This work addresses the vulnerability of federated learning in synthetic aperture radar (SAR) image target recognition to backdoor attacks, wherein malicious clients embed triggers via multiplicative speckle noise, severely compromising model robustness. To counter this threat, the paper proposes NADAFD, a novel defense framework that integrates frequency-domain collaborative inversion, mask-guided adversarial training grounded in Γ-distribution-based noise modeling, and dynamic weight aggregation informed by client behavior—collectively establishing a privacy-preserving backdoor defense tailored for SAR scenarios. Experimental results on the MSTAR and OpenSARShip datasets demonstrate that NADAFD significantly reduces backdoor attack success rates while maintaining high accuracy on clean samples, outperforming existing federated defense approaches.

As a critical application of computational intelligence in remote sensing, deep learning-based synthetic aperture radar (SAR) image target recognition facilitates intelligent perception but typically relies on centralized training, where multi-source SAR data are uploaded to a single server, raising privacy and security concerns. Federated learning (FL) provides an emerging computational intelligence paradigm for SAR image target recognition, enabling cross-site collaboration while preserving local data privacy. However, FL confronts critical security risks, where malicious clients can exploit SAR's multiplicative speckle noise to conceal backdoor triggers, severely challenging the robustness of the computational intelligence model. To address this challenge, we propose NADAFD, a noise-aware and dynamically adaptive federated defense framework that integrates frequency-domain, spatial-domain, and client-behavior analyses to counter SAR-specific backdoor threats. Specifically, we introduce a frequency-domain collaborative inversion mechanism to expose cross-client spectral inconsistencies indicative of hidden backdoor triggers. We further design a noise-aware adversarial training strategy that embeds $\Gamma$-distributed speckle characteristics into mask-guided adversarial sample generation to enhance robustness against both backdoor attacks and SAR speckle noise. In addition, we present a dynamic health assessment module that tracks client update behaviors across training rounds and adaptively adjusts aggregation weights to mitigate evolving malicious contributions. Experiments on MSTAR and OpenSARShip datasets demonstrate that NADAFD achieves higher accuracy on clean test samples and a lower backdoor attack success rate on triggered inputs than existing federated backdoor defenses for SAR target recognition.