ExtendAttack: Attacking Servers of LRMs via Extending Reasoning

Large Reasoning Models (LRMs) have demonstrated promising performance in complex tasks. However, the resource-consuming reasoning processes may be exploited by attackers to maliciously occupy the resources of the servers, leading to a crash, like the DDoS attack in cyber. To this end, we propose a novel attack method on LRMs termed ExtendAttack to maliciously occupy the resources of servers by stealthily extending the reasoning processes of LRMs. Concretely, we systematically obfuscate characters within a benign prompt, transforming them into a complex, poly-base ASCII representation. This compels the model to perform a series of computationally intensive decoding sub-tasks that are deeply embedded within the semantic structure of the query itself. Extensive experiments demonstrate the effectiveness of our proposed ExtendAttack. Remarkably, it increases the length of the model's response by over 2.5 times for the o3 model on the HumanEval benchmark. Besides, it preserves the original meaning of the query and achieves comparable answer accuracy, showing the stealthiness.

@article{zhu2025_2506.13737,
  title={ ExtendAttack: Attacking Servers of LRMs via Extending Reasoning },
  author={ Zhenhao Zhu and Yue Liu and Yingwei Ma and Hongcheng Gao and Nuo Chen and Yanpei Guo and Wenjie Qu and Huiying Xu and Xinzhong Zhu and Jiaheng Zhang },
  journal={arXiv preprint arXiv:2506.13737},
  year={ 2025 }
}