In 6G-enabled multi-access edge computing (MEC) systems, existing model-based anomaly detection methods for defending against model poisoning attacks in federated learning lack robustness under device heterogeneity and sophisticated attack patterns. To address this, we propose a novel framework integrating device-level uplink traffic time-series analysis with mobile target defense (MTD). First, we employ recurrent neural networks to model temporal traffic characteristics over 6G wireless channels, thereby evaluating participant trustworthiness without accessing local model parameters. Second, we design a deep reinforcement learning–driven dynamic topology mutation mechanism to adaptively optimize edge node collaboration. The framework significantly improves detection speed and accuracy against DDoS- and botnet-style poisoning attacks. Evaluated in low-latency edge environments, it demonstrates strong security guarantees, real-time responsiveness, and practical deployability.

Collaboration opportunities for devices are facilitated with Federated Learning (FL). Edge computing facilitates aggregation at edge and reduces latency. To deal with model poisoning attacks, model-based outlier detection mechanisms may not operate efficiently with hetereogenous models or in recognition of complex attacks. This paper fosters the defense line against model poisoning attack by exploiting device-level traffic analysis to anticipate the reliability of participants. FL is empowered with a topology mutation strategy, as a Moving Target Defence (MTD) strategy to dynamically change the participants in learning. Based on the adoption of recurrent neural networks for time-series analysis of traffic and a 6G wireless model, optimization framework for MTD strategy is given. A deep reinforcement mechanism is provided to optimize topology mutation in adaption with the anticipated Byzantine status of devices and the communication channel capabilities at devices. For a DDoS attack detection application and under Botnet attack at devices level, results illustrate acceptable malicious models exclusion and improvement in recognition time and accuracy.