VidDoS: Universal Denial-of-Service Attack on Video-based Large Language Models
This addresses a critical safety problem for Video-LLMs deployed in applications like autonomous driving, where induced latency can lead to safety violations, though it is an incremental advance over existing image-centric attack methods.
The paper tackles the vulnerability of Video-LLMs to Energy-Latency Attacks (ELAs) that exhaust computational resources, introducing VidDoS as the first universal ELA framework that achieves extreme degradation with over 205× token expansion and 15× inference latency increase compared to clean baselines.
Video-LLMs are increasingly deployed in safety-critical applications but are vulnerable to Energy-Latency Attacks (ELAs) that exhaust computational resources. Current image-centric methods fail because temporal aggregation mechanisms dilute individual frame perturbations. Additionally, real-time demands make instance-wise optimization impractical for continuous video streams. We introduce VidDoS, which is the first universal ELA framework tailored for Video-LLMs. Our method leverages universal optimization to create instance-agnostic triggers that require no inference-time gradient calculation. We achieve this through $\textit{masked teacher forcing}$ to steer models toward expensive target sequences, combined with a $\textit{refusal penalty}$ and $\textit{early-termination suppression}$ to override conciseness priors. Testing across three mainstream Video-LLMs and three video datasets, which include video question answering and autonomous driving scenarios, shows extreme degradation. VidDoS induces a token expansion of more than 205$\times$ and inflates the inference latency by more than 15$\times$ relative to clean baselines. Simulations of real-time autonomous driving streams further reveal that this induced latency leads to critical safety violations. We urge the community to recognize and mitigate these high-hazard ELA in Video-LLMs.