Federated learning (FL) enables multiple clients to collaboratively train deep learning models while considering sensitive local datasets' privacy. However, adversaries can manipulate datasets and upload models by injecting triggers for federated backdoor attacks (FBA). Existing defense strategies against FBA consider specific and limited attacker models, and a sufficient amount of noise to be injected only mitigates rather than eliminates FBA. To address these deficiencies, we introduce a Flexible Federated Backdoor Defense Framework (Fedward) to ensure the elimination of adversarial backdoors. We decompose FBA into various attacks, and design amplified magnitude sparsification (AmGrad) and adaptive OPTICS clustering (AutoOPTICS) to address each attack. Meanwhile, Fedward uses the adaptive clipping method by regarding the number of samples in the benign group as constraints on the boundary. This ensures that Fedward can maintain the performance for the Non-IID scenario. We conduct experimental evaluations over three benchmark datasets and thoroughly compare them to state-of-the-art studies. The results demonstrate the promising defense performance from Fedward, moderately improved by 33% $\sim$ 75 in clustering defense methods, and 96.98%, 90.74%, and 89.8% for Non-IID to the utmost extent for the average FBA success rate over MNIST, FMNIST, and CIFAR10, respectively.

翻译：联邦学习（FL）使得多个客户端能够在不暴露敏感本地数据集隐私的情况下协作训练深度学习模型。然而，攻击者可以通过注入触发器操纵数据集并上传模型，从而发起联邦后门攻击（FBA）。现有的针对FBA的防御策略仅考虑特定且受限的攻击者模型，且注入足量噪声只能缓解而无法消除FBA。针对这些缺陷，我们提出了一种灵活的联邦后门防御框架（Fedward），确保消除对抗性后门。我们将FBA分解为多种攻击类型，并设计了增强幅度稀疏化（AmGrad）与自适应OPTICS聚类（AutoOPTICS）以应对每种攻击。同时，Fedward采用自适应裁剪方法，将良性组中的样本数量作为边界约束条件，从而确保在非独立同分布（Non-IID）场景下仍能保持性能。我们在三个基准数据集上进行了实验评估，并与现有前沿研究进行了全面对比。结果表明，Fedward展现出优异的防御性能：在聚类防御方法上性能提升33%~75%；对于MNIST、FMNIST和CIFAR10数据集，在Non-IID极端场景下，平均FBA成功率分别被抑制至96.98%、90.74%和89.8%。