Enhancing Model Robustness in Federated Learning: A Systematic Literature Review of Byzantine-Resilient Aggregation Methods
DOI:
https://doi.org/10.21015/vtse.v13i2.2163Abstract
The demand for privacy-preserving machine learning has led to the rise of Federated Learning (FL), where multiple clients collaboratively train a model without sharing raw data. Despite its privacy benefits, FL is vulnerable to Byzantine failures, where malicious or faulty participants inject corrupted updates, threatening model integrity. To address this, a range of Byzantine-resilient aggregation techniques have been proposed, including statistical filters (e.g., Trimmed Mean, Krum), trust-based weighting, cryptographic protocols, and hybrid strategies. This paper presents a systematic literature review (SLR) of these defenses, evaluating their robustness, scalability, and suitability for real-world applications. Challenges such as non-IID data, adaptive attacks, and trade-offs between security and efficiency are critically examined. In addition, we explore emerging trends such as domain-specific defenses, energy-aware FL, quantum-resilient methods, and federated zero-knowledge proofs. A novel classification of hybrid approaches and a standardized benchmarking framework are proposed to guide future research. This review aims to support the development of resilient, efficient and scalable decentralized learning systems in adversarial environments.
References
X. Ma, Q. Jiang, M. Shojafar, M. Alazab, S. Kumar, and S. Kumari, "DisBezant: Secure and robust federated learning against Byzantine attack in IoT-enabled MTS," *IEEE Trans. Intell. Transp. Syst.*, pp. 1–11, Jan. 2022, doi: 10.1109/TITS.2022.3152156.
J. So, B. Guler, and A. S. Avestimehr, "Byzantine-resilient secure federated learning," *IEEE J. Sel. Areas Commun.*, vol. 39, no. 7, pp. 2168–2181, Jul. 2021, doi: 10.1109/JSAC.2020.3041404.
S. Li, E. C.-H. Ngai, and T. Voigt, "An experimental study of Byzantine-robust aggregation schemes in federated learning," *IEEE Trans. Big Data*, pp. 1–13, 2023, doi: 10.1109/TBDATA.2023.3237397.
Q. Xia, Z. Tao, Q. Li, and S. Chen, "Byzantine tolerant algorithms for federated learning," *IEEE Trans. Netw. Sci. Eng.*, pp. 1–13, 2023, doi: 10.1109/TNSE.2023.3251196.
S. Li, E. C.-H. Ngai, and T. Voigt, "An experimental study of Byzantine-robust aggregation schemes in federated learning," *IEEE Trans. Big Data*, pp. 1–13, 2023, doi: 10.1109/TBDATA.2023.3237397.
J. Wu, W. Zhang, and F. Luo, "On the security of 'LSFL: A lightweight and secure federated learning scheme for edge computing'," *IEEE Trans. Inf. Forensics Secur.*, vol. 19, pp. 3481–3482, Nov. 2023, doi: 10.1109/TIFS.2023.3331274.
Z. Luan, W. Li, M. Liu, and B. Chen, "Robust federated learning: Maximum correntropy aggregation against Byzantine attacks," *IEEE Trans. Neural Netw. Learn. Syst.*, pp. 1–14, 2024, doi: 10.1109/TNNLS.2024.3383294.
K. Özfatura, E. Özfatura, A. Küpçü, and D. Gunduz, "Byzantines can also learn from history: Fall of centered clipping in federated learning," *IEEE Trans. Inf. Forensics Secur.*, vol. 19, pp. 2010–2022, Dec. 2023, doi: 10.1109/TIFS.2023.3345171.
S. Lee, "Adaptive selection of loss function for federated learning clients under adversarial attacks," *IEEE Access*, vol. 12, pp. 96051–96062, 2024, doi: 10.1109/ACCESS.2024.3426534.
Y. Tao et al., "Byzantine-resilient federated learning at edge," *IEEE Trans. Comput.*, vol. 72, no. 9, pp. 2600–2614, Mar. 2023, doi: 10.1109/TC.2023.3257510.
Y. Chen, W. Tan, Y. Zhong, Y. Kang, A. Yang, and J. Weng, "Byzantine-robust and privacy-preserving federated learning with irregular participants," *IEEE Internet Things J.*, vol. 11, no. 21, pp. 35193–35205, Nov. 2024, doi: 10.1109/JIOT.2024.3434660.
G. Hu, H. Li, W. Fan, and Y. Zhang, "Efficient Byzantine-robust and privacy-preserving federated learning on compressive domain," *IEEE Internet Things J.*, vol. 11, no. 4, pp. 7116–7127, Sep. 2023, doi: 10.1109/JIOT.2023.3314748.
Z. Zhang, L. Wu, D. He, J. Li, N. Lu, and X. Wei, "Using third-party auditor to help federated learning: An efficient Byzantine-robust federated learning," *IEEE Trans. Sustain. Comput.*, vol. 9, no. 6, pp. 848–861, Mar. 2024, doi: 10.1109/TSUSC.2024.3379440.
H. Zeng et al., "BSR-FL: An efficient Byzantine-robust privacy-preserving federated learning framework," *IEEE Trans. Comput.*, pp. 1–14, Jan. 2024, doi: 10.1109/TC.2024.3404102.
B. Feng, H. Xu, G. Huang, Z. Liu, C. Guo, and Z. Chen, "Byzantine-resilient economical operation strategy based on federated deep reinforcement learning for multiple electric vehicle charging stations considering data privacy," *J. Mod. Power Syst. Clean Energy*, vol. 12, no. 6, pp. 1957–1967, Jan. 2024, doi: 10.35833/MPCE.2023.000850.
X. Ma, Q. Jiang, M. Shojafar, M. Alazab, S. Kumar, and S. Kumari, "DisBezant: Secure and robust federated learning against Byzantine attack in IoT-enabled MTS," *IEEE Trans. Intell. Transp. Syst.*, pp. 1–11, Jan. 2022, doi: 10.1109/TITS.2022.3152156.
J.-H. Chen, M.-R. Chen, G.-Q. Zeng, and J.-S. Weng, "BDFL: A Byzantine-fault-tolerance decentralized federated learning method for autonomous vehicle," *IEEE Trans. Veh. Technol.*, vol. 70, no. 9, pp. 8639–8652, Sep. 2021, doi: 10.1109/TVT.2021.3102121.
X. Wang and T. Yang, "Rank-two correction and fine tuning for adaptive Byzantine recovery in federated learning," *IEEE Internet Things J.*, pp. 1–1, 2024, doi: 10.1109/JIOT.2024.3467275.
A. Gouissem et al., "Low complexity Byzantine-resilient federated learning," *IEEE Trans. Inf. Forensics Secur.*, vol. 20, pp. 2051–2066, 2025, doi: 10.1109/TIFS.2024.3482727.
A. Gouissem, K. Abualsaud, E. Yaacoub, T. Khattab, and M. Guizani, "Collaborative Byzantine resilient federated learning," *IEEE Internet Things J.*, vol. 10, no. 18, pp. 15887–15899, Apr. 2023, doi: 10.1109/JIOT.2023.3266347.
O. T. Odeyomi and G. Zaruba, “Byzantine-resilient federated learning with differential privacy using online mirror descent,” in *Proc. Int. Conf. Comput., Netw. Commun. (ICNC)*, Feb. 2023, pp. 66–70, doi: 10.1109/ICNC57223.2023.10074494.
J. Zhang, X. He, Y. Huang, and Q. Ling, “Byzantine-robust and communication-efficient personalized federated learning,” *IEEE Trans. Signal Process.*, pp. 1–14, Jan. 2024, doi: 10.1109/TSP.2024.3514802.
A. Gouissem, K. Abualsaud, E. Yaacoub, T. Khattab, and M. Guizani, “Federated learning stability under Byzantine attacks,” in *Proc. IEEE Wireless Commun. Netw. Conf. (WCNC)*, Apr. 2022, doi: 10.1109/WCNC51071.2022.9771594.
X. Yan, Y. Miao, X. Li, K.-K. R. Choo, X. Meng, and R. H. Deng, “Privacy-preserving asynchronous federated learning framework in distributed IoT,” *IEEE Internet Things J.*, vol. 10, no. 15, pp. 13281–13291, Mar. 2023, doi: 10.1109/JIOT.2023.3262546.
S. Li, E. Ngai, and T. Voigt, “Byzantine-robust aggregation in federated learning empowered industrial IoT,” *IEEE Trans. Ind. Informatics*, pp. 1–1, 2021, doi: 10.1109/TII.2021.3128164.
H. Ye and Q. Ling, “Generalization error matters in decentralized learning under Byzantine attacks,” *IEEE Trans. Signal Process.*, pp. 1–15, Jan. 2025, doi: 10.1109/TSP.2025.3526989.
Y. Wang, Y. Xia, and Y. Zhan, “ELITE: Defending federated learning against Byzantine attacks based on information entropy,” in *Proc. China Autom. Congr. (CAC)*, Oct. 2021, doi: 10.1109/CAC53003.2021.9727486.
X. Zheng, Q. Dong, and A. Fu, “WMDefense: Using watermark to defense Byzantine attacks in federated learning,” in *Proc. IEEE INFOCOM Workshops (INFOCOM WKSHPS)*, May 2022, doi: 10.1109/INFOCOMWKSHPS54753.2022.9798217.
F. Colosimo and F. De Rango, “Performance evaluation of distance-statistical based Byzantine-robust algorithms in federated learning,” in *Proc. IEEE Wireless Commun. Netw. Conf. (WCNC)*, Apr. 2024, pp. 1–6, doi: 10.1109/WCNC57260.2024.10570891.
B. Zhao, T. Wang, and L. Fang, “FedCom: Byzantine-robust federated learning using data commitment,” in *Proc. IEEE Int. Conf. Commun. (ICC)*, May 2023, pp. 33–38, doi: 10.1109/ICC45041.2023.10279255.
S. Mao, J. Zhang, X. Hu, and X. Zheng, “Byzantine-robust compressed and momentum-based variance reduction in federated learning,” in *Proc. IEEE Int. Conf. Comput. Supported Cooperative Work Soc. Comput. (CSCWD)*, May 2024, pp. 814–820, doi: 10.1109/CSCWD61410.2024.10580498.
S. Guo et al., “Byzantine-resilient decentralized stochastic gradient descent,” *IEEE Trans. Circuits Syst. Video Technol.*, vol. 32, no. 6, pp. 4096–4106, Oct. 2021, doi: 10.1109/TCSVT.2021.3116976.
X. Li, H. Zhao, J. Xu, G. Zhu, and W. Deng, “APDPFL: Anti-poisoning attack decentralized privacy enhanced federated learning scheme for flight operation data sharing,” *IEEE Trans. Wireless Commun.*, pp. 1–1, Jan. 2024, doi: 10.1109/TWC.2024.3479149.
M. Abbas, Y. Zhou, N. Baracaldo, H. Samulowitz, P. Ram, and T. Salonidis, “Byzantine-resilient bilevel federated learning,” in *Proc. IEEE/ACM Symp. Edge Comput. (SEC)*, Jul. 2024, pp. 1–5, doi: 10.1109/SAM60225.2024.10636694.
A. Du, Y. Shen, Q. Zhang, L. Tseng, and M. Aloqaily, “CRACAU: Byzantine machine learning meets industrial edge computing in Industry 5.0,” *IEEE Trans. Ind. Informatics*, pp. 1–1, 2021, doi: 10.1109/TII.2021.3097072.
X. He, J. Zhang, and Q. Ling, “Byzantine-robust and communication-efficient personalized federated learning,” in *Proc. IEEE Int. Conf. Acoust., Speech Signal Process. (ICASSP)*, May 2023, doi: 10.1109/ICASSP49357.2023.10095468.
X. Chen, P. Lan, Z. Zhou, A. Zhao, P. Zhou, and F. Sun, “Toward federated learning with Byzantine and inactive users: A game theory approach,” *IEEE Access*, vol. 11, pp. 34138–34149, 2023, doi: 10.1109/ACCESS.2023.3263564.
V. C. Gogineni, S. Werner, Y.-F. Huang, and A. Kuh, “Communication-efficient online federated learning strategies for kernel regression,” *IEEE Internet Things J.*, pp. 1–1, 2022, doi: 10.1109/JIOT.2022.3218484.
Z. Shu, H. Zhao, B. Xu, W. Xun, and B. Xu, “Privacy-preserving federated learning framework via blockchain and committee mechanism,” in *Proc. IEEE Int. Conf. Commun. Technol. (ICCT)*, Oct. 2023, pp. 1269–1274, doi: 10.1109/ICCT59356.2023.10419785.
X. Fan, Y. Wang, Y. Huo, and Z. Tian, “BEV-SGD: Best effort voting SGD against Byzantine attacks for analog-aggregation-based federated learning over the air,” *IEEE Internet Things J.*, vol. 9, no. 19, pp. 18946–18959, Apr. 2022, doi: 10.1109/JIOT.2022.3164339.
J. Han, Y. Han, X. Jing, G. Huang, and Y. Ma, “DegaFL: Decentralized Gradient Aggregation for Cross-silo Federated Learning,” IEEE Trans. Parallel Distrib. Syst., pp. 1–14, Jan. 2024, doi: 10.1109/TPDS.2024.3501581.
H. Chen, R. Zhou, Y.-H. Chan, Z. Jiang, X. Chen, and Edith, “LiteChain: A Lightweight Blockchain for Verifiable and Scalable Federated Learning in Massive Edge Networks,” IEEE Trans. Mobile Comput., pp. 1–17, Jan. 2024, doi: 10.1109/TMC.2024.3488746.
Q. Dong et al., “CareFL: Contribution Guided Byzantine-Robust Federated Learning,” IEEE Trans. Inf. Forensics Security, vol. 19, pp. 9714–9729, 2024, doi: 10.1109/TIFS.2024.3477912.
Z. Lu, S. Lu, Y. Cui, X. Tang, and J. Wu, “Split Aggregation: Lightweight Privacy-Preserving Federated Learning Resistant to Byzantine Attacks,” IEEE Trans. Inf. Forensics Security, vol. 19, pp. 5575–5590, Jan. 2024, doi: 10.1109/TIFS.2024.3402993.
X. Ma, X. Sun, Y. Wu, Z. Liu, X. Chen, and C. Dong, “Differentially Private Byzantine-Robust Federated Learning,” IEEE Trans. Parallel Distrib. Syst., pp. 1–1, 2022, doi: 10.1109/TPDS.2022.3167434.
H. Guo et al., “Siren+: Robust Federated Learning With Proactive Alarming and Differential Privacy,” IEEE Trans. Dependable Secure Comput., vol. 21, no. 5, pp. 4843–4860, Feb. 2024, doi: 10.1109/TDSC.2024.3362534.
Y. He et al., “RSAM: Byzantine-Robust and Secure Model Aggregation in Federated Learning for Internet of Vehicles using Private Approximate Median,” IEEE Trans. Veh. Technol., vol. 73, no. 5, pp. 6714–6726, Dec. 2023, doi: 10.1109/TVT.2023.3341637.
J. Pei, R. Xue, C. Liu, and L. Wang, “Toward Byzantine Resilient Secure AI: A Federated Learning Communication Framework for 6G Consumer Electronics,” IEEE Trans. Consum. Electron., vol. 70, no. 3, pp. 5719–5728, Aug. 2024, doi: 10.1109/TCE.2024.3385015.
Y. Mao, Z. Ye, X. Yuan, and S. Zhong, “Secure Model Aggregation Against Poisoning Attacks for Cross-Silo Federated Learning With Robustness and Fairness,” IEEE Trans. Inf. Forensics Security, vol. 19, pp. 6321–6336, 2024, doi: 10.1109/TIFS.2024.3416042.
Y. Miao, W. Ni, and H. Tian, “One-Bit Aggregation for Over-the-Air Federated Learning Against Byzantine Attacks,” IEEE Signal Process. Lett., vol. 31, pp. 1024–1028, 2024, doi: 10.1109/LSP.2024.3384077.
S. Li, E. C.-H. Ngai, F. Ye, L. Ju, T. Zhang, and T. Voigt, “Demo Abstract: Blades: A Unified Benchmark Suite for Byzantine-Resilient in Federated Learning,” in Proc. IEEE/ACM Int. Conf. Internet Things Design Implement. (IoTDI), May 2024, pp. 229–230, doi: 10.1109/IoTDI61053.2024.00030.
O. T. Odeyomi, B. Ude, and K. Roy, “Online Decentralized Multi-Agents Meta-Learning With Byzantine Resiliency,” IEEE Access, vol. 11, pp. 68286–68300, 2023, doi: 10.1109/ACCESS.2023.3291677.
G. Guan, T. Zhi, H. Cai, Y. Cao, and H. Xie, “Hierarchical Federated Learning Privacy Protection Framework with Enhanced Privacy and Resistance to Byzantine Attacks,” in Proc. IEEE Int. Conf. Commun., Comput., Electron. Technol. (CCET), Aug. 2024, pp. 250–256, doi: 10.1109/CCET62233.2024.10838122.
H. Masuda, K. Kita, Y. Koizumi, J. Takemasa, and T. Hasegawa, “Byzantine-Resilient Secure Federated Learning on Low-Bandwidth Networks,” IEEE Access, vol. 11, pp. 51754–51766, Jan. 2023, doi: 10.1109/ACCESS.2023.3277858.
A. Patil, A. Choudhar, D. Shah, J. Abraham, and A. Bochare, “Analyzing Poisoning Attacks on Non-IID Federated Learning Systems for Credit Scoring,” in Proc. Int. Conf. Comput. Commun. Netw. Technol. (ICCCNT), Jun. 2024, pp. 1–7, doi: 10.1109/ICCCNT61001.2024.10724119.
Y. Wen, J. Geiping, M. Goldblum, and T. Goldstein, “STYX: Adaptive Poisoning Attacks Against Byzantine-Robust Defenses in Federated Learning,” in Proc. IEEE Int. Conf. Acoust., Speech Signal Process. (ICASSP), May 2023, pp. 1–5, doi: 10.1109/ICASSP49357.2023.10096606.
K. Sun, L. Liu, Q. Pan, J. Li, and J. Wu, “eNut: A Sensing System to Measure the Acquisition of Foraging Proficiency in Wild Tree Squirrels,” IEEE Internet Things J., vol. 11, no. 22, pp. 36370–36383, Aug. 2024, doi: 10.1109/JIOT.2024.3409610.
J. So, B. Guler, and A. S. Avestimehr, “Byzantine-Resilient Secure Federated Learning,” IEEE J. Sel. Areas Commun., vol. 39, no. 7, pp. 2168–2181, Jul. 2021, doi: 10.1109/JSAC.2020.3041404.
H. Wang et al., “Voltran: Unlocking Trust and Confidentiality in Decentralized Federated Learning Aggregation,” IEEE Trans. Inf. Forensics Secur., vol. 19, pp. 9744–9759, 2024, doi: 10.1109/TIFS.2024.3472531.
R. Jin, J. Hu, G. Min, and J. Mills, “Lightweight Blockchain-Empowered Secure and Efficient Federated Edge Learning,” IEEE Trans. Comput., vol. 72, no. 11, pp. 3314–3325, Nov. 2023, doi: 10.1109/TC.2023.3293731.
J. Shi, W. Wan, S. Hu, J. Lu, and L. Y. Zhang, “Challenges and approaches for mitigating Byzantine attacks in federated learning,” in Proc. IEEE Int. Conf. Trust, Security Privacy Comput. Commun. (TrustCom), Dec. 2022, doi: 10.1109/TrustCom56396.2022.00030.
A. Dutta, T. T. Doan, and J. H. Reed, “Resilient federated learning under Byzantine attack in distributed nonconvex optimization with 2-$f$ redundancy,” in Proc. IEEE Conf. Decision Control (CDC), vol. 30, pp. 1156–1161, Dec. 2023, doi: 10.1109/CDC49753.2023.10383715.
Y. Chen, B. Wang, T. Ma, and C. Chen, “Applying robust gradient difference compression to federated learning,” in Proc. Int. Conf. Comput. Supported Cooperative Work Design (CSCWD), pp. 1748–1753, May 2023, doi: 10.1109/CSCWD57460.2023.10152826.
Q. Xia, Z. Tao, and Q. Li, “Defending against Byzantine attacks in quantum federated learning,” in Proc. Int. Conf. Mobility, Sensing Netw. (MSN), Dec. 2021, doi: 10.1109/MSN53354.2021.00035.
S. Li, E. C.-H. Ngai, F. Ye, L. Ju, T. Zhang, and T. Voigt, “Blades: A unified benchmark suite for Byzantine attacks and defenses in federated learning,” in Proc. IEEE/ACM Int. Conf. Internet-of-Things Design Implementation (IoTDI), pp. 158–169, May 2024, doi: 10.1109/IoTDI61053.2024.00018.
F. Sattler, K.-R. Müller, T. Wiegand, and W. Samek, “On the Byzantine robustness of clustered federated learning,” in Proc. IEEE Int. Conf. Acoustics, Speech Signal Process. (ICASSP), May 2020, doi: 10.1109/ICASSP40776.2020.9054676.
Y. Miao, Z. Liu, H. Li, K.-K. R. Choo, and R. H. Deng, “Privacy-preserving Byzantine-robust federated learning via blockchain systems,” IEEE Trans. Inf. Forensics Secur., vol. 17, pp. 2848–2861, 2022, doi: 10.1109/TIFS.2022.3196274.
Y. Liang, Y. Li, and B.-S. Shin, “Auditable federated learning with Byzantine robustness,” IEEE Trans. Comput. Social Syst., pp. 1–13, Apr. 2023, doi: 10.1109/TCSS.2023.3266019.
C. Xu, Y. Jia, L. Zhu, C. Zhang, G. Jin, and K. Sharif, “TDFL: Truth discovery based Byzantine robust federated learning,” IEEE Trans. Parallel Distrib. Syst., vol. 33, no. 12, pp. 4835–4848, Dec. 2022, doi: 10.1109/TPDS.2022.3205714.
W. Li, K. Fan, K. Yang, Y. Yang, and H. Li, “PBFL: Privacy-preserving and Byzantine-robust federated learning-empowered Industry 4.0,” IEEE Internet Things J., vol. 11, no. 4, pp. 7128–7140, Sep. 2023, doi: 10.1109/JIOT.2023.3315226.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This work is licensed under a Creative Commons Attribution License CC BY
