Crabs: Consuming Resource via Auto-generation for LLM-DoS Attack under Black-box Settings

TL;DR

This paper introduces AutoDoS, an automated black-box attack method that exploits LLMs to cause resource exhaustion, significantly increasing response latency and resource consumption, revealing new security vulnerabilities.

Contribution

The paper presents AutoDoS, a novel automated algorithm for black-box LLM-DoS attacks that constructs attack trees and uses transferability-driven optimization to bypass defenses.

Findings

AutoDoS increases response latency by over 250 times.

AutoDoS effectively consumes GPU and memory resources.

Embedding Length Trojan enhances attack effectiveness.

Abstract

Large Language Models (LLMs) have demonstrated remarkable performance across diverse tasks yet still are vulnerable to external threats, particularly LLM Denial-of-Service (LLM-DoS) attacks. Specifically, LLM-DoS attacks aim to exhaust computational resources and block services. However, existing studies predominantly focus on white-box attacks, leaving black-box scenarios underexplored. In this paper, we introduce Auto-Generation for LLM-DoS (AutoDoS) attack, an automated algorithm designed for black-box LLMs. AutoDoS constructs the DoS Attack Tree and expands the node coverage to achieve effectiveness under black-box conditions. By transferability-driven iterative optimization, AutoDoS could work across different models in one prompt. Furthermore, we reveal that embedding the Length Trojan allows AutoDoS to bypass existing defenses more effectively. Experimental results show that AutoDoS significantly amplifies service response latency by over 250$\times\uparrow$, leading to severe resource consumption in terms of GPU utilization and memory usage. Our work provides a new perspective on LLM-DoS attacks and security defenses. Our code is available at https://github.com/shuita2333/AutoDoS.