (OrderedDict): The model's parameters organized as an `OrderedDict`. Each key corresponds
                                  to a layer, and each value is a tensor representing the parameters of that layer.
-            poisoned_ratio (float): The proportion of noise to apply, expressed as a fraction (0 <= poisoned_ratio <= 1).
+            poisoned_noise_percent (float): The percentage of noise to apply (0-100).
             noise_type (str, optional): The type of noise to apply to the model parameters. Supported types are:
                                         - "salt": Applies salt noise, replacing random elements with 1.
                                         - "gaussian": Applies Gaussian-distributed additive noise.
@@ -77,38 +77,47 @@ def modelPoison(self, model: OrderedDict, poisoned_ratio, noise_type="gaussian")
             OrderedDict: A new `OrderedDict` containing the model parameters with noise added.
 
         Raises:
-            ValueError: If `poisoned_ratio` is not between 0 and 1, or if `noise_type` is unsupported.
+            ValueError: If `poisoned_noise_percent` is not between 0 and 100, or if `noise_type` is unsupported.
 
         Notes:
             - If a layer's tensor is a single point (0-dimensional), it will be reshaped for processing.
             - Unsupported noise types will result in an error message, and the original tensor will be retained.
         """
         poisoned_model = OrderedDict()
         if not isinstance(noise_type, str):
+            logging.info(f"Noise type is not a string, converting to string: {noise_type}")
             noise_type = noise_type[0]
 
+        # Convert percentage to ratio for noise application
+        poisoned_ratio = poisoned_noise_percent / 100.0
+
         for layer in model:
             bt = model[layer]
             t = bt.detach().clone()
             single_point = False
             if len(t.shape) == 0:
                 t = t.view(-1)
                 single_point = True
+                logging.info(f"Layer {layer} is a single point, reshaping to {t.shape}")
 
             if noise_type == "salt":
+                logging.info(f"Applying salt noise to layer {layer}")
                 # Replaces random pixels with 1.
                 poisoned = torch.tensor(random_noise(t, mode=noise_type, amount=poisoned_ratio))
             elif noise_type == "gaussian":
+                logging.info(f"Applying gaussian noise to layer {layer}")
                 # Gaussian-distributed additive noise.
                 poisoned = torch.tensor(random_noise(t, mode=noise_type, mean=0, var=poisoned_ratio, clip=True))
             elif noise_type == "s&p":
+                logging.info(f"Applying salt-and-pepper noise to layer {layer}")
                 # Replaces random pixels with either 1 or low_val, where low_val is 0 for unsigned images or -1 for signed images.
                 poisoned = torch.tensor(random_noise(t, mode=noise_type, amount=poisoned_ratio))
             else:
                 logging.info(f"ERROR: noise_type '{noise_type}' not supported in model poison attack.")
                 poisoned = t
             if single_point:
                 poisoned = poisoned[0]
+                logging.info(f"Layer {layer} is a single point, reshaping to {poisoned.shape}")
             poisoned_model[layer] = poisoned
 
         return poisoned_model
@@ -123,6 +132,6 @@ def model_attack(self, received_weights):
         Returns:
             any: The modified model weights after applying the poisoning attack.
         """
-        logging.info("[ModelPoisonAttack] Performing model poison attack")
-        received_weights = self.modelPoison(received_weights, self.poisoned_ratio, self.noise_type)
+        logging.info(f"[ModelPoisonAttack] Performing model poison attack with poisoned_noise_percent={self.poisoned_noise_percent} and noise_type={self.noise_type}")
+        received_weights = self.modelPoison(received_weights, self.poisoned_noise_percent, self.noise_type)
         return received_weights