This rule identifies potential memory exhaustion attacks and related resource abuse behaviors on the Ollama platform. It monitors abnormal memory allocation patterns and the frequency of model runner operations, which may indicate malicious activities aimed at overwhelming system resources such as CPU and GPU. Attackers may exploit these resources by loading multiple large models, triggering excessive model initialization, or manipulating memory allocation processes. Such actions can lead to denial of service (DoS) conditions or hinder the performance for legitimate users. The detection leverages specific indicators in the Ollama server logs, utilizing extraction methods and statistical analysis to determine when anomalies exceed defined thresholds, thereby signaling a risk of resource exhaustion or memory abuse.