$PD^3F$: A Pluggable and Dynamic DoS-Defense Framework Against Resource Consumption Attacks Targeting Large Language Models

TL;DR

This paper introduces PD^3F, a framework that dynamically defends large language models against resource consumption attacks, significantly improving access capacity and resilience during adversarial loads.

Contribution

The paper presents a novel pluggable and dynamic defense framework for LLMs, employing resource indexing, request scheduling, and output suppression to mitigate DoS attacks.

Findings

PD^3F reduces resource consumption during attacks by up to 500%.

The framework improves user access capacity under adversarial conditions.

Experiments demonstrate effective mitigation across six different models.

Abstract

Large Language Models (LLMs), due to substantial computational requirements, are vulnerable to resource consumption attacks, which can severely degrade server performance or even cause crashes, as demonstrated by denial-of-service (DoS) attacks designed for LLMs. However, existing works lack mitigation strategies against such threats, resulting in unresolved security risks for real-world LLM deployments. To this end, we propose the Pluggable and Dynamic DoS-Defense Framework ($PD^3F$), which employs a two-stage approach to defend against resource consumption attacks from both the input and output sides. On the input side, we propose the Resource Index to guide Dynamic Request Polling Scheduling, thereby reducing resource usage induced by malicious attacks under high-concurrency scenarios. On the output side, we introduce the Adaptive End-Based Suppression mechanism, which terminates excessive malicious generation early. Experiments across six models demonstrate that $PD^3F$ significantly mitigates resource consumption attacks, improving users' access capacity by up to 500% during adversarial load. $PD^3F$ represents a step toward the resilient and resource-aware deployment of LLMs against resource consumption attacks.