On the Feasibility of Detecting Model Poisoning Attacks in Real-time ML-based ICS

Open Webpage

Van T. Phan, Ruimin Sun, Mohammed A. Duniawi, Ruixue Lian, Harshin K. Asok, Arturo S. Leon

Published: 2024, Last Modified: 10 Nov 2025RICSS@CCS 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Machine learning (ML) has seen a growing trend in deployment in Industrial control systems (ICS). Despite the benefits from reduced human effort, ML also brings new challenges in safety assurance. There is a critical need for efficient and reliable methods to ensure user privacy and data integrity. Federated learning (FL) has emerged as a promising solution, allowing multiple clients to collaboratively train a global model without sharing their local data. However, FL systems are vulnerable to model poisoning attacks, which can have significant security impacts. FLDetector has been proposed as a defense mechanism against such attacks, focusing on detecting and removing malicious clients based on the consistency of their model updates. This study evaluates the feasibility of using FLDetector in ICS settings. With a customized navigation system that calculates heat hazards with FL, we evaluate the attack success rate and power consumption of FLDetector. We explore the feasibility of deploying FLDetector in existing engineering stations (ES.