Techniques
Sample rules
Potential Denial of Azure OpenAI ML Service
- source: elastic
- technicques:
Description
Detects patterns indicative of Denial-of-Service (DoS) attacks on machine learning (ML) models, focusing on unusually high volume and frequency of requests or patterns of requests that are known to cause performance degradation or service disruption, such as large input sizes or rapid API calls.
Detection logic
from logs-azure_openai.logs-*
// truncate the timestamp to a 1-minute window
| eval target_time_window = DATE_TRUNC(1 minutes, @timestamp)
| where azure.open_ai.operation_name == "ChatCompletions_Create"
| keep azure.open_ai.properties.request_length, azure.resource.name, cloud.account.id,target_time_window
| stats count = count(), avg_request_size = avg(azure.open_ai.properties.request_length) by target_time_window, azure.resource.name
| where count >= 10 and avg_request_size >= 5000
| sort count desc