Federated learning (FL) enables collaborative model training while preserving data privacy. However, it remains vulnerable to malicious clients who compromise model integrity through Byzantine attacks, data poisoning, or adaptive adversarial behaviors. Existing defense mechanisms rely on static thresholds and binary classification, failing to adapt to evolving client behaviors in real-world deployments. We propose FLARE, an adaptive reputation-based framework that transforms client reliability assessment from binary decisions to a continuous, multi-dimensional trust evaluation. FLARE integrates: (i) a multi-dimensional reputation score capturing performance consistency, statistical anomaly indicators, and temporal behavior, (ii) a self-calibrating adaptive threshold mechanism that adjusts security strictness based on model convergence and recent attack intensity, (iii) reputation-weighted aggregation with soft exclusion to proportionally limit suspicious contributions rather than eliminating clients outright, and (iv) a Local Differential Privacy (LDP) mechanism enabling reputation scoring on privatized client updates. We further introduce a highly evasive Statistical Mimicry (SM) attack, a benchmark adversary that blends honest gradients with synthetic perturbations and persistent drift to remain undetected by traditional filters. Extensive experiments with 100 clients on MNIST, CIFAR-10, and SVHN demonstrate that FLARE maintains high model accuracy and converges faster than state-of-the-art Byzantine-robust methods under diverse attack types, including label flipping, gradient scaling, adaptive attacks, ALIE, and SM. FLARE improves robustness by up to 16% and preserves model convergence within 30% of the non-attacked baseline, while achieving strong malicious-client detection performance with minimal computational overhead. https://github.com/Anonymous0-0paper/FLARE

翻译：联邦学习（FL）能够在保护数据隐私的同时实现协作模型训练。然而，它仍然容易受到恶意客户端的攻击，这些攻击通过拜占庭攻击、数据投毒或自适应对抗行为破坏模型完整性。现有防御机制依赖静态阈值和二元分类，无法适应真实部署中不断演变的客户端行为。我们提出FLARE——一种自适应声誉框架，将客户端可靠性评估从二元决策转变为连续的、多维信任评价系统。FLARE整合了：（i）包含性能一致性、统计异常指标及时序行为的多维声誉评分；（ii）基于模型收敛状态与近期攻击强度自动调节防御严格程度的自校准自适应阈值机制；（iii）采用软排除策略的加权聚合，按比例限制可疑贡献而非直接剔除客户端；（iv）支持对经过本地差分隐私（LDP）处理的客户端更新进行声誉评分的机制。我们还引入了一种高隐蔽性的统计伪装（SM）攻击——该基准攻击通过混合诚实梯度与合成扰动及持续性漂移来逃避传统过滤器检测。在MNIST、CIFAR-10和SVHN数据集上开展的100个客户端实验表明，面对标签翻转、梯度缩放、自适应攻击、ALIE及SM等多种攻击类型，FLARE均能保持高模型准确率，且收敛速度优于现有最先进的拜占庭鲁棒方法。FLARE的鲁棒性提升最高达16%，模型收敛性能维持在无攻击基准线的30%以内，同时以最小计算开销实现强大的恶意客户端检测性能。https://github.com/Anonymous0-0paper/FLARE