In federated learning, model aggregation is vulnerable to adaptive model poisoning attacks, and existing static defenses lack robustness under data heterogeneity and dynamic threat landscapes. To address this, we propose a meta-learning-driven dynamic robust aggregation framework that formulates defense selection as a real-time, cost-aware control problem. We introduce a lightweight contextual bandit agent that dynamically schedules the optimal defense algorithm based on runtime diagnostic metrics—including gradient anomaly scores and client contribution entropy. The framework supports explicit trade-offs between security and model performance via an adjustable “risk tolerance” parameter. Extensive experiments demonstrate that our approach significantly outperforms single static defenses across diverse attacks (e.g., LIE, Min-Max) and heterogeneous data settings. It effectively mitigates stealthy poisoning while preserving global model integrity and convergence stability.

Federated Learning (FL) offers a paradigm for privacy-preserving collaborative AI, but its decentralized nature creates significant vulnerabilities to model poisoning attacks. While numerous static defenses exist, their effectiveness is highly context-dependent, often failing against adaptive adversaries or in heterogeneous data environments. This paper introduces FedStrategist, a novel meta-learning framework that reframes robust aggregation as a real-time, cost-aware control problem. We design a lightweight contextual bandit agent that dynamically selects the optimal aggregation rule from an arsenal of defenses based on real-time diagnostic metrics. Through comprehensive experiments, we demonstrate that no single static rule is universally optimal. We show that our adaptive agent successfully learns superior policies across diverse scenarios, including a ``Krum-favorable" environment and against a sophisticated "stealth" adversary designed to neutralize specific diagnostic signals. Critically, we analyze the paradoxical scenario where a non-robust baseline achieves high but compromised accuracy, and demonstrate that our agent learns a conservative policy to prioritize model integrity. Furthermore, we prove the agent's policy is controllable via a single "risk tolerance" parameter, allowing practitioners to explicitly manage the trade-off between performance and security. Our work provides a new, practical, and analyzable approach to creating resilient and intelligent decentralized AI systems.