To address Sybil-style targeted data poisoning attacks orchestrated by malicious clients in federated learning, this paper proposes a general defense mechanism grounded in linear algebraic modeling. The core innovation lies in formulating parameter aggregation as an independent linear combination extraction problem, enabling precise identification and removal of malicious gradient components via sparse representation learning and redundancy filtering. Unlike existing robust aggregation methods—whose performance degrades severely under high adversary fractions (>50%)—our approach imposes no assumptions on task semantics or client clustering structure. Extensive experiments demonstrate that the method significantly reduces attack success rates across 20%–80% malicious client ratios; notably, model accuracy remains consistently high within the 20%–50% range. It outperforms five state-of-the-art defenses—including Sherpa, CONTRA, and Median—across all evaluated metrics, establishing new benchmarks for robustness under strong adversarial conditions.

Sybil attacks pose a significant threat to federated learning, as malicious nodes can collaborate and gain a majority, thereby overwhelming the system. Therefore, it is essential to develop countermeasures that ensure the security of federated learning environments. We present a novel defence method against targeted data poisoning, which is one of the types of Sybil attacks, called Linear Algebra-based Detection (FedLAD). Unlike existing approaches, such as clustering and robust training, which struggle in situations where malicious nodes dominate, FedLAD models the federated learning aggregation process as a linear problem, transforming it into a linear algebra optimisation challenge. This method identifies potential attacks by extracting the independent linear combinations from the original linear combinations, effectively filtering out redundant and malicious elements. Extensive experimental evaluations demonstrate the effectiveness of FedLAD compared to five well-established defence methods: Sherpa, CONTRA, Median, Trimmed Mean, and Krum. Using tasks from both image classification and natural language processing, our experiments confirm that FedLAD is robust and not dependent on specific application settings. The results indicate that FedLAD effectively protects federated learning systems across a broad spectrum of malicious node ratios. Compared to baseline defence methods, FedLAD maintains a low attack success rate for malicious nodes when their ratio ranges from 0.2 to 0.8. Additionally, it preserves high model accuracy when the malicious node ratio is between 0.2 and 0.5. These findings underscore FedLAD's potential to enhance both the reliability and performance of federated learning systems in the face of data poisoning attacks.