Byzantine-Robust Asynchronous Federated Learning via Feature Fingerprinting

Asynchronous federated learning (AFL) accelerates collaborative training across heterogeneous devices compared to synchronous federated learning, but increases vulnerability to Byzantine attacks due to its asynchronous aggregation. Existing defenses rely on parametric similarity between models and temporal consistency of updates, which are compromised by data and device heterogeneity, leading to ineffective robustness. To address this limitation, we propose Belisa, a Byzantine-robust AFL framework that enhances fidelity, robustness, and efficiency under heterogeneous scenarios. Belisa introduces novel discrepancies between feature representations of local models to distinguish malicious models from benign ones. By leveraging a reference model trained on publicly available data, Belisa quantifies these discrepancies, referred to as feature fingerprints, and filters out malicious models through clustering. Extensive experiments on six datasets from three types of tasks under five advanced Byzantine attacks demonstrate Belisa’s superiority. Notably, Belisa consistently outperforms existing approaches across both attack and non-attack settings. Under attack scenarios, it lowers the average test error rate to 0.42× that of baseline methods. Furthermore, Belisa accelerates the aggregation process by an average of 12.3× compared to other methods. To the best of our knowledge, Belisa is the first Byzantine-robust AFL framework, which provides a broadly applicable countermeasure in heterogeneous scenarios which are more prevalent in real-world settings.