A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures

TL;DR

This paper provides a comprehensive review of Denial of Wallet attacks in serverless architectures, covering their evolution, attack types, detection methods, mitigation strategies, and simulation tools, highlighting current challenges and future research directions.

Contribution

First detailed literature review on Denial of Wallet attacks, analyzing their techniques, impacts, detection, mitigation, and simulation tools in serverless computing.

Findings

Categorization of attack types like Blast DDoW and Background Chained DDoW

Development of simulation tools such as DoWTS for safe experimentation

Emergence of machine learning approaches like Gringotts and DoWNet for detection

Abstract

The Denial of Wallet (DoW) attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service (FaaS) models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service (DoS) attacks, which aim to exhaust resources and disrupt service availability, DoW attacks focus on escalating costs without impacting service operation. This review traces the evolution of DoW research, from initial awareness and attack classification to advancements in detection and mitigation strategies. Key developments include the categorisation of attack types-such as Blast DDoW, Continual Inconspicuous DDoW, and Background Chained DDoW-and the creation of simulation tools like DoWTS, which enable safe experimentation and data generation. Recent advancements highlight machine learning approaches, including systems like Gringotts and DoWNet, which leverage deep learning and anomaly detection to identify malicious traffic patterns. Although substantial progress has been made, challenges persist, notably the lack of real-world data and the need for adaptive billing models. This is the first comprehensive literature review dedicated strictly to Denial of Wallet attacks, providing an in-depth analysis of their financial impacts, attack techniques, mitigation strategies, and detection mechanisms within serverless computing. The paper also presents the first detailed examination of simulation and data generation tools used for DoW research, addressing a critical gap in existing cybersecurity literature. By synthesising these key areas, this study serves as a foundational resource for future research and industry efforts in securing pay-as-you-go cloud environments.