A semantic-aware GNN malicious node detection framework via training-bias timing-sequence modeling over centralized federated learning

As federated learning expands into privacy-sensitive fields such as healthcare and finance, detecting malicious nodes becomes critical. Existing methods in centralized federated learning for update-based robust aggregation and malicious node detection often rely on static features and overlook how node behavior and relationships evolve over time, limiting their effectiveness against complex multi-round dynamic attacks. To address this issue, we introduce FedGNC, a Graph Neural Network-based framework which uses a time-aware graph structure to track node updates. This structure captures both behavioral shifts and evolving inter-node relationships across training rounds to allow detection of emerging anomalies. FedGNC compares node updates over time to reveal suspicious trends. It also includes an enhanced SageNet detector (based on GraphSAGE) that learns local node structures and interactions to spot subtle behavioral changes, often early signs of malicious activity. Experiments show that FedGNC improves detection accuracy by 5%–10% over the baseline, and outperforms representative state-of-the-art methods for update-based robust aggregation and malicious node detection under centralized federated learning settings by approximately 3% across various attack types, including adversarial, data/model poisoning and combined attacks.