联邦学习（FL）是一种流行的范式，使客户端能够在不共享原始数据的情况下联合训练全局模型。然而，由于其分布式特性，FL易受后门攻击的影响。作为参与者，攻击者可以上传有效破坏FL的模型更新。更糟糕的是，现有的防御措施大多是在独立同分布（iid）设置下设计的，因此忽略了FL的根本非独立同分布特性。我们在此提出FLBuff，用于在非独立同分布情况下应对后门攻击。此类防御的主要挑战在于，非独立同分布使得良性更新和恶意更新更加接近，从而更难分离。FLBuff的灵感来源于我们的见解，即非独立同分布可以在表示空间中建模为全向扩展，而后门攻击则为单向扩展。这引出了FLBuff的关键设计，即利用监督对比学习模型提取倒数第二层表示，创建一个大的中间缓冲层。全面评估表明，FLBuff始终优于最先进的防御方法。

Federated Learning (FL) is a popular paradigm enabling clients to jointly train a global model without sharing raw data. However, FL is known to be vulnerable towards backdoor attacks due to its distributed nature. As participants, attackers can upload model updates that effectively compromise FL. What's worse, existing defenses are mostly designed under independent-and-identically-distributed (iid) settings, hence neglecting the fundamental non-iid characteristic of FL. Here we propose FLBuff for tackling backdoor attacks even under non-iids. The main challenge for such defenses is that non-iids bring benign and malicious updates closer, hence harder to separate. FLBuff is inspired by our insight that non-iids can be modeled as omni-directional expansion in representation space while backdoor attacks as uni-directional. This leads to the key design of FLBuff, i.e., a supervised-contrastive-learning model extracting penultimate-layer representations to create a large in-between buffer layer. Comprehensive evaluations demonstrate that FLBuff consistently outperforms state-of-the-art defenses.