If you are talking about someone spoofing a mac that you have entered into ISE, so it is authenticated alone on the mac address, then no. ISE will only get the mac address from the switch, and there is no way to detect that something is "fake" in authentication, because it actually isn't. Profiling and Posture assesment can be used to enforce other policies, and react if those are not fulfilled, but if you are using MAB that is normally not an option. I always suggest using a DACL when using MAB, to restrict the access that the user gets, if they are authenticated with MAB.