Yanzhe Che,Kevin Chiew,Xiaoyan Hong,Qinming He

DOI: https://doi.org/10.1145/2442810.2442820

2012-01-01

Abstract:ABSTRACTThere is a potential privacy breach when users access various location-based social applications on a mobile social network (MSN), e.g., sharing locations with friends. To preserve location privacy, one of the most common methods is to use a coarse or fake location instead of a user's exact location. However, most of these previous approaches only provide geometric strategies without considering the semantic context of the geographical locations. For example, if a cloaked region contains a part of a lake, where no boats are allowed, an adversary can easily prune the cloaked region to a smaller range covering a user's actual location. In this paper, we propose SALS, a semantics-aware location sharing framework based on cloaking zone for an MSN environment. By considering a user's social relations and activities which are available in an MSN environment, SALS does not assume any trustworthy entities, including strangers, friends or any third parties. As a solution, SALS enables users to cooperate with each other, in a Peer-to-Peer (P2P) way, to generate the cloaking zones, which will be used instead of the actual locations. Different from the previous cloaking techniques, SALS considers the semantic location which can influence the distribution probability of a user's locations. We also propose metrics for measuring the quality of the cloaking zone. The evaluation shows that our method can well defend the semantic-location attack.

Danish Gufran,Sudeep Pasricha

2023-07-04

Abstract:Indoor localization plays a vital role in applications such as emergency response, warehouse management, and augmented reality experiences. By deploying machine learning (ML) based indoor localization frameworks on their mobile devices, users can localize themselves in a variety of indoor and subterranean environments. However, achieving accurate indoor localization can be challenging due to heterogeneity in the hardware and software stacks of mobile devices, which can result in inconsistent and inaccurate location estimates. Traditional ML models also heavily rely on initial training data, making them vulnerable to degradation in performance with dynamic changes across indoor environments. To address the challenges due to device heterogeneity and lack of adaptivity, we propose a novel embedded ML framework called FedHIL. Our framework combines indoor localization and federated learning (FL) to improve indoor localization accuracy in device-heterogeneous environments while also preserving user data privacy. FedHIL integrates a domain-specific selective weight adjustment approach to preserve the ML model's performance for indoor localization during FL, even in the presence of extremely noisy data. Experimental evaluations in diverse real-world indoor environments and with heterogeneous mobile devices show that FedHIL outperforms state-of-the-art FL and non-FL indoor localization frameworks. FedHIL is able to achieve 1.62x better localization accuracy on average than the best performing FL-based indoor localization framework from prior work.

Machine Learning,Multiagent Systems,Signal Processing

Yaya Etiabi,Wafa Njima,El Mehdi Amhoud

2024-05-18

Abstract:The rapid growth of the Internet of Things fosters collaboration among connected devices for tasks like indoor localization. However, existing indoor localization solutions struggle with dynamic and harsh conditions, requiring extensive data collection and environment-specific calibration. These factors impede cooperation, scalability, and the utilization of prior research efforts. To address these challenges, we propose FeMLoc, a federated meta-learning framework for localization. FeMLoc operates in two stages: (i) collaborative meta-training where a global meta-model is created by training on diverse localization datasets from edge devices. (ii) Rapid adaptation for new environments, where the pre-trained global meta-model initializes the localization model, requiring only minimal fine-tuning with a small amount of new data. In this paper, we provide a detailed technical overview of FeMLoc, highlighting its unique approach to privacy-preserving meta-learning in the context of indoor localization. Our performance evaluation demonstrates the superiority of FeMLoc over state-of-the-art methods, enabling swift adaptation to new indoor environments with reduced calibration effort. Specifically, FeMLoc achieves up to 80.95% improvement in localization accuracy compared to the conventional baseline neural network (NN) approach after only 100 gradient steps. Alternatively, for a target accuracy of around 5m, FeMLoc achieves the same level of accuracy up to 82.21% faster than the baseline NN approach. This translates to FeMLoc requiring fewer training iterations, thereby significantly reducing fingerprint data collection and calibration efforts. Moreover, FeMLoc exhibits enhanced scalability, making it well-suited for location-aware massive connectivity driven by emerging wireless communication technologies.

Signal Processing,Machine Learning,Networking and Internet Architecture

Xiaolong Xu,Haoyuan Li,Zheng Li,Xiaokang Zhou

DOI: https://doi.org/10.1109/tii.2022.3195896

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the increasing data scale in the Industrial Internet of Things, edge computing coordinated with machine learning is regarded as an effective way to raise the novel latency-sensitive services. To ensure the data privacy for frequent service access, federated learning (FL), as a privacy-preserving distributed framework, is integrated into edge computing, enabling user data invisible to the training process. However, sophisticated network attacks threaten deep learning (DL) models by data poison and malicious reasoning, making the DL-based system untrustworthy. To this end, a synergic data filtering method, named Safe, is proposed to deal with the poisoning attacks. Specifically, considering that the distributed support vector machine is at risk of being attacked due to its distribution and openness to communication, edge-cloud empowered FL framework is designed. Then, the alternating direction method of multipliers is deployed to detect attacked devices whose training processes will be interrupted. Moreover, due to the untrustworthiness of label data, the poisoned data in the attacked devices are figured out and filtered by clustering the trusted data with K -means clustering algorithm. Eventually, extensive experiment results proved that the Safe outperforms correlation methods in detection accuracy and trustworthiness.

Xin Cheng,Tingting Liu,Feng Shu,Chuan Ma,Jun Li,Jiangzhou Wang

DOI: https://doi.org/10.48550/arXiv.2205.08292

2022-08-24

Abstract:Recently, the development of mobile edge computing has enabled exhilarating edge artificial intelligence (AI) with fast response and low communication cost. The location information of edge devices is essential to support the edge AI in many scenarios, like smart home, intelligent transportation systems and integrated health care. Taking advantages of deep learning intelligence, the centralized machine learning (ML)-based positioning technique has received heated attention from both academia and industry. However, some potential issues, such as location information leakage and huge data traffic, limit its application. Fortunately, a newly emerging privacy-preserving distributed ML mechanism, named federated learning (FL), is expected to alleviate these concerns. In this article, we illustrate a framework of FL-based localization system as well as the involved entities at edge networks. Moreover, the advantages of such system are elaborated. On practical implementation of it, we investigate the field-specific issues associated with system-level solutions, which are further demonstrated over a real-word database. Moreover, future challenging open problems in this field are outlined.

Signal Processing

Xin Cheng,Chuan Ma,Jun Li,Haiwei Song,Feng Shu,Jiangzhou Wang

DOI: https://doi.org/10.1109/lwc.2022.3169215

IF: 6.3

2022-01-01

IEEE Wireless Communications Letters

Abstract:Fingerprint-based localization plays an important role in indoor location-based services, where the position information is usually collected in distributed clients and gathered in a centralized server. However, the overloaded transmission as well as the potential risk of divulging private information burdens the application. Owning the ability to address these challenges, federated learning (FL)-based fingerprinting localization comes into people's sights, which aims to train a global model while keeping raw data locally. However, in distributed machine learning (ML) scenarios, the unavoidable database heterogeneity usually degrades the performance of existing FL-based localization algorithm (FedLoc). In this letter, we first characterize the database heterogeneity with a computable metric, i.e., the area of convex hull, and verify it by experimental results. Then, a novel heterogeneous FL-based localization algorithm with the area of convex hull-based aggregation (FedLoc-AC) is proposed. Extensive experimental results, including real-word cases are conducted. We can conclude that the proposed FedLoc-AC can achieve an obvious prediction gain compared to FedLoc in heterogeneous scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Raza,Shujun Li,Kim-Phuc Tran,Ludovic Koehl

DOI: https://doi.org/10.48550/arXiv.2207.08486

2023-05-09

Abstract:Adversarial attacks such as poisoning attacks have attracted the attention of many machine learning researchers. Traditionally, poisoning attacks attempt to inject adversarial training data in order to manipulate the trained model. In federated learning (FL), data poisoning attacks can be generalized to model poisoning attacks, which cannot be detected by simpler methods due to the lack of access to local training data by the detector. State-of-the-art poisoning attack detection methods for FL have various weaknesses, e.g., the number of attackers has to be known or not high enough, working with i.i.d. data only, and high computational complexity. To overcome above weaknesses, we propose a novel framework for detecting poisoning attacks in FL, which employs a reference model based on a public dataset and an auditor model to detect malicious updates. We implemented a detector based on the proposed framework and using a one-class support vector machine (OC-SVM), which reaches the lowest possible computational complexity O(K) where K is the number of clients. We evaluated our detector's performance against state-of-the-art (SOTA) poisoning attacks for two typical applications of FL: electrocardiograph (ECG) classification and human activity recognition (HAR). Our experimental results validated the performance of our detector over other SOTA detection methods.

Machine Learning,Cryptography and Security

Danish Gufran,Pooja Anandathirtha,Sudeep Pasricha

2024-07-15

Abstract:With the increasing demand for edge device powered location-based services in indoor environments, Wi-Fi received signal strength (RSS) fingerprinting has become popular, given the unavailability of GPS indoors. However, achieving robust and efficient indoor localization faces several challenges, due to RSS fluctuations from dynamic changes in indoor environments and heterogeneity of edge devices, leading to diminished localization accuracy. While advances in machine learning (ML) have shown promise in mitigating these phenomena, it remains an open problem. Additionally, emerging threats from adversarial attacks on ML-enhanced indoor localization systems, especially those introduced by malicious or rogue access points (APs), can deceive ML models to further increase localization errors. To address these challenges, we present SENTINEL, a novel embedded ML framework utilizing modified capsule neural networks to bolster the resilience of indoor localization solutions against adversarial attacks, device heterogeneity, and dynamic RSS fluctuations. We also introduce RSSRogueLoc, a novel dataset capturing the effects of rogue APs from several real-world indoor environments. Experimental evaluations demonstrate that SENTINEL achieves significant improvements, with up to 3.5x reduction in mean error and 3.4x reduction in worst-case error compared to state-of-the-art frameworks using simulated adversarial attacks. SENTINEL also achieves improvements of up to 2.8x in mean error and 2.7x in worst-case error compared to state-of-the-art frameworks when evaluated with the real-world RSSRogueLoc dataset.

Signal Processing,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning,Systems and Control

Xuejun Zhang,Fucun He,Chen Qian,Xinlong Jiang,Junda Bao,Tongwei Ren,Xiaogang Du

DOI: https://doi.org/10.1007/s00521-021-06815-9

2022-01-01

Abstract:As an enabling technology for edge computing scenarios, indoor localization has a broad prospect in a variety of location-based applications, such as tracking, navigating, and monitoring in indoor environments. In order to improve the location accuracy, numerous machine learning (ML)-based indoor localization schemes with fingerprint fusion have been proposed recently, which take advantage of the fusion of signal gathered from multiple wireless technologies (e.g., WiFi and BLE) and require a site survey to construct the fingerprint database. However, most solutions are based on cloud framework and thus pose a serious privacy leakage because users’ sensitive information (e.g., locations) is computed from the fingerprint database by the untrusted localization service provider. Furthermore, the site survey is time-consuming and labor-intensive. In this paper, we propose a differentially private fingerprint fusion semi-supervised extreme learning machine for indoor localization in the edge computing, called Adp-FSELM. The Adp-FSELM firstly employs a multi-level edge network-based privacy-preserving system framework to meet the requirements of ML-based fingerprint indoor localization for lightweight, low latency, and real-time response. Then, the Adp-FSELM extends the $$\varepsilon$$ ε -differential privacy to the fingerprint fusion semi-supervised extreme learning machine for indoor localization in edge computing through a three-phase private process consisting of private labeled sample obfuscation, differentially private feature fusion, and differentially private model training. Theoretical and comprehensive experimental results in real indoor environments demonstrate that the Adp-FSELM provides a high $$\varepsilon$$ ε -differential privacy guarantee for users’ location privacy while reducing human calibration effort and effectively resists Bayesian inference attacks. Compared with the existing semi-supervised learning-based localization methods, the mean absolute error of location accuracy of the Adp-FSELM is restricted to 2.22% at most, and the additional time consumption can be almost ignored. Thus, our mechanism can balance the trade-off among location privacy, location accuracy, and time consumption.

Ehsan Nowroozi,Imran Haider,Rahim Taheri,Mauro Conti

2024-03-05

Abstract:Federated Learning (FL) is a machine learning (ML) approach that enables multiple decentralized devices or edge servers to collaboratively train a shared model without exchanging raw data. During the training and sharing of model updates between clients and servers, data and models are susceptible to different data-poisoning attacks.

Cryptography and Security,Artificial Intelligence,Computers and Society,Machine Learning,Networking and Internet Architecture

DOI: https://doi.org/10.1007/s12083-024-01736-5

IF: 3.488

2024-06-03

Peer-to-Peer Networking and Applications

Abstract:In recent years, Indoor Positioning Systems (IPS) have emerged as a critical technology to enable a diverse range of Location-based Services (LBS) across different sectors, such as retail, healthcare, and transportation. Despite their strong demand and importance, existing implementations of IPS face significant challenges concerning accuracy and privacy. The accuracy issue is mainly rooted in the inherent characteristics of Received Signal Strength (RSS), which is widely integrated into current IPS as it only requires readily available WiFi infrastructure. Several studies have demonstrated that RSS suffers from instability and inaccuracy in the presence of environmental changes, making it an inadequate choice for precise IPS. Furthermore, most state-of-the-art IPS encounter privacy and data security issues as they often require users to share their privacy-sensitive location data with a centralized server. Unfortunately, centralized data collection and processing potentially expose users to privacy breaches. To tackle these shortcomings, we advocate for a comprehensive, accurate, and multifaceted solution that enables users to harness the benefits of IPS without provoking privacy concerns. First, we address the positional inaccuracy problem by combining the strengths and synergies between RSS and Channel State Information (CSI). Fusing these complementary metrics delivers increased stability against environmental fluctuations. Thereby, it provides a robust foundation for reliable and accurate positioning outcomes. Second, to address the privacy challenge, we integrate Federated Learning (FL) into the proposed solution to enable the collaborative development of machine learning-based IPS models while ensuring that user data remains decentralized. We conducted a comprehensive assessment to evaluate the performance of the proposed IPS and the corresponding overheads compared to established baseline techniques that utilize either RSS or CSI independently. The results indicate significant enhancements, highlighting our solution's ability to effectively address accuracy and privacy challenges.

computer science, information systems,telecommunications

Saideep Tiku,Prathmesh Kale,Sudeep Pasricha

DOI: https://doi.org/10.48550/arXiv.2104.07521

2021-04-15

Abstract:Indoor localization services are a crucial aspect for the realization of smart cyber-physical systems within cities of the future. Such services are poised to reinvent the process of navigation and tracking of people and assets in a variety of indoor and subterranean environments. The growing ownership of computationally capable smartphones has laid the foundations of portable fingerprinting-based indoor localization through deep learning. However, as the demand for accurate localization increases, the computational complexity of the associated deep learning models increases as well. We present an approach for reducing the computational requirements of a deep learning-based indoor localization framework while maintaining localization accuracy targets. Our proposed methodology is deployed and validated across multiple smartphones and is shown to deliver up to 42% reduction in prediction latency and 45% reduction in prediction energy as compared to the best-known baseline deep learning-based indoor localization model.

Networking and Internet Architecture,Machine Learning,Signal Processing

Evita Bakopoulou,Mengwei Yang,Jiang Zhang,Konstantinos Psounis,Athina Markopoulou

DOI: https://doi.org/10.1109/TMC.2023.3332034

2024-01-06

Abstract:We consider the problem of predicting cellular network performance (signal maps) from measurements collected by several mobile devices. We formulate the problem within the online federated learning framework: (i) federated learning (FL) enables users to collaboratively train a model, while keeping their training data on their devices; (ii) measurements are collected as users move around over time and are used for local training in an online fashion. We consider an honest-but-curious server, who observes the updates from target users participating in FL and infers their location using a deep leakage from gradients (DLG) type of attack, originally developed to reconstruct training data of DNN image classifiers. We make the key observation that a DLG attack, applied to our setting, infers the average location of a batch of local data, and can thus be used to reconstruct the target users' trajectory at a coarse granularity. We build on this observation to protect location privacy, in our setting, by revisiting and designing mechanisms within the federated learning framework including: tuning the FL parameters for averaging, curating local batches so as to mislead the DLG attacker, and aggregating across multiple users with different trajectories. We evaluate the performance of our algorithms through both analysis and simulation based on real-world mobile datasets, and we show that they achieve a good privacy-utility tradeoff.

Machine Learning,Cryptography and Security

Junfei Wang,He Huang,Jingze Feng,Steven Wong,Lihua Xie,Jianfei Yang

2024-07-08

Abstract:There is a significant demand for indoor localization technology in smart buildings, and the most promising solution in this field is using RF sensors and fingerprinting-based methods that employ machine learning models trained on crowd-sourced user data gathered from IoT devices. However, this raises security and privacy issues in practice. Some researchers propose to use federated learning to partially overcome privacy problems, but there still remain security concerns, e.g., single-point failure and malicious attacks. In this paper, we propose a framework named DFLoc to achieve precise 3D localization tasks while considering the following two security concerns. Particularly, we design a specialized blockchain to decentralize the framework by distributing the tasks such as model distribution and aggregation which are handled by a central server to all clients in most previous works, to address the issue of the single-point failure for a reliable and accurate indoor localization system. Moreover, we introduce an updated model verification mechanism within the blockchain to alleviate the concern of malicious node attacks. Experimental results substantiate the framework's capacity to deliver accurate 3D location predictions and its superior resistance to the impacts of single-point failure and malicious attacks when compared to conventional centralized federated learning systems.

Cryptography and Security,Artificial Intelligence,Machine Learning,Signal Processing

Eda Sena Erdol,Beste Ustubioglu,Hakan Erdol,Guzin Ulutas

DOI: https://doi.org/10.1016/j.future.2024.04.017

IF: 7.307

2024-04-21

Future Generation Computer Systems

Abstract:Federated learning (FL) is a type of distributed learning that can perform model training without exposing end users' data from end-user devices to increase security. Although it is one step ahead of other learning approaches thanks to this feature, studies have also proven that malicious users can reduce the success of the FL model. In this study, it is proven that the accuracy of the FL model is deteriorated by applying poisoning attack. We propose a defence strategy that can help identify harmful participants in FL using size reduction algorithms. Then, we create the Low Dimensional Secure Federated Learning (LD-SFL) framework with the OC-SVM method to eliminate the identified malicious users. The superiority of our proposed method has been proven against state-of-the-art methods by experimental results on three different datasets that the proposed framework is a robust defence mechanism.

computer science, theory & methods

Chunyong Yin,Qingkui Zeng

DOI: https://doi.org/10.1109/TCSS.2023.3296885

2024-04-01

IEEE Transactions on Computational Social Systems

Abstract:Federated learning (FL) is an emerging paradigm that allows participants to collaboratively train deep learning tasks while protecting the privacy of their local data. However, the absence of central server control in distributed environments exposes a vulnerability to data poisoning attacks, where adversaries manipulate the behavior of compromised clients by poisoning local data. In particular, data poisoning attacks against FL can have a drastic impact when the participant’s local data is non-independent and identically distributed (non-IID). Most existing defense strategies have demonstrated promising results in mitigating FL poisoning attacks, however, fail to maintain their effectiveness with non-IID data. In this work, we propose an effective defense framework, FL data augmentation (FLDA), which defends against data poisoning attacks through local data mixup on the clients. In addition, to mitigate the non-IID effect by exploiting the limited local data, we propose a gradient detection strategy to reduce the proportion of malicious clients and raise benign clients. Experimental results on datasets show that FLDA can effectively reduce the poisoning success rate and improve the global model training accuracy under poisoning attacks for non-IID data. Furthermore, FLDA can increase the FL accuracy by more than 12% after detecting malicious clients.

Computer Science

Jingjing Guo,Haiyang Li,Feiran Huang,Zhiquan Liu,Yanguo Peng,Xinghua Li,Jianfeng Ma,Varun G. Menon,Konstantin Kostromitin Igorevich,Varun G Menon,Konstantin Igorevich Kostromitin

DOI: https://doi.org/10.1109/tii.2022.3156645

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, federated learning has received widespread attention, which will promote the implementation of artificial intelligence technology in various fields. Privacy-preserving technologies are applied to users' local models to protect users' privacy. Such operations make the server not see the true model parameters of each user, which opens wider door for a malicious user to upload malicious parameters and make the training result converge to an ineffective model. To solve this problem, in this article, we propose a poisoning attack defense framework for horizontal federated learning systems called ADFL. Specifically, we design a proof generation method for users to generate proofs to verify whether it is malicious or not. An aggregation rule is also proposed to make sure the global model has a high accuracy. Several verification experiments were conducted and the results show that our method can detect malicious user effectively and ensure the global model has a high accuracy.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

K Naveen Kumar,C Krishna Mohan,Aravind Machiry

2024-04-05

Abstract:Federated Learning (FL) is a collaborative learning paradigm enabling participants to collectively train a shared machine learning model while preserving the privacy of their sensitive data. Nevertheless, the inherent decentralized and data-opaque characteristics of FL render its susceptibility to data poisoning attacks. These attacks introduce malformed or malicious inputs during local model training, subsequently influencing the global model and resulting in erroneous predictions. Current FL defense strategies against data poisoning attacks either involve a trade-off between accuracy and robustness or necessitate the presence of a uniformly distributed root dataset at the server. To overcome these limitations, we present FedZZ, which harnesses a zone-based deviating update (ZBDU) mechanism to effectively counter data poisoning attacks in FL. Further, we introduce a precision-guided methodology that actively characterizes these client clusters (zones), which in turn aids in recognizing and discarding malicious updates at the server. Our evaluation of FedZZ across two widely recognized datasets: CIFAR10 and EMNIST, demonstrate its efficacy in mitigating data poisoning attacks, surpassing the performance of prevailing state-of-the-art methodologies in both single and multi-client attack scenarios and varying attack volumes. Notably, FedZZ also functions as a robust client selection strategy, even in highly non-IID and attack-free scenarios. Moreover, in the face of escalating poisoning rates, the model accuracy attained by FedZZ displays superior resilience compared to existing techniques. For instance, when confronted with a 50% presence of malicious clients, FedZZ sustains an accuracy of 67.43%, while the accuracy of the second-best solution, FL-Defender, diminishes to 43.36%.

Cryptography and Security,Artificial Intelligence

Alaa Hamza Omran,Sahar Yousif Mohammed,Mohammad Aljanabi

DOI: https://doi.org/10.52866/ijcsm.2023.04.04.018

2023-11-26

Iraqi Journal for Computer Science and Mathematics

Abstract:This work presents a novel method for securing federated learning in healthcare applications, focusing on skin cancer classification. The suggested solution detects and mitigates data poisoning attacks using deep learning and CNN architecture, specifically VGG16. In a federated learning architecture with ten healthcare institutions, the approach ensures collaborative model training while protecting sensitive medical data. Data is meticulously prepared and preprocessed using the Skin Cancer MNIST: HAM10000 dataset. The federated learning approach uses VGG16's powerful feature extraction to classify skin cancer. A robust strategy for spotting data poisoning threats in federated learning is presented in the study. Outlier detection techniques and strict criteria flag andevaluate problematic model modifications. Performance evaluation proves the model's accuracy, privacy, and datapoisoning resilience. This research presents federated learning-based skin cancer categorization for healthcareapplications that is secure and accurate. The suggested approach improves healthcare diagnostics and emphasizesdata security and privacy in federated learning settings by tackling data poisoning attacks.

Yueqi Xie,Weizhong Zhang,Renjie Pi,Fangzhao Wu,Qifeng Chen,Xing Xie,Sunghun Kim

DOI: https://doi.org/10.48550/arXiv.2211.05554

IF: 5.414

2022-11-10

Machine Learning

Abstract:Non-IID data distribution across clients and poisoning attacks are two main challenges in real-world federated learning (FL) systems. While both of them have attracted great research interest with specific strategies developed, no known solution manages to address them in a unified framework. To universally overcome both challenges, we propose SmartFL, a generic approach that optimizes the server-side aggregation process with a small amount of proxy data collected by the service provider itself via a subspace training technique. Specifically, the aggregation weight of each participating client at each round is optimized using the server-collected proxy data, which is essentially the optimization of the global model in the convex hull spanned by client models. Since at each round, the number of tunable parameters optimized on the server side equals the number of participating clients (thus independent of the model size), we are able to train a global model with massive parameters using only a small amount of proxy data (e.g., around one hundred samples). With optimized aggregation, SmartFL ensures robustness against both heterogeneous and malicious clients, which is desirable in real-world FL where either or both problems may occur. We provide theoretical analyses of the convergence and generalization capacity for SmartFL. Empirically, SmartFL achieves state-of-the-art performance on both FL with non-IID data distribution and FL with malicious clients. The source code will be released.