Federated learning (FL) enables multiple clients to collaboratively train a global model by aggregating local updates without sharing private data. However, FL often faces the challenge of free-riders, clients who submit fake model parameters without performing actual training to obtain the global model without contributing. Chen et al. proposed a free-rider detection method based on the weight evolving frequency (WEF) of model parameters. This detection approach is a leading candidate for practical free-rider detection methods, as it requires neither a proxy dataset nor pre-training. Nevertheless, it struggles to detect ``dynamic'' free-riders who behave honestly in early rounds and later switch to free-riding, particularly under global-model-mimicking attacks such as the delta weight attack and our newly proposed adaptive WEF-camouflage attack. In this paper, we propose a novel detection method S2-WEF that simulates the WEF patterns of potential global-model-based attacks on the server side using previously broadcasted global models, and identifies clients whose submitted WEF patterns resemble the simulated ones. To handle a variety of free-rider attack strategies, S2-WEF further combines this simulation-based similarity score with a deviation score computed from mutual comparisons among submitted WEFs, and separates benign and free-rider clients by two-dimensional clustering and per-score classification. This method enables dynamic detection of clients that transition into free-riders during training without proxy datasets or pre-training. We conduct extensive experiments across three datasets and five attack types, demonstrating that S2-WEF achieves higher robustness than existing approaches.

翻译：联邦学习 (FL) 允许多个客户端通过聚合本地更新来协同训练全局模型，而无需共享私有数据。然而，FL常面临搭便车者（free-riders）的挑战，这些客户端提交虚假模型参数而不执行实际训练，即可在不贡献数据的情况下获取全局模型。Chen等人提出了一种基于模型参数权重演化频率（WEF）的搭便车者检测方法。该检测方法无需代理数据集或预训练，因而成为实际应用中领先的候选方案。然而，该方法难以检测“动态”搭便车者——即早期轮次行为诚实、后期转变为搭便车行为的客户端，尤其是在全局模型模仿攻击（如delta权重攻击及我们新提出的自适应WEF伪装攻击）下效果不佳。本文提出一种新型检测方法S2-WEF，该方法在服务端利用先前广播的全局模型模拟潜在全局模型攻击的WEF模式，并识别提交的WEF模式与模拟模式相似的客户端。为应对多样化的搭便车攻击策略，S2-WEF进一步将基于模拟的相似度分数与通过提交WEF相互比较计算得到的偏差分数相结合，并通过二维聚类与按分数分类分离良性客户端与搭便车客户端。该方法无需代理数据集或预训练，即可动态检测训练过程中转变为搭便车者的客户端。我们在三个数据集和五种攻击类型上进行了广泛实验，证明S2-WEF相比现有方法具有更高的鲁棒性。