Title: FlowGuard: Leveraging Flow Matching for Identity-Agnostic Detection of Data-Free Model Stealing Attacks on Energy System Intrusion Detection Systems

Abstract:

Intrusion Detection Systems (IDS) powered by Artificial Intelligence (AI) within energy infrastructure are increasingly susceptible to model theft. Such attacks enable adversaries to generate evasive network traffic offline. Existing mitigation strategies face significant limitations: identity-bound query monitoring fails to detect distributed Sybil attackers, while prediction poisoning via soft-label perturbation cannot be implemented in hard-label IDS environments. To address these gaps, we introduce FlowGuard, a defense mechanism that operates independently of user identity and utilizes flow matching to identify out-of-distribution (OOD) queries before they are processed by the IDS.

The core principle of FlowGuard relies on the observation that synthetic queries created for data-free model stealing attacks reside on a lower-dimensional manifold compared to authentic network traffic. Consequently, when evaluated using a Continuous Normalizing Flow trained on legitimate data, these synthetic queries exhibit significantly lower log-likelihoods. We benchmarked our approach against PRADA and FDINet, employing MAZE and DisGUIDE attacks across both single-client and distributed scenarios involving 100-client Sybil setups. The results demonstrated that while PRADA’s detection capability fell to 0% under distribution shifts, FlowGuard sustained consistent detection rates in both environments without requiring identity-specific data. Finally, we examine the limitations of this method and suggest its potential utility in countering data-dependent attacks.

Source: arXiv Generated at: 2026-06-03 00:00:00 UTC