“malicious or Benign?”: Enhancing the Contribution of Model Updates in Byzantine-Robust Heterogeneous Federated Learning

Byzantine-robust Federated Learning (FL) enables service providers to learn an accurate global model, even when some participants may be malicious. Existing Byzantine-robust FL approaches primarily rely on the service provider conducting statistical analysis on clients' model updates, filtering out anomalous ones before aggregation to refine the global model. However, these defenses struggle to distinguish benign outliers from anomalous model updates under Byzantine attacks and heterogeneous settings, thereby harming model generalization ability. To address this issue, we propose a Byzantine-robust aggregation scheme based on hybrid anomaly detection (HadAGG) in heterogeneous FL. Specifically, we introduce a hybrid filtering strategy combining cosine similarity and Shapley values to distinguish between benign, malicious, and anomalous but benign model updates. To effectively identify benign outliers, we propose a Shapley value-based approach by constructing a multi-objective utility function that integrates the loss function and model accuracy to compute the Federated Shapley value, which measures client contributions. To achieve Byzantine-robust aggregation, we correct malicious model updates via gradient projection instead of directly discarding them, and employ a weighted aggregation to ensure that all model updates have a positive effect on model performance. Finally, we perform a theoretical analysis and a comprehensive evaluation for our scheme. Experimental results show that HadAGG outperforms existing state-of-the-art (SOTA) Byzantine-robust aggregation methods under different attack scenarios.