• Introduces a workflow-oriented taxonomy for backdoor attacks in FL. • A bi-dimensional taxonomy classifies defenses by mechanism and FL stage. • Empirically evaluates the effectiveness of SoTA attacks and defenses. • Identifies key limitations and outlines future research directions. Federated Learning (FL) is a collaborative paradigm that enables decentralized model training without centralizing data. However, FL remains highly vulnerable to backdoor attacks, where adversaries poison local updates to insert hidden malicious behaviors into the global model. Over the past few years, a rapidly growing body of work has proposed both attack strategies and defense mechanisms, yet the field remains chaotic, with inconsistent assumptions, evaluation practices, and a lack of clear understanding of the core trade-offs. In this paper, we present a comprehensive Systematization of Knowledge (SoK) of the field. We introduce novel, multi-dimensional taxonomies to deconstruct attacks and categorize defenses by their intervention point and underlying techniques. Ultimately, our analysis reveals a critical gap between research and practice, highlighting unaddressed challenges in scalability, data heterogeneity, and the conflict between privacy and robustness.
Bellachia et al. (Wed,) studied this question.