Defending federated learning against adversarial attacks: A systematic literature review

Federated Learning (FL), a decentralised machine learning technique, enables model training across dispersed data sources without centralised access to private data, effectively protecting privacy. However, its distributed nature also introduces significant security vulnerabilities. The dependability, robustness, and integrity of FL systems can be compromised by adversarial attacks. These attacks include model poisoning, backdoor injections, and inference-based threats. These risks are particularly high when clients are unreliable or resource-constrained. This paper presents a systematic literature review of the adversarial threat landscape in FL, covering peer-reviewed work published between 2023 and 2025. We introduce a refined taxonomy of attacks, categorizing them by objective and method, including threats such as membership inference and gradient manipulation. The study also provides a structured analysis of defence strategies. These include robust aggregation, privacy-preserving techniques, anomaly detection, and adversarial training. Each method is assessed based on its application, limitations, and effectiveness. We identify the lack of standardised benchmarks, degraded performance under non-IID (non-independent and identically distributed) data, and scalability issues as the key obstacles in the field. Crucially, the paper proposes a novel, four-dimensional classification framework linking attack goals, target layers, and defence mechanisms, providing a strategic blueprint for enhancing FL security. The review concludes by highlighting emerging research opportunities and outlining potential directions to address these challenges. This survey aims to serve as a valuable resource for researchers and practitioners working to enhance the security and resilience of FL systems.