- This is the PyTorch implementation for ICLR 2023 paper "FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning".
- This paper also wins a Best Paper Award 🏆 at ECCV 2022 AROW Workshop.
- [openreview] | [arXiv] | [workshop slides]
- Python >= 3.7.10
- PyTorch >= 1.7.1
- TorchVision >= 0.8.2
- PyYAML >= 6.0
- Pre-trained clean models prepared in the directory
./saved_models/. - You can also train from round 0 to obtain the pre-trained clean models.
- Run the following commands to reproduce the results in the paper.
# Create python environment (optional)
conda env create -f environment.yml
source activate flipPrior to federated training and inverting, make sure to create a data directory ./data/ and set the correct parameters in the .yaml file for single-shot or continuous FL backdoor attacks. Parameters can be found in the ./utils/xx.yaml directory.
python main.py --params utils/mnist.yamlpython main.py --params utils/fashion_mnist.yamlpython main.py --params utils/cifar.yaml.
├── data # data directory
├── models # model structures for different datasets
├── saved_models # pre-trained clean models and saved models during training
│ ├── cifar_pretrain # pre-trained clean models on CIFAR-10
│ ├── fashion_mnist_pretrain # pre-trained clean models on Fashion-MNIST
│ └── mnist_pretrain # pre-trained clean models on MNIST
├── utils # utils / params for different datasets
├── config.py # set GPU device and global variables
├── helper.py # helper functions
├── image_helper.py # helper functions for image datasets, e.g., load data, etc.
├── image_train.py # normal training and invert training
├── invert_CIFAR.py # benign local clients invert training on CIFAR-10
├── invert_FashionMNIST.py # benign local clients invert training on Fashion-MNIST
├── invert_MNIST.py # benign local clients invert training on MNIST
├── main.py # main function, run this file to train and invert
├── test.py # test metrics
├── train.py # train function, image_train.py is called in this file
└── ...
Please cite our work as follows for any purpose of usage.
@inproceedings{
zhang2023flip,
title={{FLIP}: A Provable Defense Framework for Backdoor Mitigation in Federated Learning},
author={Kaiyuan Zhang and Guanhong Tao and Qiuling Xu and Siyuan Cheng and Shengwei An and Yingqi Liu and Shiwei Feng and Guangyu Shen and Pin-Yu Chen and Shiqing Ma and Xiangyu Zhang},
booktitle={The Eleventh International Conference on Learning Representations },
year={2023},
url={https://openreview.net/forum?id=Xo2E217_M4n}
}