In federated learning (FL), malicious clients can inject backdoors into the global model during aggregation, yet existing detection methods suffer from low accuracy and high computational overhead—especially for complex models. This paper proposes a real-time backdoor detection framework based on sampled network representations: it quantifies inter-client model discrepancies via cosine similarity to construct a client-level discrepancy graph, and integrates iterative robust clustering with anomaly removal to dynamically purify the aggregation process. Crucially, it is the first to embed iterative outlier elimination directly into the FL training pipeline, enabling high-accuracy, low-overhead, and robust runtime defense. Evaluated across multiple benchmark tasks, our method improves detection accuracy by 12.7%, reduces backdoor attack success rate to below 0.8%, and incurs less than 3% additional runtime overhead—significantly outperforming state-of-the-art approaches.

Federated learning (FL), as a powerful learning paradigm, trains a shared model by aggregating model updates from distributed clients. However, the decoupling of model learning from local data makes FL highly vulnerable to backdoor attacks, where a single compromised client can poison the shared model. While recent progress has been made in backdoor detection, existing methods face challenges with detection accuracy and runtime effectiveness, particularly when dealing with complex model architectures. In this work, we propose a novel approach to detecting malicious clients in an accurate, stable, and efficient manner. Our method utilizes a sampling-based network representation method to quantify dissimilarities between clients, identifying model deviations caused by backdoor injections. We also propose an iterative algorithm to progressively detect and exclude malicious clients as outliers based on these dissimilarity measurements. Evaluations across a range of benchmark tasks demonstrate that our approach outperforms state-of-the-art methods in detection accuracy and defense effectiveness. When deployed for runtime protection, our approach effectively eliminates backdoor injections with marginal overheads.