To mitigate data reconstruction attacks (DRAs) in federated learning caused by malicious models distributed by the server, this paper proposes DRArmor, a novel defense framework. Methodologically, DRArmor introduces the first layer-wise contribution attribution mechanism for identifying malicious layers—departing from conventional whole-model protection—and enables fine-grained gradient anomaly detection and targeted intervention. It integrates SHAP-based gradient attribution, gradient consistency verification, selective noise injection, pixelation, and layer pruning to minimize the attack surface while preserving both privacy and model utility. Evaluated in a 200-client setting against the LoKI attack, DRArmor achieves a true positive rate of 91.0% and a true negative rate of 89.0%, reduces data leakage by 62.5%, and maintains model accuracy at 87%.

Federated Learning (FL) has emerged as a powerful paradigm for collaborative model training while keeping client data decentralized and private. However, it is vulnerable to Data Reconstruction Attacks (DRA) such as"LoKI"and"Robbing the Fed", where malicious models sent from the server to the client can reconstruct sensitive user data. To counter this, we introduce DRArmor, a novel defense mechanism that integrates Explainable AI with targeted detection and mitigation strategies for DRA. Unlike existing defenses that focus on the entire model, DRArmor identifies and addresses the root cause (i.e., malicious layers within the model that send gradients with malicious intent) by analyzing their contribution to the output and detecting inconsistencies in gradient values. Once these malicious layers are identified, DRArmor applies defense techniques such as noise injection, pixelation, and pruning to these layers rather than the whole model, minimizing the attack surface and preserving client data privacy. We evaluate DRArmor's performance against the advanced LoKI attack across diverse datasets, including MNIST, CIFAR-10, CIFAR-100, and ImageNet, in a 200-client FL setup. Our results demonstrate DRArmor's effectiveness in mitigating data leakage, achieving high True Positive and True Negative Rates of 0.910 and 0.890, respectively. Additionally, DRArmor maintains an average accuracy of 87%, effectively protecting client privacy without compromising model performance. Compared to existing defense mechanisms, DRArmor reduces the data leakage rate by 62.5% with datasets containing 500 samples per client.