Heterogeneity-Aware Poisoning Attacks and Mitigation in Federated Learning: A Comprehensive Survey and Taxonomy
Aimen Djemaa, Djamel Djenouri, Phil LeggFederated learning (FL) enables collaborative model training without sharing raw data, but remains vulnerable to poisoning attacks in which malicious participants manipulate local data, model updates, gradients, or learned behaviours to degrade performance or introduce targeted failures. These threats become harder to assess and mitigate in heterogeneous federated learning (HFL), where clients may differ in data distributions, model architectures, task objectives, resource availability, communication reliability, participation patterns, privacy constraints, and deployment environments. Existing surveys provide valuable coverage of FL security, poisoning attacks, robust aggregation, privacy-preserving mechanisms, and heterogeneity, but they do not sufficiently analyse how heterogeneity changes both poisoning behaviour and mitigation reliability. This survey addresses that gap by examining how statistical, model, task, device, communication, and participation heterogeneity affect poisoning feasibility, stealth, persistence, impact, transferability, attribution, and detectability. It then proposes a heterogeneity-aware taxonomy of poisoning mitigation mechanisms and compares existing strategies using operational criteria centred on attack–defence alignment, evidence validity, server visibility, privacy compatibility, scalability, deployment feasibility, and benign-client preservation. The central argument is that poisoning mitigation in HFL should not be evaluated only by attack type, defence family, clean accuracy, or attack success rate but also by whether defences observe and protect the channels through which heterogeneity-shaped attacks are expressed. The survey further identifies open challenges for developing channel-aware, privacy-compatible, scalable, adaptive, and false-positive-aware defences that preserve useful benign diversity under realistic HFL conditions.