DECPA-FL: Dynamic Ensemble Clustering for Poison-Aware Federated Learning under Adversarial Conditions

Download PDF
Open Webpage

Ahad Bin Islam Shoeb, Kamrul Hasan, Liang Hong, Tariqul Islam, Imtiaz Ahmed, Zoheb Hasan, Sumit Chakravarty

Published: 2026, Last Modified: 25 May 2026CCNC 2026EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Detecting and mitigating poisoning attacks in Federated Learning (FL) poses a significant challenge, as malicious clients can severely impair model performance through adversarial updates. In this work, we present Dynamic Ensemble Clustering for Poison-Aware Federated Learning (DECPA-FL), a novel defense framework that operates at both the client and sample levels. Our approach leverages three dynamic model clusters—normal, poison, and hybrid—each designed to address varying data properties. Unlike conventional FL methods that treat all client input identically, DECPA-FL utilizes an adaptive Isolation Forest mechanism that progresses via federated rounds to identify poisoned samples with enhanced accuracy. The system’s Poisoning-Aware Loss Function provides reduced weights to potentially contaminated data, while its adaptive learning rate mechanism adjusts training parameters based on identified poison ratios. We evaluate DECPA-FL on the CICIDS 2017 network intrusion dataset and achieve an F1-score of 96.06%, outperforming centralized baselines by 8.25% and traditional FL by 18.83%. Our method maintains robust performance even under 15% poisoning rates, where existing approaches suffer substantial degradation. Through DECPA-FL, we offer an effective and resilient defense for secure federated learning in adversarial and privacy-critical domains.