## Line Chart: Accuracy vs. Attack Ratio for Different Methods ### Overview The image is a line chart comparing the accuracy of different methods (FedAvg, ShieldFL, PBFL, Median, Biscotti, FoolsGold, and Ours) against varying attack ratios. The x-axis represents the attack ratio (from 0% to 50%), and the y-axis represents the accuracy (from 57.5% to 75%). Each method is represented by a distinct colored line with a unique marker. ### Components/Axes * **X-axis:** Attack ratio (%), with markers at 0, 10, 20, 30, 40, and 50. * **Y-axis:** Accuracy (%), with markers at 57.5, 60.0, 62.5, 65.0, 67.5, 70.0, 72.5, and 75.0. * **Legend (located in the lower-left):** * Blue square: FedAvg * Orange diamond: ShieldFL * Green triangle: PBFL * Purple circle: Median * Gray star: Biscotti * Brown inverted triangle: FoolsGold * Red circle: Ours ### Detailed Analysis * **FedAvg (Blue Square):** The accuracy starts at approximately 73.2% at 0% attack ratio. It remains relatively stable until 30% attack ratio (approximately 73.3%), then decreases to around 69.5% at 40% attack ratio, and ends at approximately 69.3% at 50% attack ratio. * **ShieldFL (Orange Diamond):** The accuracy starts at approximately 75.2% at 0% attack ratio. It decreases slightly to approximately 74.8% at 10% attack ratio, then decreases to approximately 73.5% at 20% attack ratio, then decreases to approximately 72.8% at 30% attack ratio, then decreases to approximately 69.5% at 40% attack ratio, and ends at approximately 69.3% at 50% attack ratio. * **PBFL (Green Triangle):** The accuracy starts at approximately 75.5% at 0% attack ratio. It decreases slightly to approximately 75.0% at 10% attack ratio, then decreases to approximately 73.5% at 20% attack ratio, then decreases to approximately 72.5% at 30% attack ratio, then decreases to approximately 69.5% at 40% attack ratio, and ends at approximately 69.5% at 50% attack ratio. * **Median (Purple Circle):** The accuracy starts at approximately 68.7% at 0% attack ratio. It increases to approximately 69.5% at 10% attack ratio, then decreases to approximately 67.8% at 20% attack ratio, then decreases to approximately 67.2% at 30% attack ratio, then decreases to approximately 64.2% at 40% attack ratio, and ends at approximately 63.5% at 50% attack ratio. * **Biscotti (Gray Star):** The accuracy starts at approximately 73.0% at 0% attack ratio. It decreases to approximately 70.0% at 10% attack ratio, then decreases to approximately 66.5% at 20% attack ratio, then decreases to approximately 64.8% at 30% attack ratio, then decreases to approximately 61.5% at 40% attack ratio, and ends at approximately 56.2% at 50% attack ratio. * **FoolsGold (Brown Inverted Triangle):** The accuracy starts at approximately 75.5% at 0% attack ratio. It decreases slightly to approximately 74.0% at 10% attack ratio, then decreases to approximately 72.8% at 20% attack ratio, then decreases to approximately 72.5% at 30% attack ratio, then decreases to approximately 67.2% at 40% attack ratio, and ends at approximately 62.5% at 50% attack ratio. * **Ours (Red Circle):** The accuracy starts at approximately 75.5% at 0% attack ratio. It decreases slightly to approximately 74.5% at 10% attack ratio, then decreases to approximately 73.5% at 20% attack ratio, then decreases to approximately 73.3% at 30% attack ratio, then decreases to approximately 69.5% at 40% attack ratio, and ends at approximately 69.3% at 50% attack ratio. ### Key Observations * Biscotti shows the most significant decrease in accuracy as the attack ratio increases. * FedAvg, ShieldFL, PBFL, and Ours methods maintain relatively stable accuracy up to a 30% attack ratio, after which they experience a slight decrease. * FoolsGold and Median show a moderate decrease in accuracy as the attack ratio increases. * At 0% attack ratio, most methods have high accuracy, ranging from 68.7% to 75.5%. * At 50% attack ratio, the accuracy varies significantly among the methods, ranging from 56.2% to 69.5%. ### Interpretation The chart illustrates the robustness of different methods against increasing attack ratios. Biscotti appears to be the most vulnerable to attacks, as its accuracy drops significantly. FedAvg, ShieldFL, PBFL, and "Ours" methods demonstrate better resilience, maintaining relatively stable accuracy even with higher attack ratios. The performance differences highlight the varying effectiveness of these methods in mitigating the impact of adversarial attacks. The data suggests that the choice of method is crucial in environments where the attack ratio is high, as it can significantly impact the accuracy of the system.

## Chart: Accuracy vs. Attack Ratio for Federated Learning Methods ### Overview This image displays a 2D line chart illustrating the performance of seven different federated learning methods in terms of "Accuracy (%)" as the "Attack ratio (%)" increases. Each method is represented by a distinct colored line with a unique marker, and their performance is tracked across attack ratios from 0% to 50%. The chart aims to compare the robustness of these methods against adversarial attacks. ### Components/Axes The chart consists of a main plotting area, a horizontal X-axis, a vertical Y-axis, and a legend. * **X-axis:** * **Title:** "Attack ratio (%)" * **Scale:** Ranges from 0 to 50. * **Markers:** 0, 10, 20, 30, 40, 50. * **Y-axis:** * **Title:** "Accuracy (%)" * **Scale:** Ranges from 57.5 to 75.0. * **Markers:** 57.5, 60.0, 62.5, 65.0, 67.5, 70.0, 72.5, 75.0. * **Legend:** Located in the bottom-left corner of the chart area. It maps each method to its corresponding line color and marker shape: * **FedAvg:** Blue line with square markers (☐) * **ShieldFL:** Orange line with diamond markers (◇) * **PBFL:** Green line with upward-pointing triangle markers (△) * **Median:** Purple line with circle markers (○) * **Biscotti:** Grey line with star markers (☆) * **FoolsGold:** Brown line with downward-pointing triangle markers (▽) * **Ours:** Red line with circle-with-cross markers (⊕) ### Detailed Analysis The chart plots the accuracy of each method at different attack ratios. Below is a detailed breakdown of each method's trend and approximate data points: 1. **FedAvg (Blue line, square markers):** * **Trend:** Starts at a high accuracy, experiences a slight dip, then a more significant drop between 30% and 40% attack ratio, and finally stabilizes. * **Data Points:** * Attack ratio 0%: Approximately 75.5% Accuracy * Attack ratio 10%: Approximately 74.0% Accuracy * Attack ratio 20%: Approximately 73.0% Accuracy * Attack ratio 30%: Approximately 73.0% Accuracy * Attack ratio 40%: Approximately 69.5% Accuracy * Attack ratio 50%: Approximately 69.0% Accuracy 2. **ShieldFL (Orange line, diamond markers):** * **Trend:** Shows a very similar trend to FedAvg, starting high, dipping slightly, dropping significantly, and then stabilizing. It maintains slightly higher accuracy than FedAvg at higher attack ratios. * **Data Points:** * Attack ratio 0%: Approximately 75.5% Accuracy * Attack ratio 10%: Approximately 75.0% Accuracy * Attack ratio 20%: Approximately 73.0% Accuracy * Attack ratio 30%: Approximately 73.0% Accuracy * Attack ratio 40%: Approximately 69.5% Accuracy * Attack ratio 50%: Approximately 69.5% Accuracy 3. **PBFL (Green line, upward-pointing triangle markers):** * **Trend:** Starts high, shows a gradual decline in accuracy as the attack ratio increases, maintaining relatively good performance. * **Data Points:** * Attack ratio 0%: Approximately 75.0% Accuracy * Attack ratio 10%: Approximately 74.5% Accuracy * Attack ratio 20%: Approximately 74.0% Accuracy * Attack ratio 30%: Approximately 72.0% Accuracy * Attack ratio 40%: Approximately 71.0% Accuracy * Attack ratio 50%: Approximately 69.0% Accuracy 4. **Median (Purple line, circle markers):** * **Trend:** Starts at a moderate accuracy, slightly increases at 10% attack ratio, then shows a consistent, moderate decline. * **Data Points:** * Attack ratio 0%: Approximately 68.8% Accuracy * Attack ratio 10%: Approximately 69.5% Accuracy * Attack ratio 20%: Approximately 68.0% Accuracy * Attack ratio 30%: Approximately 67.0% Accuracy * Attack ratio 40%: Approximately 64.5% Accuracy * Attack ratio 50%: Approximately 63.5% Accuracy 5. **Biscotti (Grey line, star markers):** * **Trend:** Starts at a relatively high accuracy, but then experiences the most significant and steepest drop in accuracy among all methods as the attack ratio increases. * **Data Points:** * Attack ratio 0%: Approximately 73.0% Accuracy * Attack ratio 10%: Approximately 70.0% Accuracy * Attack ratio 20%: Approximately 66.5% Accuracy * Attack ratio 30%: Approximately 64.5% Accuracy * Attack ratio 40%: Approximately 61.5% Accuracy * Attack ratio 50%: Approximately 56.5% Accuracy 6. **FoolsGold (Brown line, downward-pointing triangle markers):** * **Trend:** Starts high, shows a slight initial increase, then a steady and significant decline in accuracy. * **Data Points:** * Attack ratio 0%: Approximately 73.5% Accuracy * Attack ratio 10%: Approximately 74.0% Accuracy * Attack ratio 20%: Approximately 72.5% Accuracy * Attack ratio 30%: Approximately 71.5% Accuracy * Attack ratio 40%: Approximately 67.0% Accuracy * Attack ratio 50%: Approximately 62.5% Accuracy 7. **Ours (Red line, circle-with-cross markers):** * **Trend:** Starts at a high accuracy, experiences a slight dip, then a more significant drop between 30% and 40% attack ratio, and finally stabilizes. Its performance closely mirrors FedAvg and ShieldFL. * **Data Points:** * Attack ratio 0%: Approximately 75.0% Accuracy * Attack ratio 10%: Approximately 73.5% Accuracy * Attack ratio 20%: Approximately 73.0% Accuracy * Attack ratio 30%: Approximately 73.0% Accuracy * Attack ratio 40%: Approximately 69.0% Accuracy * Attack ratio 50%: Approximately 69.0% Accuracy ### Key Observations * **Initial Performance (0% Attack Ratio):** FedAvg, ShieldFL, PBFL, and "Ours" all start with the highest accuracy, around 75-75.5%. FoolsGold and Biscotti are slightly lower, around 73-73.5%. Median starts significantly lower at approximately 68.8%. * **Robustness:** * **Most Robust:** PBFL shows the most consistent performance with the least steep decline, maintaining the highest accuracy at 40% and 50% attack ratios (71.0% and 69.0% respectively). * **Moderately Robust:** FedAvg, ShieldFL, and "Ours" exhibit similar robustness, maintaining accuracy around 69-69.5% at 50% attack ratio. * **Least Robust:** Biscotti shows the sharpest decline in accuracy, dropping from ~73.0% to ~56.5% (a ~16.5% drop) as the attack ratio increases from 0% to 50%. FoolsGold also shows a significant drop from ~73.5% to ~62.5% (a ~11% drop). * **"Ours" Performance:** The "Ours" method performs comparably to FedAvg and ShieldFL, especially at higher attack ratios, suggesting similar robustness characteristics to these established methods. * **Median Method:** The Median method has the lowest initial accuracy but shows a relatively stable, albeit declining, performance, ending above Biscotti and FoolsGold at 50% attack ratio. ### Interpretation This chart likely evaluates the resilience of different federated learning aggregation methods against data poisoning or adversarial attacks, where "Attack ratio (%)" represents the proportion of malicious participants or corrupted data, and "Accuracy (%)" is the model's performance metric. The data suggests that: * **PBFL** is the most robust method among those tested, as it maintains the highest accuracy even with a 50% attack ratio, indicating its strong ability to mitigate the impact of adversarial inputs. * **FedAvg, ShieldFL, and "Ours"** demonstrate comparable and relatively good robustness. While they experience a noticeable drop in accuracy at higher attack ratios, they still perform significantly better than methods like Biscotti and FoolsGold. The similarity in performance between "Ours" and these established methods suggests that "Ours" might be a competitive or improved alternative, depending on other unshown metrics (e.g., computational cost, communication overhead). * **Biscotti and FoolsGold** appear to be less robust to the types of attacks simulated, experiencing substantial performance degradation as the attack ratio increases. Biscotti, in particular, is highly vulnerable, with its accuracy plummeting to the lowest point at 50% attack ratio. * The **Median** method, despite starting with the lowest accuracy, shows a more graceful degradation than Biscotti and FoolsGold, suggesting it has some inherent resilience, though its overall performance is lower. In essence, the chart highlights the critical need for robust aggregation mechanisms in federated learning to ensure model integrity and performance in the presence of malicious actors. PBFL stands out as a strong performer in this regard, while "Ours" shows promising, competitive robustness.

## Line Chart: Accuracy vs. Attack Ratio for Federated Learning Algorithms ### Overview This line chart depicts the relationship between the attack ratio (percentage) and the accuracy (percentage) of several federated learning algorithms. The chart compares the performance of these algorithms under increasing adversarial conditions, represented by the attack ratio. ### Components/Axes * **X-axis:** "Attack ratio (%)" - Ranges from 0% to 50%, with markers at 0, 10, 20, 30, 40, and 50. * **Y-axis:** "Accuracy (%)" - Ranges from approximately 55% to 76%, with markers at 55, 60, 65, 70, 75. * **Legend:** Located in the bottom-left corner, listing the following algorithms with corresponding line colors and markers: * FedAvg (Blue, Square) * ShieldFL (Orange, Circle) * PBFL (Green, Triangle) * Median (Purple, Diamond) * Biscotti (Gray, Star) * FoolsGold (Brown, Inverted Triangle) * Ours (Red, Circle with a dot in the center) ### Detailed Analysis Here's a breakdown of each line's trend and approximate data points, verified against the legend colors: * **FedAvg (Blue, Square):** The line starts at approximately 69% accuracy at 0% attack ratio and slopes downward, reaching approximately 62% at 50% attack ratio. Data points (approximate): (0, 69), (10, 67), (20, 66), (30, 65), (40, 63), (50, 62). * **ShieldFL (Orange, Circle):** The line begins at approximately 75% accuracy at 0% attack ratio, decreases to around 73% at 10%, remains relatively stable around 72-73% between 10% and 40% attack ratio, and then drops to approximately 68% at 50% attack ratio. Data points (approximate): (0, 75), (10, 73), (20, 72.5), (30, 73), (40, 72), (50, 68). * **PBFL (Green, Triangle):** Starts at approximately 74% accuracy at 0% attack ratio, decreases to around 72% at 10%, remains relatively stable around 71-72% between 10% and 40% attack ratio, and then drops to approximately 68% at 50% attack ratio. Data points (approximate): (0, 74), (10, 72), (20, 71.5), (30, 71.5), (40, 71), (50, 68). * **Median (Purple, Diamond):** The line starts at approximately 68% accuracy at 0% attack ratio and consistently decreases, reaching approximately 62% at 50% attack ratio. Data points (approximate): (0, 68), (10, 66), (20, 65), (30, 64), (40, 63), (50, 62). * **Biscotti (Gray, Star):** The line shows a steep decline, starting at approximately 73% accuracy at 0% attack ratio and dropping to approximately 58% at 50% attack ratio. Data points (approximate): (0, 73), (10, 71), (20, 66), (30, 62), (40, 59), (50, 58). * **FoolsGold (Brown, Inverted Triangle):** The line starts at approximately 74% accuracy at 0% attack ratio and decreases to approximately 63% at 50% attack ratio. Data points (approximate): (0, 74), (10, 72), (20, 69), (30, 66), (40, 64), (50, 63). * **Ours (Red, Circle with a dot):** The line begins at approximately 75% accuracy at 0% attack ratio, decreases to around 73% at 10%, remains relatively stable around 72-73% between 10% and 40% attack ratio, and then drops to approximately 68% at 50% attack ratio. Data points (approximate): (0, 75), (10, 73), (20, 72.5), (30, 72.5), (40, 72), (50, 68). ### Key Observations * Biscotti exhibits the most significant performance degradation with increasing attack ratio. * FedAvg and Median show a relatively linear decrease in accuracy as the attack ratio increases. * ShieldFL, PBFL, and Ours demonstrate more resilience to attacks up to approximately 40% attack ratio, maintaining accuracy above 70%. * At 50% attack ratio, all algorithms experience a noticeable drop in accuracy, but ShieldFL, PBFL, and Ours still maintain a higher accuracy than FedAvg, Median, and Biscotti. ### Interpretation The chart demonstrates the vulnerability of federated learning algorithms to adversarial attacks. The "attack ratio" likely represents the proportion of malicious participants in the federated learning process. The algorithms' accuracy decreases as the attack ratio increases, indicating that the presence of malicious actors negatively impacts the model's performance. The varying slopes of the lines suggest different levels of robustness to attacks. Biscotti is particularly susceptible, while ShieldFL, PBFL, and "Ours" appear to be more resilient, potentially due to built-in defense mechanisms. The fact that all algorithms eventually suffer significant accuracy loss at a 50% attack ratio highlights the inherent challenges in securing federated learning systems against widespread malicious activity. The "Ours" algorithm performs comparably to ShieldFL and PBFL, suggesting it offers a similar level of protection against attacks. The chart provides valuable insights for selecting appropriate algorithms and developing robust defense strategies in federated learning environments. The data suggests that even with robust algorithms, a high attack ratio can severely compromise the integrity of the federated learning process.

## Line Chart: Accuracy of Federated Learning Defense Mechanisms Under Poisoning Attacks ### Overview This image is a line chart comparing the performance (accuracy) of seven different federated learning defense mechanisms as the ratio of malicious attacks increases. The chart demonstrates how each method's accuracy degrades under increasing adversarial pressure. ### Components/Axes * **Chart Type:** Multi-line chart with markers. * **X-Axis:** Labeled **"Attack ratio (%)"**. It represents the percentage of malicious participants or updates in the federated learning system. The axis has major tick marks at 0, 10, 20, 30, 40, and 50. * **Y-Axis:** Labeled **"Accuracy (%)"**. It represents the model's classification accuracy. The axis ranges from approximately 57.5% to 76%, with major tick marks at 57.5, 60, 62.5, 65, 67.5, 70, 72.5, and 75. * **Legend:** Located in the **bottom-left quadrant** of the plot area. It lists seven data series with corresponding line colors and marker styles: 1. **FedAvg** (Light blue line, square marker `□`) 2. **ShieldFL** (Orange line, plus marker `+`) 3. **PBFL** (Green line, upward-pointing triangle marker `△`) 4. **Median** (Purple line, circle marker `○`) 5. **Biscotti** (Gray line, left-pointing triangle marker `◁`) 6. **FoolsGold** (Brown line, downward-pointing triangle marker `▽`) 7. **Ours** (Red line, pentagon marker `⬠`) ### Detailed Analysis The chart plots Accuracy (%) against Attack ratio (%). Below is an analysis of each data series, including approximate values and visual trends. **Trend Verification & Data Points (Approximate):** 1. **FedAvg (Light blue, `□`):** * **Trend:** Starts high, remains relatively stable until a 30% attack ratio, then declines sharply. * **Points:** (0%, ~75.5%), (10%, ~75.0%), (20%, ~73.5%), (30%, ~73.5%), (40%, ~69.5%), (50%, ~68.5%). 2. **ShieldFL (Orange, `+`):** * **Trend:** Starts as the highest, shows a steady, near-linear decline across all attack ratios. * **Points:** (0%, ~76.0%), (10%, ~75.0%), (20%, ~73.5%), (30%, ~73.5%), (40%, ~69.0%), (50%, ~69.0%). 3. **PBFL (Green, `△`):** * **Trend:** Starts very high, declines gradually and consistently. * **Points:** (0%, ~75.5%), (10%, ~74.5%), (20%, ~74.0%), (30%, ~72.0%), (40%, ~71.0%), (50%, ~68.5%). 4. **Median (Purple, `○`):** * **Trend:** Starts significantly lower than the top group, shows a very gradual, shallow decline. * **Points:** (0%, ~68.5%), (10%, ~69.0%), (20%, ~68.0%), (30%, ~67.5%), (40%, ~64.5%), (50%, ~64.0%). 5. **Biscotti (Gray, `◁`):** * **Trend:** Starts moderately high but exhibits the steepest and most consistent decline of all methods. * **Points:** (0%, ~73.0%), (10%, ~70.0%), (20%, ~66.5%), (30%, ~64.5%), (40%, ~61.5%), (50%, ~56.5%). 6. **FoolsGold (Brown, `▽`):** * **Trend:** Starts high, declines steadily, with a particularly sharp drop between 30% and 40% attack ratio. * **Points:** (0%, ~73.5%), (10%, ~73.5%), (20%, ~72.5%), (30%, ~71.5%), (40%, ~67.0%), (50%, ~62.5%). 7. **Ours (Red, `⬠`):** * **Trend:** Starts among the top group, maintains high accuracy robustly until a 30% attack ratio, then declines but remains competitive. * **Points:** (0%, ~75.5%), (10%, ~74.0%), (20%, ~73.5%), (30%, ~73.5%), (40%, ~69.0%), (50%, ~68.5%). ### Key Observations 1. **Performance Hierarchy at Low Attack (0%):** ShieldFL, FedAvg, PBFL, and "Ours" are tightly clustered at the top (~75.5-76%). FoolsGold and Biscotti are slightly lower (~73-73.5%). Median is a clear outlier, starting much lower (~68.5%). 2. **Robustness to Increasing Attacks:** The method labeled **"Ours"** and **FedAvg** show a "plateau-then-drop" pattern, maintaining high accuracy up to a 30% attack ratio before declining. **ShieldFL** and **PBFL** show a more linear, graceful degradation. 3. **Most Vulnerable Method:** **Biscotti** demonstrates the poorest robustness, suffering the most severe and consistent drop in accuracy, falling from ~73% to ~56.5%. 4. **Critical Threshold:** A notable inflection point occurs for several methods (FedAvg, FoolsGold, "Ours") between **30% and 40% attack ratio**, where the rate of accuracy loss increases sharply. 5. **Final Ranking at 50% Attack:** The order from highest to lowest accuracy is approximately: ShieldFL ≈ PBFL ≈ FedAvg ≈ "Ours" (all ~68.5-69%) > Median (~64%) > FoolsGold (~62.5%) > Biscotti (~56.5%). ### Interpretation This chart is a comparative robustness analysis for federated learning (FL) systems under data poisoning attacks. The "Attack ratio" simulates an adversary controlling a fraction of the participating clients or their model updates. * **What the data suggests:** The proposed method ("Ours") is designed to be highly robust, matching the top-performing established defenses (ShieldFL, PBFL, FedAvg) in clean conditions and maintaining that performance under moderate attack pressure (up to 30%). Its behavior suggests it may incorporate mechanisms that effectively filter or neutralize malicious updates until they reach a critical mass. * **Relationship between elements:** The chart directly correlates adversarial strength (x-axis) with system utility (y-axis). The diverging lines illustrate that different defense strategies have varying resilience profiles. Methods like Biscotti and FoolsGold appear more sensitive to the proportion of attackers, while Median, though starting lower, shows a flatter degradation curve, indicating a different, possibly more conservative, robustness strategy. * **Notable Anomalies/Patterns:** The sharp performance cliff for multiple methods between 30-40% attack ratio is critical. It implies a phase transition where the defense mechanisms become overwhelmed, and the malicious updates begin to dominate the global model aggregation. The fact that "Ours," FedAvg, and ShieldFL converge to a similar accuracy at 50% attack suggests there may be a fundamental limit to robustness in this experimental setup when half the participants are malicious. The consistently lower performance of the Median aggregator, even at 0% attack, highlights the trade-off between robustness and final model accuracy in some defense strategies.

## Line Graph: Accuracy (%) vs Attack ratio (%) ### Overview The graph compares the accuracy of seven different methods (FedAvg, ShieldFL, PBFL, Median, Biscotti, FoolsGold, Ours) across varying attack ratios (0% to 50%). Accuracy is measured on the y-axis (57.5%–75%), while the x-axis represents the percentage of malicious participants in the system. Each method is represented by a distinct colored line with unique markers. ### Components/Axes - **X-axis (Attack ratio (%))**: Ranges from 0% to 50% in 10% increments. - **Y-axis (Accuracy (%))**: Ranges from 57.5% to 75% in 2.5% increments. - **Legend**: Located at the bottom-left corner, mapping colors/markers to methods: - **FedAvg**: Blue square - **ShieldFL**: Orange diamond - **PBFL**: Green triangle - **Median**: Purple pentagon - **Biscotti**: Gray star - **FoolsGold**: Brown triangle - **Ours**: Red circle ### Detailed Analysis 1. **FedAvg (Blue Square)**: - Starts at ~75% accuracy at 0% attack ratio. - Declines gradually to ~70% at 50% attack ratio. - Maintains relatively stable performance compared to others. 2. **ShieldFL (Orange Diamond)**: - Begins at ~75% accuracy at 0%. - Sharp decline to ~70% by 10% attack ratio. - Stabilizes slightly above 70% for higher attack ratios. 3. **PBFL (Green Triangle)**: - Starts at ~74% accuracy at 0%. - Gradual decline to ~69% at 50%. - Shows moderate resilience to attacks. 4. **Median (Purple Pentagon)**: - Begins at ~68% accuracy at 0%. - Slightly increases to ~69% at 10%, then declines steadily. - Ends at ~63% at 50%, the lowest among all methods. 5. **Biscotti (Gray Star)**: - Starts at ~73% accuracy at 0%. - Sharp decline to ~62% by 20% attack ratio. - Continues dropping to ~57% at 50%, the steepest slope. 6. **FoolsGold (Brown Triangle)**: - Begins at ~73% accuracy at 0%. - Gradual decline to ~68% at 30%. - Accelerates downward to ~62% at 50%. 7. **Ours (Red Circle)**: - Starts at ~75% accuracy at 0%. - Moderate decline to ~70% at 30%. - Stabilizes near 70% for higher attack ratios, outperforming most methods. ### Key Observations - **Best Performance at 0% Attack**: FedAvg, ShieldFL, and Ours all start near 75% accuracy. - **Worst Performance at 50% Attack**: Biscotti drops to ~57%, while Median hits ~63%. - **Resilience**: Ours and FedAvg maintain the highest accuracy across all attack ratios. - **Volatility**: ShieldFL and Biscotti show the most dramatic declines, especially after 10% attack ratio. ### Interpretation The data suggests that **FedAvg** and **Ours** are the most robust methods, maintaining accuracy above 70% even at 50% attack ratios. **ShieldFL** and **PBFL** offer moderate resilience but degrade significantly under high attack conditions. **Biscotti** and **FoolsGold** are highly vulnerable, with steep accuracy drops. The **Median** line indicates that average client performance is poor under attack, highlighting systemic weaknesses. These trends emphasize the importance of attack-aware design in federated learning systems, with **Ours** and **FedAvg** emerging as the most reliable choices for adversarial environments.