In federated learning, malicious clients degrade global model robustness by injecting poisoned model updates via Byzantine or backdoor attacks. Existing defenses rely either on a trusted server-side root dataset or statistical clipping (e.g., trimmed mean), both of which impose restrictive assumptions about data distribution and often erroneously discard contributions from minority-class clients. This paper proposes a robust aggregation framework that requires no root dataset and makes no assumptions about data distribution. It introduces a novel dynamic weighted aggregation mechanism that jointly models update deviations, unsupervisedly identifies benign clients, and optimizes a robust aggregation objective. Evaluated across multiple benchmark datasets and diverse attack scenarios, our method achieves over 15% higher defense success rate than state-of-the-art approaches while preserving model accuracy—demonstrating superior practicality and generalizability.

Federated Learning (FL) enables collaborative machine learning model training across multiple parties without sharing raw data. However, FL's distributed nature allows malicious clients to impact model training through Byzantine or backdoor attacks, using erroneous model updates. Existing defenses measure the deviation of each update from a 'ground-truth model update.' They often rely on a benign root dataset on the server or use trimmed mean or median for clipping, both methods having limitations. We introduce FedTruth, a robust defense against model poisoning in FL. FedTruth doesn't assume specific data distributions nor requires a benign root dataset. It estimates a global model update with dynamic aggregation weights, considering contributions from all benign clients. Empirical studies demonstrate FedTruth's efficacy in mitigating the impacts of poisoned updates from both Byzantine and backdoor attacks.