RepuNet: A Reputation System for Mitigating Malicious Clients in DFL

Decentralized Federated Learning (DFL) enables nodes to collaboratively train models without a central server, introducing new vulnerabilities since each node independently selects peers for model aggregation. Malicious nodes may exploit this autonomy by sending corrupted models (model poisoning), delaying model submissions (delay attack), or flooding the network with excessive messages, negatively affecting system performance. Existing solutions often rely on rigid configurations or additional infrastructure, such as blockchains, which can incur computational overhead, introduce scalability issues, or limit adaptability. To overcome these limitations, this paper proposes RepuNet, a decentralized reputation system that categorizes threats in DFL and dynamically evaluates node behavior using metrics like model similarity, parameter changes, message latency, and communication volume. Node influence in model aggregation is adjusted based on each node’s reputation score. RepuNet was integrated into the Nebula platform and experimentally evaluated with MNIST and CIFAR-10 datasets under non-IID distributions, using federations of up to 25 nodes in both fully connected and random topologies. The evaluation considers different attack intensities, frequencies, and activation intervals, and includes comparisons with Byzantine-resilient aggregation mechanisms (Krum and Trimmed Mean), stronger structured poisoning strategies (Signed Neuron Remapping and GLL Neuro Inversion), as well as an ablation study of the exclusion threshold and a communication overhead analysis. Results demonstrate that RepuNet effectively detects and mitigates malicious behavior, achieving F1 scores above 95% on MNIST and approximately 76% on CIFAR-10. These outcomes highlight the adaptability, robustness, and practical potential of RepuNet for mitigating threats in decentralized environments.