arXiv: FlowGuard: Flow Matching for Identity-Independent Detection of Data-Free Model Stealing Attacks on Energy System Intrusion Detection Systems

This publication introduces FlowGuard, a novel detection method for model stealing attacks targeting intrusion detection systems (IDS) used in energy infrastructure. The paper presents a flow-matching technique that can identify when an attacker is attempting to clone or replicate an IDS model without needing to know the original model's architecture or training data. This is significant because model stealing attacks can undermine the security of critical energy systems by allowing adversaries to bypass detection or craft targeted evasion strategies.

The primary affected sectors are energy utilities, grid operators, and any organization deploying AI-based intrusion detection for operational technology (OT) or industrial control systems (ICS). Compliance teams in these sectors should review their current model security and monitoring practices, particularly for IDS models that are exposed to external queries or deployed in cloud or edge environments. The research highlights a gap in existing security controls that may not adequately address data-free model extraction.

Compliance teams should take three immediate actions: first, assess whether their organization's IDS models are vulnerable to query-based extraction attacks; second, evaluate if current monitoring tools can detect anomalous query patterns indicative of model stealing; and third, consider incorporating detection methods like FlowGuard into their security architecture as part of broader AI risk management under frameworks such as the EU AI Act. Proactive testing and validation of model defenses against extraction should be prioritized in upcoming security audits.