ExtendAttack: Attacking Servers of LRMs via Extending Reasoning

TL;DR

ExtendAttack is a novel method that maliciously extends reasoning processes in large reasoning models by obfuscating prompts, significantly increasing resource consumption while maintaining answer accuracy, thus posing a new security threat.

Contribution

The paper introduces ExtendAttack, a stealthy attack technique that exploits reasoning processes in LRMs by prompt obfuscation to cause resource exhaustion without degrading answer quality.

Findings

Response length increased by over 2.7 times.

Significant increase in latency during reasoning.

Maintains original query meaning and answer accuracy.

Abstract

Large Reasoning Models (LRMs) have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a novel attack method on LRMs termed ExtendAttack to maliciously occupy the resources of servers by stealthily extending the reasoning processes of LRMs. Concretely, we systematically obfuscate characters within a benign prompt, transforming them into a complex, poly-base ASCII representation. This compels the model to perform a series of computationally intensive decoding sub-tasks that are deeply embedded within the semantic structure of the query itself. Extensive experiments demonstrate the effectiveness of our proposed ExtendAttack. Remarkably, it significantly increases response length and latency, with the former increasing by over 2.7 times for the o3 model on the HumanEval benchmark. Besides, it preserves the original meaning of the query and achieves comparable answer accuracy, showing the stealthiness.