AegisFed: Privacy-Preserving Federated Learning with Oriented Knowledge Purge against Poisoning Attacks
This is the code repository for AegisFed . The "code" folder contains the source code.
code/ # Main code directory
βββ main.py # Main program entry
βββ server.py # Server implementation (includes MPC aggregation methods)
βββ client.py # Client implementation (multiple attack types)
βββ models.py # Model definitions
βββ data.py # Data processing module
βββ save_results.py # Results saving module
βββ plt_figure.py # Visualization module
βββ Add_Secret_Share.py # Secret sharing base module
βββ mpc_utils.py # MPC-KMeans and weight computation utilities
- Python 3.7+
pip install torch torchvision
pip install numpy pandas
pip install scikit-learn
pip install matplotlib
pip install openpyxl
pip install backpack-for-python # For Hessian computation (required by ClientB)torch>=1.8.0
torchvision>=0.9.0
numpy>=1.19.0
pandas>=1.2.0
scikit-learn>=0.24.0
matplotlib>=3.3.0
openpyxl>=3.0.0
backpack>=0.1.0The project supports the following datasets, which should be stored in the data/ directory:
- MNIST: Handwritten digit recognition (10 classes)
- Fashion-MNIST: Fashion item classification (10 classes)
- CIFAR-10: Natural image classification (10 classes)
- CIFAR-100: Natural image classification (100 classes)
Datasets will be automatically downloaded or loaded from the data/ directory.
Run federated learning training with default configuration:
cd code
python main.pypython main.py \
--data_name mnist \ # Dataset name
--num_round 100 \ # Number of training rounds
--malicious_ratio 0.2 \ # Malicious client ratio
--malicious_client_type B \ # Malicious client type (B, C, D, E, F, G)
--alpha 0.5 \ # Non-IID degree (None means IID)
--stop_attack_round 50 # Disable all malicious attacks from this round onwards (optional)Parameter Description:
--data_name/-d: Dataset name, options:mnist,fashion_mnist,cifar10,cifar100--num_round/-r: Total number of federated training rounds (default: 100)--malicious_ratio/-m: Malicious client ratio, range [0,1] (default: 0.2)--malicious_client_type/-t: Malicious client type, options:B,C,D,E,F,G(default: B)--alpha/-a: Non-IID degree (Dirichlet distribution parameter, None means IID; smaller values indicate more non-uniform data)--stop_attack_round/-s: Disable all malicious attacks from this round onwards, clients switch to benign training (default: None, no disabling)
Note: This project is a research project. Please conduct thorough security assessment and performance testing before using in production environments.