This work addresses the limited robustness of federated learning under extreme conditions characterized by non-independent and identically distributed (Non-IID) client data and a majority (>50%) of malicious participants. To this end, the authors propose a heuristic defense algorithm that integrates server-side learning, client update filtering, and geometric median-based aggregation. Notably, the method operates effectively even when the server possesses only a small amount of real or synthetic data whose distribution significantly diverges from that of the clients—a setting previously unaddressed in the literature. Experimental results demonstrate that the proposed approach substantially improves model accuracy under such highly adversarial scenarios, thereby confirming its strong robustness and practical efficacy.

This paper explores the use of server learning for enhancing the robustness of federated learning against malicious attacks even when clients' training data are not independent and identically distributed. We propose a heuristic algorithm that uses server learning and client update filtering in combination with geometric median aggregation. We demonstrate via experiments that this approach can achieve significant improvement in model accuracy even when the fraction of malicious clients is high, even more than $50\%$ in some cases, and the dataset utilized by the server is small and could be synthetic with its distribution not necessarily close to that of the clients' aggregated data.