Attacks¶
Krum provides several Byzantine attack strategies. Each attack follows a keyword-only contract and includes parameter validation.
Overview¶
Attack |
Description |
Complexity |
Target |
|---|---|---|---|
NaN |
Generates gradients with NaN values |
\(\mathcal{O}(d)\) |
Simple aggregators |
Identical (Bulyan) |
Uses ones vector as attack direction |
\(\mathcal{O}(nd)\) |
Multi-Krum based |
Identical (Empire) |
Uses negative average as direction |
\(\mathcal{O}(nd)\) |
Inner product based |
Identical (Little) |
Uses std dev as attack direction |
\(\mathcal{O}(nd)\) |
Distance-based |
where:
\(n\) = total number of workers
\(f\) = number of Byzantine workers
\(d\) = gradient dimension
Available Attacks¶
API Reference¶
Byzantine attack registry used to evaluate aggregation-rule robustness.
Each attack combines a keyword-only generation function with a validation function. Registered attacks are loaded dynamically and exposed as module-level callables.
Contract¶
Each attack MUST:
Accept keyword-only arguments.
Accept the reserved parameter
grad_honests(non-empty list of honest gradients).Accept the reserved parameter
f_decl(number of declared Byzantine gradients).Accept the reserved parameter
f_real(number of Byzantine gradients to generate).Accept the reserved parameter
model(model with configured defaults).Accept the reserved parameter
defense(aggregation rule to defeat).Return exactly
f_realtensors (list of Byzantine gradients).NOT return tensors that alias any honest input tensor.
MAY reuse the same Byzantine tensor object when all generated gradients are identical.
Each attack MUST provide a check function that validates parameters and
returns None when valid, or a user-facing error message otherwise.
The module exposes three variants for each attack:
attack: The default version (checked in debug mode, unchecked in release)attack.checked: Always validates parametersattack.unchecked: Skips validation (faster in production)