To address the degradation of model performance and robustness in federated learning (FL) caused by malicious clients (e.g., label-flipping attacks), this paper proposes FedCB²O, a consensus-based bi-level optimization framework. Methodologically, it introduces Consensus-Driven Bi-level Bi-objective Optimization (CB²O)—a novel multi-particle metaheuristic—into FL for the first time, establishing a collaborative game mechanism between clients and the server; theoretical analysis proves its mean-field convergence under malicious agents. Furthermore, a clustered FL architecture is designed to enable both intra-cluster consensus and inter-cluster global coordination. Experimental results demonstrate that, under 30% malicious client participation, FedCB²O exhibits strong robustness against label-flipping attacks, achieving an average accuracy improvement of 12.7% over state-of-the-art baselines while maintaining stable test accuracy above 85%.

Adversarial attacks pose significant challenges in many machine learning applications, particularly in the setting of distributed training and federated learning, where malicious agents seek to corrupt the training process with the goal of jeopardizing and compromising the performance and reliability of the final models. In this paper, we address the problem of robust federated learning in the presence of such attacks by formulating the training task as a bi-level optimization problem. We conduct a theoretical analysis of the resilience of consensus-based bi-level optimization (CB$^2$O), an interacting multi-particle metaheuristic optimization method, in adversarial settings. Specifically, we provide a global convergence analysis of CB$^2$O in mean-field law in the presence of malicious agents, demonstrating the robustness of CB$^2$O against a diverse range of attacks. Thereby, we offer insights into how specific hyperparameter choices enable to mitigate adversarial effects. On the practical side, we extend CB$^2$O to the clustered federated learning setting by proposing FedCB$^2$O, a novel interacting multi-particle system, and design a practical algorithm that addresses the demands of real-world applications. Extensive experiments demonstrate the robustness of the FedCB$^2$O algorithm against label-flipping attacks in decentralized clustered federated learning scenarios, showcasing its effectiveness in practical contexts.