Federated learning (FL) inherently preserves data privacy but remains vulnerable to Byzantine attacks, data poisoning, Sybil attacks, and unintended privacy leakage. To address these multifaceted security threats, this paper systematically surveys over 200 scholarly works and proposes the first unified framework that jointly enhances security and preserves privacy. The framework integrates differential privacy, secure aggregation, robust/Byzantine-resilient aggregation, and cryptographic techniques, while explicitly modeling the privacy–security–performance trade-off under non-IID data distributions. Our analysis identifies common limitations in existing approaches—particularly concerning scalability, dynamic adaptability, and energy efficiency—and, for the first time, characterizes the practical effectiveness boundaries and deployment bottlenecks of mainstream attack and defense strategies. The work provides both theoretical foundations and actionable guidelines for building trustworthy FL systems, and outlines key research directions toward dynamic, heterogeneous environments.

Federated Learning (FL) is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provides a comprehensive overview of more than 200 papers regarding the state-of-the-art attacks and defense mechanisms developed to address these challenges, categorizing them into security-enhancing and privacy-preserving techniques. Security-enhancing methods aim to improve FL robustness against malicious behaviors such as byzantine attacks, poisoning, and Sybil attacks. At the same time, privacy-preserving techniques focus on protecting sensitive data through cryptographic approaches, differential privacy, and secure aggregation. We critically analyze the strengths and limitations of existing methods, highlight the trade-offs between privacy, security, and model performance, and discuss the implications of non-IID data distributions on the effectiveness of these defenses. Furthermore, we identify open research challenges and future directions, including the need for scalable, adaptive, and energy-efficient solutions operating in dynamic and heterogeneous FL environments. Our survey aims to guide researchers and practitioners in developing robust and privacy-preserving FL systems, fostering advancements safeguarding collaborative learning frameworks' integrity and confidentiality.