# Goalie: Defending Against Correlated Value and Sign Encoding Attacks

**Authors:** Rongfei Zhuang, Ximing Fu, Chuanyi Liu, Peiyi Han, Shaoming Duan

PMC · DOI: 10.3390/e27030323 · Entropy · 2025-03-20

## TL;DR

This paper introduces Goalie, a method to detect and stop malicious models that steal data through parameter encoding attacks.

## Contribution

Goalie introduces a novel detection method based on parameter distribution differences caused by regularization terms in malicious models.

## Key findings

- Goalie detects malicious models with an accuracy of more than 0.9.
- Goalie performs efficiently, detecting a model in just 1.1 ms.
- Goalie maintains high performance even in extreme scenarios.

## Abstract

In this paper, we propose a method, namely Goalie, to defend against the correlated value and sign encoding attacks used to steal shared data from data trusts. Existing methods prevent these attacks by perturbing model parameters, gradients, or training data while significantly degrading model performance. To guarantee the performance of the benign models, Goalie detects the malicious models and stops their training. The key insight of detection is that encoding additional information in model parameters through regularization terms changes the parameter distributions. Our theoretical analysis suggests that the regularization terms lead to the differences in parameter distributions between benign and malicious models. According to the analysis, Goalie extracts features from the parameters in the early training epochs of the models and uses these features to detect malicious models. The experimental results show the high effectiveness and efficiency of Goalie. The accuracy of Goalie in detecting the models with one regularization term is more than 0.9, and Goalie has high performance in some extreme situations. Meanwhile, Goalie takes only 1.1 ms to detect a model using the features extracted from the first 30 training epochs.

## Full-text entities

- **Chemicals:** Goalie (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC11941298/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/PMC11941298/full.md

## References

56 references — full list in the complete paper: https://tomesphere.com/paper/PMC11941298/full.md

---
Source: https://tomesphere.com/paper/PMC11941298