Federated learning, a promising distributed machine learning paradigm, has been used in various Internet of Things (IoT) environments to solve isolated data island issues and protect data privacy. However, since the central server in federated learning cannot detect the local training process of the client, it is vulnerable to adversarial attacks against its security and privacy by malicious clients during the training process. To address this problem, this work proposes a federated learning system model based on dual-reputation reverse auction in IoT. Specifically, due to resource constraints, not all clients participate in the federated learning process, so we propose the reputation-bid ratio based greedy half-splitting algorithm to select some clients to participate in the federated learning, which can guarantee that each client has the chance to be selected while selecting as many honest and high-quality clients as possible. Then, we propose an adaptive dropout aggregation method based on a training quality score, which can effectively defend against malicious workers’ attacks. After the completion of federated learning, we put forward a subjective evaluation incentive mechanism based on a second reputation to realize the fair incentive. Furthermore, we store and manage reputations through blockchain in our model to ensure their availability. Theoretical analysis deduces the complexity and security of our proposed model. Finally, simulation results indicate that our proposed model can achieve the highest accuracy across all test datasets compared to the baseline. Particularly, on the CIFAR10 dataset, the accuracy of our proposed model surpasses the baseline by 5% to 30%. In responding to sudden attacks initiated by normally participating workers, our model exhibits the fastest reaction time, with accuracy surpassing the baseline by 8% to 40%.