Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Aegis-Logic-Systems/aegis-prompt-guard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PromptShield Logo

PromptShield

Proof of Concept: Multi-Layer Prompt Injection Detection for .NET

POC Status .NET 8+ MIT License OWASP LLM Top 10


⚠️ Disclaimer: This is a Proof of Concept (POC) project demonstrating multi-layer prompt injection detection architecture for .NET applications. It is intended for educational and research purposes and is not production-ready.


About

PromptShield demonstrates how to build a defense-in-depth prompt injection detection system for LLM-integrated .NET applications. This POC showcases:

  • 🏗️ Multi-layer detection architecture — Pattern Matching → Heuristics → ML Classification → Semantic Analysis
  • 🔌 Semantic Kernel integration — Seamless IPromptRenderFilter implementation
  • 🌐 ASP.NET Core middleware — Request-level prompt protection
  • 📊 OpenTelemetry observability — Metrics, traces, and structured logging
  • 🧩 Extensibility model — Custom patterns, heuristics, and event handlers

All threat categories are aligned with OWASP LLM Top 10 (2025).


Quick Example

// Semantic Kernel integration — one line to enable protection
var kernel = Kernel.CreateBuilder()
    .AddAzureOpenAIChatCompletion("gpt-4", endpoint, apiKey)
    .AddPromptShield()
    .Build();

try
{
    var result = await kernel.InvokePromptAsync(userPrompt);
}
catch (PromptInjectionDetectedException ex)
{
    Console.WriteLine($"Blocked: {ex.Result.ThreatInfo?.ThreatType}");
}

Project Structure

PromptShield/
├── src/
│   ├── PromptShield.Abstractions/    # Interfaces, models, contracts
│   ├── PromptShield.Core/            # Detection engine implementation
│   ├── PromptShield.SemanticKernel/  # Semantic Kernel integration
│   └── PromptShield.AspNetCore/      # ASP.NET Core middleware
├── tests/
│   ├── PromptShield.Core.Tests/
│   ├── PromptShield.SemanticKernel.Tests/
│   └── PromptShield.Benchmarks/
├── docs/                              # Documentation
└── specs/                             # Design specifications

Detection Pipeline

The detection pipeline demonstrates a cascading architecture with early exit optimization:

Layer Description Typical Latency
Language Filter Gate: blocks unsupported languages < 1ms
Pattern Matching Regex-based known attack detection < 0.5ms
Heuristic Analysis Behavioral signals and anomalies < 0.5ms
ML Classification ONNX-based neural classifier < 5ms
Input → Language Filter → Pattern Layer → Heuristic Layer → [ML Layer] → Result
              │                 │               │
         Unsupported?      Early Exit      Early Exit
              │            (≥0.9 conf)    (≥0.85/≤0.15)
              ▼
           BLOCK

Language Support

⚠️ Important: All detection layers require language-specific patterns and vocabulary. By default, only English is supported.

The Language Filter acts as a gate:

  • Supported language → proceed to detection layers
  • Unsupported language → block (configurable)
services.AddPromptShield(options =>
{
    options.Language.Enabled = true;
    options.Language.SupportedLanguages = ["en"];  // Only English by default
    options.Language.OnUnsupportedLanguage = UnsupportedLanguageBehavior.Block;
});

To add support for other languages:

  1. Add the language code to SupportedLanguages
  2. Implement IPatternProvider with patterns for that language
  3. Optionally implement IHeuristicAnalyzer for language-specific heuristics
// Example: Adding Ukrainian support
options.Language.SupportedLanguages = ["en", "uk"];
services.AddPatternProvider<UkrainianPatternProvider>();

Documentation

Document Description
📘 Getting Started Setup guide and first steps
🏗️ Architecture System design and layer details
⚙️ Configuration All configuration options
📚 API Reference Full API documentation

Key Concepts Demonstrated

1. Multi-Layer Defense-in-Depth

Each detection layer has complementary strengths:

Layer Strength Weakness
Pattern Matching Fast, precise, explainable Easily bypassed with variations
Heuristics Catches behavioral anomalies May miss novel attacks
ML Classification Generalizes to variations Requires training data
Semantic Analysis Deep understanding Expensive, recursive risk

2. Fail-Closed Security

// Default: treat analysis failures as threats
options.OnAnalysisError = FailureBehavior.FailClosed;

3. Language Filter (Gate)

services.AddPromptShield(options =>
{
    options.Language.Enabled = true;
    options.Language.SupportedLanguages = ["en"];  // Block non-English
    options.Language.OnUnsupportedLanguage = UnsupportedLanguageBehavior.Block;
});

4. False Positive Reduction

All layers support sensitivity tuning and allowlists:

services.AddPromptShield(options =>
{
    // Global sensitivity: Low, Medium, High, Paranoid
    options.Heuristics.Sensitivity = SensitivityLevel.Medium;
    options.MLClassification.Sensitivity = SensitivityLevel.Low;
    options.PatternMatching.Sensitivity = SensitivityLevel.Medium;
    
    // Allowlist patterns (regex) - matched prompts bypass detection
    options.Heuristics.AllowedPatterns = new() { @"(?i)safe\s+context" };
    options.MLClassification.AllowedPatterns = new() { @"(?i)internal\s+test" };
    options.PatternMatching.AllowedPatterns = new() { @"(?i)demo\s+mode" };
    
    // Disable specific built-in patterns causing false positives
    options.PatternMatching.DisabledPatternIds = new()
    {
        BuiltInPatternIds.Base64EncodingDetection  // Example: disable base64 check
    };
    
    // Disable specific ML features
    options.MLClassification.DisabledFeatures = new() { "IgnorePattern" };
    
    // Custom feature weights for ML
    options.MLClassification.FeatureWeights = new()
    {
        ["InjectionKeywords"] = 0.6,  // Reduce weight
        ["PersonaSwitchPattern"] = 0.8
    };
});

5. Extensibility Points

services.AddPromptShield()
    .AddPatternProvider<GermanPatternProvider>()      // Add patterns for German
    .AddHeuristicAnalyzer<GermanHeuristicAnalyzer>()  // Add German heuristics
    .AddLanguageDetector<AzureLanguageDetector>()     // Use Azure for detection
    .AddEventHandler<SecurityAuditHandler>();

6. Custom Semantic Analysis Prompts

services.AddPromptShield(options =>
{
    options.SemanticAnalysis.Enabled = true;
    options.SemanticAnalysis.Endpoint = "https://your-openai.azure.com";
    
    // Custom system prompt for domain-specific detection
    options.SemanticAnalysis.CustomSystemPrompt = """
        You are a security analyst for a banking application...
        """;
    
    // Or just add context to the default prompt
    options.SemanticAnalysis.AdditionalContext = 
        "In this application, 'transfer funds' is a normal operation.";
});

7. Observable Architecture

builder.Services.AddOpenTelemetry()
    .WithMetrics(m => m.AddMeter("PromptShield"))
    .WithTracing(t => t.AddSource("PromptShield"));

Running the Project

Prerequisites

  • .NET 8.0 SDK or later
  • (Optional) Azure OpenAI for semantic analysis layer

Build

dotnet restore
dotnet build

Run Tests

dotnet test

Run Benchmarks

cd tests/PromptShield.Benchmarks
dotnet run -c Release

Limitations & Known Issues

As a POC, this project has the following limitations:

Language Support

  • ⚠️ English-only rule-based detection — Pattern matching, heuristics, and ML vocabulary are designed for English
  • Language Filter mitigation — Non-English prompts can be routed to Semantic Analysis (LLM-based)
  • 🔧 Extensibility — Implement IPatternProvider to add patterns for other languages

Contributing

This is an educational POC project. Contributions, suggestions, and discussions are welcome!

  1. Fork the repository
  2. Create a feature branch
  3. Submit a Pull Request

See CONTRIBUTING.md for details.


Security

For security-related questions about this POC, see SECURITY.md.


License

This project is licensed under the MIT License — see LICENSE for details.


References


Built as a learning exercise for secure LLM integration patterns

About

PromptShield: Multi-Layer Prompt Injection Detection for .NET

Topics

Resources

License

Contributing

Security policy

Stars

3 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages