FedDefuse: a data-free self-training framework for reliable open-world federated defense
摘要
Defending federated learning (FL) in open-world deployments is challenging when the server has no trusted validation data, labels, or verified honest clients. We introduce FedDefuse, a server-side defense framework that operates without any external trusted data. The method relies on a self-training mechanism that derives pseudo-labels from structural and temporal patterns in client updates. These pseudo-labels are used to train a lightweight gating classifier that filters suspicious updates prior to aggregation. To improve separability between benign and malicious behavior, we construct a prototype-anchored contrastive embedding in which anchors are estimated from historical client representations. Decision stability under non-IID conditions is maintained through an exponentially weighted moving average reputation score combined with an adaptive threshold and a consecutive-confirmation rule. An ablation study using randomized pseudo-labels leads to noticeable degradation in later training rounds, indicating that the self-training component is central to the framework. Experiments on CIFAR-100 with ResNet-50 under non-IID label-flip attacks show that FedDefuse recovers 91.7% of the clean accuracy (60.85% TACC) while achieving high attribution performance (DACC 98.67%, FNR 5.00%, FPR 0.00%, tail-20). Although aggregation-only robust methods such as AFA and Trimmed-Mean obtain slightly higher TACC (within 1.84 percentage points), they do not provide client-level attribution. FedDefuse maintains competitive accuracy while enabling reliable attribution, demonstrating that effective federated defense is feasible in open-world settings without trusted data.