Federated learning (FL) remains highly vulnerable to adaptive backdoor attacks that preserve stealth by closely imitating benign update statistics. Existing defenses predominantly rely on anomaly detection in parameter or gradient space, overlooking behavioral constraints that backdoor attacks must satisfy to ensure reliable trigger activation. These anomaly-centric methods fail against adaptive attacks that normalize update magnitudes and mimic benign statistical patterns while preserving backdoor functionality, creating a fundamental detection gap. To address this limitation, this paper introduces FeRA (Federated Representative Attention) -- a novel attention-driven defense that shifts the detection paradigm from anomaly-centric to consistency-centric analysis. FeRA exploits the intrinsic need for backdoor persistence across training rounds, identifying malicious clients through suppressed representation-space variance, an orthogonal property to traditional magnitude-based statistics. The framework conducts multi-dimensional behavioral analysis combining spectral and spatial attention, directional alignment, mutual similarity, and norm inflation across two complementary detection mechanisms: consistency analysis and norm-inflation detection. Through this mechanism, FeRA isolates malicious clients that exhibit low-variance consistency or magnitude amplification. Extensive evaluation across six datasets, nine attacks, and three model architectures under both Independent and Identically Distributed (IID) and non-IID settings confirm FeRA achieves superior backdoor mitigation. Under different non-IID settings, FeRA achieved the lowest average Backdoor Accuracy (BA), about 1.67% while maintaining high clean accuracy compared to other state-of-the-art defenses. The code is available at https://github.com/Peatech/FeRA_defense.git.

翻译：联邦学习（FL）在面对能够通过紧密模仿良性更新统计特征以保持隐蔽性的自适应后门攻击时，依然高度脆弱。现有防御方法主要依赖于参数空间或梯度空间中的异常检测，忽略了后门攻击为确保可靠触发器激活所必须满足的行为约束。这些以异常为中心的方法难以应对自适应攻击，后者在保持后门功能的同时，通过归一化更新幅度并模仿良性统计模式，造成了根本性的检测缺口。为应对这一局限，本文提出了FeRA（联邦代表性注意力）——一种新颖的注意力驱动防御机制，将检测范式从以异常为中心转向以一致性为中心的分析。FeRA利用后门在跨训练轮次中持续存在的内在需求，通过抑制表征空间方差来识别恶意客户端，这一特性与传统基于幅度的统计正交。该框架结合了谱注意力与空间注意力、方向对齐、相互相似性以及范数膨胀，通过两个互补的检测机制——一致性分析和范数膨胀检测——进行多维行为分析。通过此机制，FeRA能够隔离表现出低方差一致性或幅度放大的恶意客户端。在独立同分布（IID）与非独立同分布（non-IID）设置下，对六个数据集、九种攻击和三种模型架构的广泛评估证实，FeRA实现了卓越的后门缓解效果。在不同非IID设置下，与其他先进防御方法相比，FeRA在保持高清洁精度的同时，实现了最低的平均后门准确率（BA），约为1.67%。代码可在 https://github.com/Peatech/FeRA_defense.git 获取。