Serverless computing is the latest paradigm in cloud computing, offering a framework for the development of event driven, pay-as-you-go functions in a highly scalable environment. While these traits offer a powerful new development paradigm, they have also given rise to a new form of cyber-attack known as Denial of Wallet (forced financial exhaustion). In this work, we define and identify the threat of Denial of Wallet and its potential attack patterns. Also, we demonstrate how this new form of attack can potentially circumvent existing mitigation systems developed for a similar style of attack, Denial of Service. Our goal is twofold. Firstly, we will provide a concise and informative overview of this emerging attack paradigm. Secondly, we propose this paper as a starting point to enable researchers and service providers to create effective mitigation strategies. We include some simulated experiments to highlight the potential financial damage that such attacks can cause and the creation of an isolated test bed for continued safe research on these attacks.

无服务器计算是云计算的最新范式，为在高度可扩展的环境中开发事件驱动、即用即付功能提供了一个框架。虽然这些特征提供了强大的新开发范式，但它们也引发了一种新形式的网络攻击，称为拒绝钱包（强制财务耗竭）。在这项工作中，我们定义并识别了拒绝钱包的威胁及其潜在的攻击模式。此外，我们还演示了这种新形式的攻击如何潜在地绕过为类似攻击类型（拒绝服务）开发的现有缓解系统。我们的目标是双重的。首先，我们将对这种新兴的攻击范式进行简明而翔实的概述。第二，我们建议将本文作为起点，使研究人员和服务提供商能够制定有效的缓解策略。我们包括一些模拟实验，以强调此类攻击可能造成的潜在财务损失，并创建了一个隔离的测试平台，以便对这些攻击进行持续的安全研究。