FLTG: Byzantine-Robust Federated Learning via Angle-Based Defense and Non-IID-Aware Weighting
Yanhua Wen, Lu Ai, Gang Liu, Chuang Li, Jianhao Wei
TL;DR
This work tackles Byzantine attacks in Federated Learning, especially under highly non-IID data and large fractions of malicious clients. It introduces FLTG, an angle-based aggregation that uses a server-side clean dataset to filter updates with ReLU-clipped cosine similarity, selects a dynamic reference client guided by the previous global model, and weights updates inversely to angular deviation while normalizing magnitudes to align updates on a common hypersphere. Through experiments on MNIST and CIFAR-10 with diverse attacks, FLTG demonstrates superior accuracy and attack resistance compared to state-of-the-art methods, maintaining robustness even when the malicious client proportion exceeds 50%. The approach offers a practical route to more reliable FL in heterogeneous, adversarial environments and informs future directions for privacy-preserving, scalable aggregation.
Abstract
Byzantine attacks during model aggregation in Federated Learning (FL) threaten training integrity by manipulating malicious clients' updates. Existing methods struggle with limited robustness under high malicious client ratios and sensitivity to non-i.i.d. data, leading to degraded accuracy. To address this, we propose FLTG, a novel aggregation algorithm integrating angle-based defense and dynamic reference selection. FLTG first filters clients via ReLU-clipped cosine similarity, leveraging a server-side clean dataset to exclude misaligned updates. It then dynamically selects a reference client based on the prior global model to mitigate non-i.i.d. bias, assigns aggregation weights inversely proportional to angular deviations, and normalizes update magnitudes to suppress malicious scaling. Evaluations across datasets of varying complexity under five classic attacks demonstrate FLTG's superiority over state-of-the-art methods under extreme bias scenarios and sustains robustness with a higher proportion(over 50%) of malicious clients.
