To address the dual challenges of high encryption overhead and weak resilience against adaptive model poisoning attacks in privacy-preserving federated learning (PPFL) for industrial IoT, this paper proposes a lightweight and robust collaborative defense framework. Methodologically, it replaces conventional encryption with lightweight gradient masking; integrates singular value decomposition and cosine similarity for feature-aware anomaly detection; designs a dynamic trust-score-based adaptive aggregation mechanism; and leverages blockchain for immutable aggregation result recording and auditable traceability. The key contribution lies in the first holistic integration of gradient masking, trustworthy aggregation, and on-chain auditing—ensuring data privacy while significantly enhancing robustness against four advanced poisoning attack types. Experiments on two public datasets demonstrate over 30% reduction in communication and computational overhead, alongside superior training efficiency compared to state-of-the-art PPFL approaches.

Privacy-Preserving Federated Learning (PPFL) has emerged as a secure distributed Machine Learning (ML) paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating anomaly detection. Nevertheless, they still face two major challenges: (1) the reliance on heavyweight encryption techniques results in substantial communication and computation overhead; and (2) single-strategy defense mechanisms often fail to provide sufficient robustness against adaptive adversaries. To overcome these challenges, we propose DP2Guard, a lightweight PPFL framework that enhances both privacy and robustness. DP2Guard leverages a lightweight gradient masking mechanism to replace costly cryptographic operations while ensuring the privacy of local gradients. A hybrid defense strategy is proposed, which extracts gradient features using singular value decomposition and cosine similarity, and applies a clustering algorithm to effectively identify malicious gradients. Additionally, DP2Guard adopts a trust score-based adaptive aggregation scheme that adjusts client weights according to historical behavior, while blockchain records aggregated results and trust scores to ensure tamper-proof and auditable training. Extensive experiments conducted on two public datasets demonstrate that DP2Guard effectively defends against four advanced poisoning attacks while ensuring privacy with reduced communication and computation costs.