1: \begin{abstract}

2: Decentralized federated learning (DFL) is inherently vulnerable to poisoning attacks, as malicious clients can transmit manipulated model gradients to neighboring clients. 

3: Existing defense methods either reject suspicious gradients per iteration or restart DFL aggregation after detecting all malicious clients. They overlook the potential accuracy benefit from the discarded malicious gradients.

4: In this paper, we propose a novel \emph{gradient purification defense}, named \textsf{GPD}, that integrates seamlessly with existing DFL aggregation to defend against poisoning attacks.

5: It aims to mitigate the harm in model gradients while retaining the benefit in model weights for enhancing accuracy. For each benign client in \textsf{GPD}, a recording variable is designed to track the historically aggregated gradients from one of its neighbors. 

6: It allows benign clients to precisely detect malicious neighbors and swiftly mitigate all aggregated malicious gradients via historical consistency checks. 

7: Upon mitigation, \textsf{GPD} optimizes model weights via aggregating gradients solely from benign clients. This retains previously beneficial portions from malicious clients and exploits canonical contributions from benign clients, thereby significantly enhancing the model accuracy. 

8: We analyze the convergence of \textsf{GPD}, as well as its ability to harvest high accuracy.

9: Extensive experiments over three datasets demonstrate that, \textsf{GPD} is capable of mitigating poisoning attacks under both iid and non-iid data distributions. It significantly outperforms state-of-the-art defenses in terms of accuracy against various poisoning attacks.

10: \end{abstract}

11: