This work addresses the challenge that existing Byzantine-robust federated learning methods struggle to simultaneously achieve fast convergence, stability, and high model utility under a high proportion of colluding malicious clients. To this end, the authors propose a dual-filtering mechanism based on iterative distribution matching and negative contribution evaluation. The approach first models client behavior through attack-resilient condensed data generation, then dynamically identifies and discards anomalous updates by integrating directional consistency checks with a loss-based negative contribution rejection strategy. Experimental results demonstrate that the proposed method achieves rapid and stable convergence across three benchmark datasets against various state-of-the-art Byzantine attacks, while significantly preserving model performance.

Most existing Byzantine-robust federated learning (FL) methods suffer from slow and unstable convergence. Moreover, when handling a substantial proportion of colluded malicious clients, achieving robustness typically entails compromising model utility. To address these issues, this work introduces FedIDM, which employs distribution matching to construct trustworthy condensed data for identifying and filtering abnormal clients. FedIDM consists of two main components: (1) attack-tolerant condensed data generation, and (2) robust aggregation with negative contribution-based rejection. These components exclude local updates that (1) deviate from the update direction derived from condensed data, or (2) cause a significant loss on the condensed dataset. Comprehensive evaluations on three benchmark datasets demonstrate that FedIDM achieves fast and stable convergence while maintaining acceptable model utility, under multiple state-of-the-art Byzantine attacks involving a large number of malicious clients.