1: \begin{abstract}

2: Federated learning (FL) enables multiple clients to collaboratively train machine learning models without revealing their private training data.

3: In conventional FL, the system follows the server-assisted architecture (server-assisted FL), where the training process is coordinated by a central server.

4: However, the server-assisted FL framework suffers from poor scalability due to a communication bottleneck at the server, and trust dependency issues.

5: To address challenges, decentralized federated learning (DFL) architecture has been proposed to allow clients to train models collaboratively in a serverless and peer-to-peer manner.

6: However, due to its fully decentralized nature, DFL is highly vulnerable to poisoning attacks, where malicious clients could manipulate the system by sending carefully-crafted local models to their neighboring clients.

7: To date, only a limited number of Byzantine-robust DFL methods have been proposed, most of which are either communication-inefficient or remain vulnerable to advanced poisoning attacks.  

8: In this paper, we propose a new algorithm called \alg (\underline{B}yzantine-robust \underline{a}veraging through \underline{l}ocal simil\underline{a}rity i\underline{n} de\underline{ce}ntralization) to defend against poisoning attacks in DFL.

9: In \algns, each client leverages its own local model as a similarity reference to determine if the received model is malicious or benign.

10: We establish the theoretical convergence guarantee for \alg under poisoning attacks in both strongly convex and non-convex settings. 

11: Furthermore, the convergence rate of \alg under poisoning attacks matches those of the state-of-the-art counterparts in Byzantine-free settings.

12: Extensive experiments also demonstrate that \alg outperforms existing DFL methods and effectively defends against poisoning attacks.

13: 

14: \end{abstract}

15: