Denial-of-Wallet (DoW) attacks exploit the pay-per-use pricing model of Function-as-a-Service (FaaS) to induce exorbitant cloud bills at minimal cost, posing a novel financial threat to serverless architectures. This work presents the first systematic taxonomy of DoW attack variants—including Blast DDoW and Continual Inconspicuous DDoW—establishing a unified analytical framework. We propose a synergistic evaluation methodology integrating Gringotts, DoWNet, and DoWTS to comprehensively survey simulation tools and synthetic traffic generation techniques. Furthermore, we design a hybrid detection model combining machine learning and deep learning to achieve high-accuracy identification of anomalous invocation patterns. Our study bridges a critical gap in holistic DoW analysis, providing both theoretical foundations and practical tooling for security modeling, real-world detection deployment, and reproducible experimentation in pay-per-use cloud environments.

The Denial of Wallet (DoW) attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service (FaaS) models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service (DoS) attacks, which aim to exhaust resources and disrupt service availability, DoW attacks focus on escalating costs without impacting service operation. This review traces the evolution of DoW research, from initial awareness and attack classification to advancements in detection and mitigation strategies. Key developments include the categorisation of attack types-such as Blast DDoW, Continual Inconspicuous DDoW, and Background Chained DDoW-and the creation of simulation tools like DoWTS, which enable safe experimentation and data generation. Recent advancements highlight machine learning approaches, including systems like Gringotts and DoWNet, which leverage deep learning and anomaly detection to identify malicious traffic patterns. Although substantial progress has been made, challenges persist, notably the lack of real-world data and the need for adaptive billing models. This is the first comprehensive literature review dedicated strictly to Denial of Wallet attacks, providing an in-depth analysis of their financial impacts, attack techniques, mitigation strategies, and detection mechanisms within serverless computing. The paper also presents the first detailed examination of simulation and data generation tools used for DoW research, addressing a critical gap in existing cybersecurity literature. By synthesising these key areas, this study serves as a foundational resource for future research and industry efforts in securing pay-as-you-go cloud environments.