自适应拜占庭鲁棒的差分隐私联邦学习

Federated learning (FL) enables collaborative training across devices while keeping data local. In practice, however, it faces two security bottlenecks: privacy leakage and poisoning attacks. While differential privacy (DP) and Byzantine-robust aggregation are effective in their respective domains, their coupling entails an inherent conflict: DP noise inflates the variance of benign updates and simultaneously masks the systematic shifts of malicious ones, making them hard to distinguish. To address this, we propose adaptive Byzantine-robust differentially private federated learning (AByzDPFL), which aims to improve distinguishability by reducing the noise dimension and amplifying the geometric differences between models. On the client side, we adopt a Fisher-information-based private selection mechanism that dynamically chooses key parameter coordinates. Noise is injected only within this low-dimensional subspace, which reduces the effective noise dimension and lowers the variance of benign models.On the server side, spectral embedding highlights the intrinsic geometric structure, followed by a noise-scale-adaptive clustering radius that includes noise-perturbed benign models while filtering systemic shifts beyond the noise range.Additionally, we apply adaptive median-norm clipping to suppress high-magnitude anomalous updates within the cluster.We establish upper bounds on privacy loss and convergence, and experiments show that AByzDPFL strikes a balance between privacy and robustness while outperforming existing mainstream baselines.