Federated learning (FL) is highly vulnerable to label-flipping attacks, where malicious clients manipulate local labels to severely degrade global model performance; existing defenses often rely on server-side detection mechanisms with high computational overhead, compromising the trade-off between security and efficiency. To address this, we propose a lightweight, client-side defense framework that jointly performs label consistency verification and lightweight anomaly detection locally, enabling autonomous identification and filtering of malicious model updates—thereby significantly reducing server-side aggregation burden. Our approach requires no modification to the underlying FL architecture and is robust under non-IID data distributions and multi-class attack settings. Extensive experiments on CIFAR-10 and FEMNIST demonstrate that our method achieves defense performance comparable to state-of-the-art approaches while reducing server computation overhead by up to 62%, without sacrificing model accuracy or system robustness.

Federated learning (FL) enables privacy-preserving model training by keeping data decentralized. However, it remains vulnerable to label-flipping attacks, where malicious clients manipulate labels to poison the global model. Despite their simplicity, these attacks can severely degrade model performance, and defending against them remains challenging. We introduce AntiFLipper, a novel and computationally efficient defense against multi-class label-flipping attacks in FL. Unlike existing methods that ensure security at the cost of high computational overhead, AntiFLipper employs a novel client-side detection strategy, significantly reducing the central server's burden during aggregation. Comprehensive empirical evaluations across multiple datasets under different distributions demonstrate that AntiFLipper achieves accuracy comparable to state-of-the-art defenses while requiring substantially fewer computational resources in server side. By balancing security and efficiency, AntiFLipper addresses a critical gap in existing defenses, making it particularly suitable for resource-constrained FL deployments where both model integrity and operational efficiency are essential.