Potential Abuse of Resources by High Token Count and Large Response Sizes
Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions.
Elastic rule (View on GitHub)
1[metadata]
2creation_date = "2024/05/04"
3maturity = "production"
4updated_date = "2024/10/09"
5min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
6min_stack_version = "8.13.0"
7
8[rule]
9author = ["Elastic"]
10description = """
11Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive
12large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or
13causing service disruptions.
14"""
15false_positives = ["Authorized heavy usage of the system that is business justified and monitored."]
16from = "now-60m"
17interval = "10m"
18language = "esql"
19license = "Elastic License v2"
20name = "Potential Abuse of Resources by High Token Count and Large Response Sizes"
21references = [
22 "https://atlas.mitre.org/techniques/AML.T0051",
23 "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
24 "https://www.elastic.co/security-labs/elastic-advances-llm-security",
25]
26risk_score = 47
27rule_id = "b1773d05-f349-45fb-9850-287b8f92f02d"
28setup = """## Setup
29
30This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
31
32https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
33"""
34severity = "medium"
35tags = [
36 "Domain: LLM",
37 "Data Source: AWS Bedrock",
38 "Data Source: Amazon Web Services",
39 "Data Source: AWS S3",
40 "Use Case: Potential Overload",
41 "Use Case: Resource Exhaustion",
42 "Mitre Atlas: LLM04"
43]
44timestamp_override = "event.ingested"
45type = "esql"
46
47query = '''
48from logs-aws_bedrock.invocation-*
49| keep user.id, gen_ai.usage.prompt_tokens, gen_ai.usage.completion_tokens
50| stats max_tokens = max(gen_ai.usage.prompt_tokens),
51 total_requests = count(*),
52 avg_response_size = avg(gen_ai.usage.completion_tokens)
53 by user.id
54// tokens count depends on specific LLM, as is related to how embeddings are generated.
55| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500
56| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500)
57| where risk_factor > 10
58| sort risk_factor desc
59'''
References
Related rules
- AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User
- AWS Bedrock Detected Multiple Validation Exception Errors by a Single User
- AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request
- AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session
- Unusual High Confidence Misconduct Blocks Detected