Federated learning is vulnerable to Byzantine attacks and data poisoning by malicious clients; existing defenses rely on static thresholds and binary decisions, failing to adapt to dynamic, adaptive threats. This paper proposes an adaptive multi-dimensional reputation framework that models client trustworthiness as a continuous, multi-dimensional score. It integrates self-calibrating thresholds, reputation-weighted soft-exclusion aggregation, and local differential privacy–protected reputation computation. To rigorously evaluate robustness, we innovatively design Statistical Mimicry (SM)—a high-stealth attack serving as a challenging benchmark. Extensive experiments on MNIST, CIFAR-10, and SVHN demonstrate that our method outperforms state-of-the-art approaches: it improves model accuracy, accelerates convergence, enhances attack resilience by 16%, and maintains stable convergence even under 30% non-malicious-but-non-IID baselines. Moreover, it achieves superior detection performance with low communication and computational overhead.

Federated learning (FL) enables collaborative model training while preserving data privacy. However, it remains vulnerable to malicious clients who compromise model integrity through Byzantine attacks, data poisoning, or adaptive adversarial behaviors. Existing defense mechanisms rely on static thresholds and binary classification, failing to adapt to evolving client behaviors in real-world deployments. We propose FLARE, an adaptive reputation-based framework that transforms client reliability assessment from binary decisions to a continuous, multi-dimensional trust evaluation. FLARE integrates: (i) a multi-dimensional reputation score capturing performance consistency, statistical anomaly indicators, and temporal behavior, (ii) a self-calibrating adaptive threshold mechanism that adjusts security strictness based on model convergence and recent attack intensity, (iii) reputation-weighted aggregation with soft exclusion to proportionally limit suspicious contributions rather than eliminating clients outright, and (iv) a Local Differential Privacy (LDP) mechanism enabling reputation scoring on privatized client updates. We further introduce a highly evasive Statistical Mimicry (SM) attack, a benchmark adversary that blends honest gradients with synthetic perturbations and persistent drift to remain undetected by traditional filters. Extensive experiments with 100 clients on MNIST, CIFAR-10, and SVHN demonstrate that FLARE maintains high model accuracy and converges faster than state-of-the-art Byzantine-robust methods under diverse attack types, including label flipping, gradient scaling, adaptive attacks, ALIE, and SM. FLARE improves robustness by up to 16% and preserves model convergence within 30% of the non-attacked baseline, while achieving strong malicious-client detection performance with minimal computational overhead. https://github.com/Anonymous0-0paper/FLARE