Abstract: Aiming at the problem that the existing defense schemes could not effectively distinguish the differences of client gradients in federated learning backdoor attacks and the large computational overhead, a federated learning backdoor defense algorithm based on gradient features (GradGuard) was proposed. First, normalization and scaling were performed on each client gradient, and the problem of masking the backdoor dimension by benign dimensions with large absolute changes was solved by scaling the relative changes of local model gradients. Second, a dominant gradient clustering algorithm based on cosine similarity was designed to identify small client clusters with the lowest risk probability, and malicious gradients that might contain backdoors were eliminated. Finally, an adaptive gradient clipping strategy was proposed, in which the clipping threshold was adaptively adjusted based on the ratio of the L2 norm of the benign client dimension to that of the attacker, ensuring the stability of the global model. The experimental results show that compared to the Datadefense algorithm, GradGuard reduces the success rate of backdoor attacks by 1.91, 1.36, 1.28, and 0.49 percentage points, respectively, under four different attack frequencies. It also reduces the success rate of edge backdoor attacks by 8.93, 3.34, 9.51, and 0.79 percentage points, respectively. Additionally, GradGuard reduces the computational burden on servers, with training times reduced by 94.5 seconds and 355.02 seconds on the EMNIST (Extended Modified National Institute of Standards and Technology) and CIFAR10(Canadian InstituteFor Advanced Research) datasets, respectively, compared to the Scope algorithm, thereby enhancing the efficiency of federated learning systems.