FlowGuard: Flow Matching for Identity-Independent Detection of Data-Free Model Stealing Attacks on Energy System Intrusion Detection Systems
Researchers have developed FlowGuard, a novel defense against data-free model stealing attacks targeting AI-based intrusion detection systems in energy infrastructure. This method uses flow matching to identify malicious queries as out-of-distribution before they reach the intrusion detection system. FlowGuard leverages the principle that synthetic queries for model stealing occupy a lower-dimensional manifold than legitimate network traffic, resulting in lower log-likelihoods when processed by a Continuous Normalizing Flow trained on real data. The defense demonstrated stable detection rates across various attack scenarios, including distributed Sybil attacks, without needing identity information. AI
IMPACT Enhances security for AI systems in critical infrastructure by providing a novel defense against model extraction.