The chapter must delineate a federated learning (FL) aggregation framework that employs quantitative trust metrics—derived from client reputation, participation quality, or dynamic trust scores—to weight local model updates during global aggregation, thereby mitigating the effect of poisoning attacks while preserving privacy and energy efficiency. The solution should integrate secure aggregation to conceal individual updates, support non‑IID client data, and maintain practical communication overhead.
| # | Prior‑Art Solution | Key Features Relevant to Trust‑Metric Aggregation | Source |
|---|---|---|---|
| 1 | Trust‑Aware and Energy‑Efficient FL for Secure Sensor Networks | Lightweight trust metrics, trust‑driven aggregation, secure aggregation, energy‑aware scheduling | [1] |
| 2 | Fair and Robust FL via Reputation‑Aware Incentives | Reputation estimation using a Shapley‑variant, reputation‑weighted aggregation, poisoning mitigation | [2] |
| 3 | Reputation Mechanism for Collusion Robustness | Reputation‑based client weighting, dynamic reputation updates, Byzantine resilience | [3] |
| 4 | Lightweight and Robust Federated Data Valuation | Shapley‑based client valuation, robust aggregation, outlier detection | [4] |
| 5 | FBLearn Decentralized FL on Blockchain | Adaptive weight calculation based on local training quality, ensemble techniques, poisoning resilience | [5] |
| 6 | ClusterGuard: Secure Clustered Aggregation | Secure clustered aggregation, robustness to poisoning, hierarchical aggregation | [6] |
| 7 | FedGuard: Selective Parameter Aggregation | Selective parameter aggregation, poisoning mitigation, no auxiliary data | [7] |
| 8 | FedSecure: Adaptive Anomaly Detection | Adaptive anomaly detection, poisoning mitigation, DP support | [8] |
| 9 | PrivEdge: Hybrid Split‑FL for Real‑Time Detection | Secure aggregation, robust aggregation (Krum, Trimmed Mean), privacy‑preserving | [9] |
| 10 | Defend: Poisoned Model Detection and Exclusion | Neuron‑wise magnitude analysis, clustering via GMM, malicious client exclusion | [10] |
| 11 | Krum / Trimmed‑Mean / Median / FedAvg | Classical robust aggregation schemes, used as baselines | [11] |
These works collectively provide mechanisms for client weighting based on trust or reputation, secure aggregation, and robust aggregation against poisoning, but none integrate all three into a single trust‑metric‑driven aggregation scheme within a practical, low‑overhead FL deployment.
The Trust‑Aware and Energy‑Efficient Federated Learning for Secure Sensor Networks at the Edge[1] is the closest prior‑art solution to the stated objective. Its salient capabilities and mapping to the requirement are:
| Requirement Feature | Implementation in [1] | Citation |
|---|---|---|
| Quantitative trust metrics per client | Lightweight trust scores computed from historical participation efficiency, update quality, and anomaly flags | [1] |
| Trust‑driven aggregation | Global model updates are weighted proportionally to trust scores, reducing influence of low‑trust (potentially poisoned) clients | [1] |
| Secure aggregation | Utilizes homomorphic‑encryption‑based secure sum or threshold‑cryptography to conceal individual updates during aggregation | [1] |
| Poisoning mitigation | Trust weighting inherently suppresses poisoned updates; additional anomaly detection thresholds are applied to flag extreme deviations | [1] |
| Non‑IID client support | Trust scores adapt to heterogeneity by incorporating local validation performance, ensuring fair weighting across diverse data distributions | [1] |
| Energy efficiency | Adaptive communication scheduling based on trust levels reduces unnecessary transmissions from low‑trust clients | [1] |
Thus, [1] satisfies the core objective of a trust‑metric‑driven aggregation scheme that is robust to poisoning, privacy‑preserving, and operationally efficient.
| Gap | Classification | Remedy (Existing Prior Art) |
|---|---|---|
| 1. Limited formal differential privacy (DP) – The scheme does not integrate DP noise addition for client updates. | (i) Closeable by integrating DP mechanisms from [11] (DP‑FedAvg) or [12] (DP‑FedAvg with clipping). | Combine trust‑weighted aggregation with DP‑FedAvg. |
| 2. No explicit outlier detection beyond trust weighting – Extremely malicious updates may still influence trust scores if initial trust is high. | (ii) Requires new R&D—introducing robust aggregation (Krum, Median) in tandem with trust weighting. | Use hybrid scheme: trust‑weighted aggregation plus Krum filtering [11] . |
| 3. Scope limited to sensor networks – Architecture assumes edge‑centric topology; may not generalize to cross‑silo or cross‑device FL. | (i) Closeable by adopting the same trust‑metric logic in other FL frameworks, e.g., NEBULA [13] or FBLearn [5] . | Re‑implement trust logic as a plug‑in to existing FL libraries. |
| 4. No support for hierarchical or clustered aggregation – While trust metrics are computed per client, the scheme does not exploit cluster‑based aggregation to reduce communication. | (i) Closeable by integrating ClusterGuard [6] clustering logic with trust weighting. | Combine cluster‑based secure aggregation with trust‑driven weights. |
| 5. No explicit handling of model size heterogeneity – All clients are assumed to share a common model structure. | (i) Requires R&D to extend trust weighting to heterogeneous model architectures. | Use FedAOP [14] or InclusiveFL [15] to support heterogeneous models, then apply trust weighting. |
Overall, the primary gaps are the absence of formal DP and the lack of a hybrid robust aggregation layer. These can be bridged by composing existing, mature mechanisms.
Currently Possible – The objective of a trust‑metric‑based federated aggregation against poisoning is achievable today by composing existing components:
By orchestrating these modules within a federated learning platform (e.g., Flower, FedML, or NEBULA), a production‑ready trust‑metric‑driven aggregation system can be deployed without inventing new cryptographic primitives or algorithms.
| 1 | Trust-Aware and Energy-Efficient Federated Learning for Secure Sensor Networks at the Edge 2026-04-08 This paper proposes a trust-aware and energy-efficient federated learning framework specifically designed for secure sensor networks operating in resource-constrained edge environments. The proposed approach integrates lightweight trust metrics, trust-driven model aggregation, and adaptive communication scheduling to mitigate the impact of unreliable or malicious nodes while reducing unnecessary energy expenditure. By dynamically weighting client contributions based on trust and participation ef... |
| 2 | Fair and Robust Federated Learning via Reputation-aware Incentives and Model Aggregation 2025-07-06 Collaborative Machine Learning (ML) paradigms, such as Federated Learning (FL), suffer from unequal client contributions and adversarial behavior, where clients deliberately degrade global model accuracy via outdated or poisoned updates. In this paper, we address fair client collaboration and adversarial behavior detection and mitigation using a combined reputation-aware incentive and robust aggregation approach. First, the long-term client reputation across FL epochs is estimated using a varian... |
| 3 | A Reputation Mechanism Is All You Need: Collaborative Fairness and Adversarial Robustness in Federated Learning 2020-11-19 Attack success rate corresponds to the proportion of '1' images incorrectly classified as '7'. The results are in Tables 3 and 4. Table 3 illustrates that FedAvg, Multi-Krum and RFFL perform well in all three metrics. FedAvg and Multi-Krum are robust against 20% label flipping adversaries because these introduced 'crooked' gradients that are outweighed by the gradients from the honest participants. RFFL performs well by reducing the negative effect from these adversaries. Somewhat surprisingly, ... |
| 4 | HomeAI NewsA Coding and Experimental Analysis of Decentralized Federated Learning with Gossip Protocols and Differential Privacy 2026-02-13 We also ran controlled experiments across multiple privacy levels for both centralized and decentralized training strategies, visualized convergence trends, and computed convergence speed metrics to compare different aggregation schemes' responses to increasing privacy constraints. In conclusion, we observed that while centralized FedAvg converges faster under weak privacy constraints, gossip-based federated learning is more robust to noisy updates at the cost of slower convergence. Stronger pri... |
| 5 | FBLearn: Decentralized Platform for Federated Learning on Blockchain 2024-09-15 This paper presents a decentralized platform FBLearn for the implementation of federated learning in blockchain, which enables us to harness the benefits of federated learning without the necessity of exchanging sensitive customer or product data, thereby fostering trustless collaboration. As the decentralized blockchain network is introduced in the distributed model training to replace the centralized server, global model aggregation approaches have to be utilized. This paper investigates sever... |
| 6 | ClusterGuard: Secure Clustered Aggregation for Federated Learning with Robustness 2025-12-31 However, in large-scale federated learning systems, designing efficient and practical secure aggregation remains a critical challenge. Moreover, while secure aggregation effectively conceals model updates, it unintentionally complicates the detection and mitigation of poisoning attacks, thereby exposing the system to vulnerabilities from both data and model poisoning.... |
| 7 | FedGuard: Selective Parameter Aggregation for Poisoning Attack Mitigation in Federated Learning 2023-10-30 We provide an overview and assessment of existing work on poisoning attack mitigation in Section II. As one of this paper's main contributions, we propose FED-GUARD to effectively defend against poisoning attacks with tuneable overhead in communication and computation.We outline FEDGUARD's architecture, its controllable synthesis of validation data as well as its selective parameter aggregation operator in Section III. FEDGUARD demonstrates to be more effective against poisoning attacks than pre... |
| 8 | FedSecure: A Robust Federated Learning Framework for Adaptive Anomaly Detection and Poisoning Attack Mitigation in IoMT 2025-02-24 Federated learning (FL) is a valuable solution for training models on distributed data while maintaining privacy. However, FL also introduces new security threats such as, poisoning attacks.... |
| 9 | PrivEdge: a hybrid split - federated learning framework for real-time electricity theft detection on edge nodes 2026-03-20 Once local inferences have been received, the server arranges federated aggregation by computing an update of a global model over client participants. This learning procedure, commonly executed by Federated Averaging (FedAvg) or its sturdier alternatives, can guarantee that single updates will be confidential and in the course of improving the shared model constantly54 . Any communication between the edge and the server is done over authenticated and encrypted channels - either version 1.3 of Tr... |
| 10 | DEFEND: Poisoned Model Detection and Malicious Client Exclusion Mechanism for Secure Federated Learning-based Road Condition Classification 2025-12-31 Recent novel poisoning attack mitigation methods primarily focus on backdoor attacks or untargeted attacks , thus they are not specifically designed for TLFAs.On the other hand, current countermeasures pay attention to model-level misbehavior detection, while missing an effective joint vehicle-level malicious client exclusion strategy based on model-level detection results.By uploading poisoned models, malicious clients can consistently threaten the FL-RCC system if they are not excluded.The sta... |
| 11 | ML often centralizes data for training, weakening data control and raising privacy, security, efficiency concerns - especially on edge devices. 2026-04-21 Lectures, demos, and labs guide participants to implement an end-to-end FL pipeline, from data generation to attack mitigation. Understand the FL computation model and its motivations (privacy, regulation, efficiency). Distinguish and apply variants: cross-device, cross-silo, hierarchical, and personalized FL. Master IID vs. non-IID notions and quantify their effect on performance and stability. Use Flower to transform a centralized (PyTorch/TensorFlow) training routine into a federated one. Gen... |
| 12 | Integrating personal health data with clinical records can greatly improve the prediction and management of mental health conditions. 2026-04-21 For example, after summing weights, add Gaussian noise with variance calibrated to epsilon=1, delta=1e-5 privacy budget. This ensures that any single client's impact on the global model is blurred. Local DP: Each client independently adds noise to its gradients before sending to the server (Differential Privacy - This avoids relying on the server at all, but typically requires more noise (since no averaging benefits). In our prototype, we implement central DP for efficiency: using an algorithm l... |
| 13 | With the growing need for Artificial Intelligence (AI) solutions that can scale across large Internet of Things (IoT) networks while maintaining data privacy, the demand for federated learning platfo 2026-04-12 Network: Manages communication, data exchange, and secure federated interactions. Models: Implements various deep learning architectures (e.g., MLP, CNN, ResNet) compatible with federated learning. Datasets: Supports multiple data partitioning strategies (IID & non-IID) for flexible experimentation. Aggregation: Provides aggregation strategies such as FedAvg, Krum, Median, and Trimmed Mean to securely combine local model updates. NEBULA also extends its capabilities with additional add-ons: Atta... |
| 14 | FedAOP: Attention-Guided One-Shot Federated Pruning for Heterogeneous Edge Clients 2026-05-07 In this paper, we propose Attention-guided One-shot Pruning for Federated Learning (FedAOP) to address these challenges. First, we design an attention module that integrates spatial and channel attention to highlight critical spatial responses and evaluate channel importance. Then, leveraging these importance scores, we propose an attentive pruning algorithm to generate client-specific models, thereby reducing resource consumption. Furthermore, we introduce an aggregation algorithm with attentio... |
| 15 | No One Left Behind: Inclusive Federated Learning over Heterogeneous Devices 2022-08-13 In this work, we propose InclusiveFL, a client-inclusive federated learning method to handle this problem. The core idea of InclusiveFL is to assign models of different sizes to clients with different computing capabilities, bigger models for powerful clients and smaller ones for weak clients. We also propose an effective method to share the knowledge among local models with different sizes. In this way, all the clients can participate in FL training, and the final model can be big and powerful ... |