S0121Significant

模型推論成本放大攻擊

Operation & Monitoring

Risk Description

Attackers craft inputs using specific token combinations or context lengths to trigger worst-case inference paths, dramatically increasing per-inference computational cost. Unlike traditional DDoS relying on request volume, cost amplification attacks cause enormous resource consumption with few requests. For pay-per-use AI services, this can result in sudden massive bills.

Framework Mappings

iso 23894R2
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 推論成本上限
  • 異常計費警報

Implementation Steps English translation pending

  1. 設定每次推論的計算時間和 token 數量上限
  2. 部署異常計費警報系統,偵測突發性的成本增加
  3. 實施每使用者/每 API key 的成本配額限制
  4. 對異常高成本的請求模式進行自動分析和封鎖