This work addresses the vulnerability of federated learning to poisoning attacks launched by Byzantine clients, a challenge exacerbated by the limitations of existing defenses—either their inability to handle diverse attack types or their reliance on clean data held by the server. To overcome these issues, we propose AdaBFL, an adaptive Byzantine-robust aggregation framework that operates without any clean server-side data and is tailored for non-convex and non-IID settings. AdaBFL dynamically adjusts client aggregation weights through a three-tiered defense mechanism, supported by theoretical convergence guarantees. Extensive experiments demonstrate that AdaBFL consistently outperforms state-of-the-art methods across various attack scenarios, achieving superior robustness without compromising model utility.

Federated learning (FL) is a popular distributed learning paradigm in machine learning, which enables multiple clients to collaboratively train models under the guidance of a server without exposing private client data. However, FL's decentralized nature makes it vulnerable to poisoning attacks, where malicious clients can submit corrupted models to manipulate the system. To counter such attacks, although various Byzantine-robust methods have been proposed, these methods struggle to provide balanced defense against multiple types of attacks or rely on possessing the dataset in the server. To deal with these drawbacks, thus, we propose an effective multi-layer defensive adaptive aggregation for Bzantine-robust federated learning (AdaBFL) based on a novel three-layer defensive mechanism, which can adaptively adjust the weights of defense algorithms to counter complex attacks. Moreover, we provide convergence properties of our AdaBFL method under the non-convex setting on non-iid data. Comprehensive experiments across multiple datasets validate the superiority of our AdaBFL over the comparable algorithms.