This paper addresses the joint challenge of personalization and robustness in federated learning under heterogeneous data: specifically, how to robustly estimate personalized client means when a constant fraction of clients’ data is adversarially corrupted, under a Gaussian mixture model assumption. We unify personalized mean estimation with adversarial client robustness for the first time, proposing a federated algorithm based on local-global mean decoupling, truncated-mean aggregation, and malicious client identification. Theoretically, we prove that the estimation error is (O(alpha)), matching the information-theoretic lower bound up to a constant factor. Empirically, our method significantly outperforms non-robust or non-personalized baselines. It achieves the optimal trade-off between personalization and robustness—enabling accurate, client-specific model adaptation while tolerating adversarial corruption.

Federated learning with heterogeneous data and personalization has received significant recent attention. Separately, robustness to corrupted data in the context of federated learning has also been studied. In this paper we explore combining personalization for heterogeneous data with robustness, where a constant fraction of the clients are corrupted. Motivated by this broad problem, we formulate a simple instantiation which captures some of its difficulty. We focus on the specific problem of personalized mean estimation where the data is drawn from a Gaussian mixture model. We give an algorithm whose error depends almost linearly on the ratio of corrupted to uncorrupted samples, and show a lower bound with the same behavior, albeit with a gap of a constant factor.