Existing Byzantine robust aggregation mechanisms typically rely on fulldimensional gradi ent comparisons or pairwise distance computations, resulting in computational overhead that limits applicability in large scale and resource constrained federated systems. This paper proposes TinyGuard, a lightweight Byzantine defense that augments the standard FedAvg algorithm via statistical update f ingerprinting. Instead of operating directly on high-dimensional gradients, TinyGuard extracts compact statistical fingerprints cap turing key behavioral properties of client updates, including norm statistics, layer-wise ratios, sparsity measures, and low-order mo ments. Byzantine clients are identified by measuring robust sta tistical deviations in this low-dimensional fingerprint space with nd complexity, without modifying the underlying optimization procedure. Extensive experiments on MNIST, Fashion-MNIST, ViT-Lite, and ViT-Small with LoRA adapters demonstrate that TinyGuard pre serves FedAvg convergence in benign settings and achieves up to 95 percent accuracy under multiple Byzantine attack scenarios, including sign-flipping, scaling, noise injection, and label poisoning. Against adaptive white-box adversaries, Pareto frontier analysis across four orders of magnitude confirms that attackers cannot simultaneously evade detection and achieve effective poisoning, features we term statistical handcuffs. Ablation studies validate stable detection precision 0.8 across varying client counts (50-150), threshold parameters and extreme data heterogeneity . The proposed framework is architecture-agnostic and well-suited for federated fine-tuning of foundation models where traditional Byzantine defenses become impractical

翻译：现有拜占庭鲁棒聚合机制通常依赖全维度梯度比较或成对距离计算，导致计算开销较大，限制了其在大规模资源受限联邦系统中的适用性。本文提出TinyGuard，一种通过统计更新指纹增强标准FedAvg算法的轻量级拜占庭防御方案。该方法不直接处理高维梯度，而是提取捕获客户端更新关键行为特征的紧凑统计指纹，包括范数统计量、逐层比率、稀疏性度量及低阶矩。通过在此低维指纹空间中测量具有n²复杂度的鲁棒统计偏差，可在不改变底层优化流程的前提下识别拜占庭客户端。在MNIST、Fashion-MNIST、ViT-Lite及配备LoRA适配器的ViT-Small数据集上的大量实验表明，TinyGuard在良性环境下能保持FedAvg的收敛性，并在符号翻转、缩放、噪声注入和标签投毒等多种拜占庭攻击场景下实现最高95%的准确率。针对自适应白盒攻击者，跨越四个数量级的帕累托前沿分析证实：攻击者无法同时规避检测并实现有效投毒，该特性被我们称为"统计手铐"效应。消融实验验证了在不同客户端数量（50-150）、阈值参数及极端数据异质性条件下，系统均能保持0.8的稳定检测精度。所提框架具有架构无关性，特别适用于传统拜占庭防御机制难以实施的基础模型联邦微调场景。