To address data poisoning attacks launched by malicious clients under non-IID data distributions in federated learning, this paper proposes an unsupervised, adaptive robust defense mechanism. The method first clusters client gradients from initial training rounds and models the resulting benign update distribution via a multivariate Gaussian—establishing a dynamic baseline for identifying and filtering malicious or low-quality model updates. It further introduces a selective aggregation strategy that weights and combines only trustworthy updates, thereby enhancing global model robustness. Extensive experiments on image and tabular datasets demonstrate that the approach improves target-class accuracy by 43–65% compared to state-of-the-art defenses, while requiring no labeled data or prior knowledge of attack patterns. The core contributions lie in (i) the novel integration of gradient clustering with probabilistic modeling to characterize benign update distributions, and (ii) an adaptive, threshold-free filtering mechanism that dynamically excludes outliers without supervision.

Federated Learning (FL) has recently emerged as a revolutionary approach to collaborative training Machine Learning models. In particular, it enables decentralized model training while preserving data privacy, but its distributed nature makes it highly vulnerable to a severe attack known as Data Poisoning. In such scenarios, malicious clients inject manipulated data into the training process, thereby degrading global model performance or causing targeted misclassification. In this paper, we present a novel defense mechanism called GShield, designed to detect and mitigate malicious and low-quality updates, especially under non-independent and identically distributed (non-IID) data scenarios. GShield operates by learning the distribution of benign gradients through clustering and Gaussian modeling during an initial round, enabling it to establish a reliable baseline of trusted client behavior. With this benign profile, GShield selectively aggregates only those updates that align with the expected gradient patterns, effectively isolating adversarial clients and preserving the integrity of the global model. An extensive experimental campaign demonstrates that our proposed defense significantly improves model robustness compared to the state-of-the-art methods while maintaining a high accuracy of performance across both tabular and image datasets. Furthermore, GShield improves the accuracy of the targeted class by 43% to 65% after detecting malicious and low-quality clients.