Breaking the Loop: Detecting and Mitigating Denial-of-Service Vulnerabilities in Large Language Models
Junzhe Yu, Yi Liu, Huijia Sun, Ling Shi, Yuqi Chen
TL;DR
This work investigates a latency-prone phenomenon in large language models called recurrent generation, where outputs become highly repetitive and consume maximum tokens. It introduces RecurrentGenerator, a black-box evolutionary algorithm that efficiently triggers recurrent generation across multiple LLMs, and RecurrentDetector, a lightweight real-time detector based on activation-state similarity to halt or throttle such output. The study reports 2,388 test inputs triggering recurrence across eight top LLMs, high detection performance with an average F1 of 0.87 and accuracy of 0.9524, and a rapid inference time of about 0.36 ms for detection. Collectively, the methods offer practical tools to diagnose, mitigate latency-related DoS vulnerabilities in LLM-based systems and are accompanied by open-source artifacts to support further research.
Abstract
Large Language Models (LLMs) have significantly advanced text understanding and generation, becoming integral to applications across education, software development, healthcare, entertainment, and legal services. Despite considerable progress in improving model reliability, latency remains under-explored, particularly through recurrent generation, where models repeatedly produce similar or identical outputs, causing increased latency and potential Denial-of-Service (DoS) vulnerabilities. We propose RecurrentGenerator, a black-box evolutionary algorithm that efficiently identifies recurrent generation scenarios in prominent LLMs like LLama-3 and GPT-4o. Additionally, we introduce RecurrentDetector, a lightweight real-time classifier trained on activation patterns, achieving 95.24% accuracy and an F1 score of 0.87 in detecting recurrent loops. Our methods provide practical solutions to mitigate latency-related vulnerabilities, and we publicly share our tools and data to support further research.