Federated learning is proposed to solve data islands and protect privacy. Especially in the big data environment, participating users can build a model together without sharing private sensitive data. However, as the number of end devices becomes larger, and the model becomes more complex, high concurrent access to the cloud server often brings communication delay, and it is also a great challenge to the computing power of end devices. To address this problem, we introduce Unmanned Aerial Vehicle (UAV) swarms as mobile edge nodes for end devices. UAV swarms can provide caching and computing resources for end devices. Therefore, we can implement edge aggregation of parameters on UAV swarms to reduce direct access to the cloud server. Meanwhile, the distributed end-edge-cloud federated learning architecture based on UAV swarms is an open environment, which may have potential malicious end devices or external channel eavesdropping. Malicious end devices or external eavesdroppers may maliciously poison training data sets or model parameters to reduce the classification accuracy of the model. In order to resist malicious poisoning, on UAV swarms we can calculate the cosine similarities between local parameters and their edge aggregation parameters to exclude malicious parameters, which do not conform to the trend of collaborative convergence. Then, the reliable parameters can be aggregated again, and uploaded to the cloud server with Schnorr signature to ensure the authenticity of the data. We analyze the security of the proposed scheme, and verify through experiments that it can resist malicious poisoning effectively and improve the accuracy of the model.