FedTLA: Trust‐Differentiated Selective Aggregation for Backdoor‐Resilient Federated Learning
Hongjiao Li, Qianli Tang, Yalong WangABSTRACT
Federated Learning (FL) has emerged as a promising paradigm for privacy‐preserving collaborative training, yet it remains inherently vulnerable to stealthy backdoor attacks where adversaries inject malicious triggers to compromise system integrity. Existing defenses, however, face distinct limitations: deployment‐heavy methods requiring auxiliary data or client modifications incur prohibitive costs, while statistical filtering methods struggle to distinguish stealthy attacks from benign heterogeneity in Non‐IID settings. To address these challenges, we propose FedTLA, a purely server‐side two‐phase defense framework that aims to balance robustness and utility under realistic Non‐IID conditions. In Phase 1, FedTLA extracts multidimensional descriptors from uploaded updates and performs deterministic trust stratification through PCA‐assisted ensemble anomaly scoring, thereby stabilizing malicious‐client ranking without relying on hyperparameter‐sensitive clustering boundaries. Instead of using monolithic averaging or binary exclusion after screening, Phase 2 performs trust‐differentiated selective aggregation, where high‐trust updates are fully integrated while medium‐trust contributions are restricted to the shared representation subspace so as to preserve benign heterogeneity while structurally limiting the attack surface. Extensive experiments on MNIST, CIFAR‐10, and CIFAR‐100 demonstrate that FedTLA consistently delivers a strong robustness–utility trade‐off over representative baselines without requiring auxiliary clean data. Notably, under a 40% malicious ratio on CIFAR‐100, FedTLA improves main‐task accuracy by 5.73 percentage points while reducing backdoor accuracy to 2.84% .