Denial of wallet attack

Definition

[IT.T.8] A Denial of Wallet (DoW) attack is a type of attack where an adversary exploits the cost-per-use model of cloud-based AI services by generating an excessive number of operations or resource-intensive tasks. This leads to unsustainable financial burdens on the service provider, potentially causing financial strain or even financial ruin.

Targeted assets

System Asset: ML system input/API.

Business Asset: input data.

Security Criteria: availability.

Attack details

Exploited vulnerabilities

Vulnerabilities:

1. High cost of model services' operation.

Threat agent

Threat agent: black-box scenario. In a black-box scenario, the attacker has no knowledge of the target model's architecture, parameters, or training data. The attacker is assumed to be only able to interact with the model by sending it inputs and observing the outputs.

Attack methods

Attack methods:

1. Inversion of embeddings, leading to recovery of source information. Utilize gradient-based (white-box) or learning-based (black-box) methods to invert the target embeddings. The produced mappings will partially reveal the original input to the model.

Impact and harm

Impact and harm: Negates the confidentiality of previously provided input to the machine learning system, by extension model's confidentiality is compromised in addition. This may lead to legal repercussions.

Security countermeasures

Security requirements

Security requirement: The machine learning system's actions and decisions must be resistant to embedding inversion attacks.

Security controls

Security controls:

1. Implement permission and access control to the embedding store.
2. Monitor and log the data retrieval activities.
3. Audit and validate integrity of the data stores.
4. Operate with data retrieved only from the trusted sources.
5. Monitor an devaluate the influence of RAG on the model's performance.