Abstract
Distributed Federated Learning (DFL) extends federated learning from a single-server topology to broader graph-based coordination settings that may include multiple interacting aggregation nodes and, in some deployments, externally distributed training resources. While this broader topology improves scalability and flexibility, it also enlarges the poisoning attack surface across participants, aggregators, communication channels, and execution resources. This paper presents SecureDFL, a defense-in-depth framework for poisoning-resilient DFL. SecureDFL integrates authenticated communication, protected aggregation based on additive homomorphic encryption, trust-aware orchestration, multi-point validation, and reinforcement-learning-based mutation of resource mappings under a unified system design. The contribution of this work therefore lies in the integrated security architecture and its end-to-end implementation for graph-based DFL, rather than in introducing a standalone cryptographic primitive. Experiments on benchmark datasets, seven threat-model-aligned poisoning scenarios, ablation studies, and a prototype-scale Kubernetes testbed show that SecureDFL preserves strong model performance under attack and substantially improves attack resilience relative to the evaluated baselines, achieving up to a 98.5% reduction in attack success rate in the reported settings with only modest additional overhead. These results support the practical feasibility of the proposed architecture, while the manuscript explicitly delineates its current limits regarding comprehensive collusion analysis, colluding trust manipulation, extremely heterogeneous non-IID conditions, and fully adaptive multi-stage attacks.