From 0803639b3682f1173bca953aeab4cd314bd6ac93 Mon Sep 17 00:00:00 2001 From: shiva108 Date: Tue, 20 Jan 2026 10:13:13 +0100 Subject: [PATCH] docs: embed several new images into Chapter 34 for improved clarity. --- docs/Chapter_34_Defense_Evasion_Techniques.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/Chapter_34_Defense_Evasion_Techniques.md b/docs/Chapter_34_Defense_Evasion_Techniques.md index fb17bff..c5d9986 100644 --- a/docs/Chapter_34_Defense_Evasion_Techniques.md +++ b/docs/Chapter_34_Defense_Evasion_Techniques.md @@ -61,6 +61,10 @@ We will cover the taxonomy of evasion attacks, detailed methodologies for obfusc ## 34.2 Core Evasion Methodologies: Obfuscation & Encoding +

+ Evasion Spectrum +

+ Obfuscation and encoding are the primary methods used to bypass static, keyword-based security filters. These techniques aim to mask malicious instructions by altering their typographic, linguistic, or encoded representation without changing the semantic meaning for the LLM. ### How Obfuscation Works @@ -261,6 +265,10 @@ This implementation succeeds because: The most potent evasion techniques turn the LLM's greatest strength—its stateful, contextual memory—into its most exploitable vulnerability. +

+ Payload Splitting Flow +

+ ### 34.3.1 Payload Splitting (Multi-Turn Attacks) Payload splitting involves breaking a malicious instruction into several benign-looking fragments submitted sequentially. @@ -300,6 +308,10 @@ Instead of splitting across turns, attackers split across _variables_ in a singl The filter sees benign variable assignments. The LLM executes the concatenated intent. +

+ GCG Optimization +

+ --- ## 34.4 Detection and Mitigation @@ -358,6 +370,10 @@ Layer 3: [Analysis] → [Semantic Analysis on Sanitized Input] Layer 4: [Egress] → [Streaming Output Audit] ``` +

+ Defense Layers Architecture +

+ #### Defense Strategy 1: Streaming Output Audit - **What:** Analyzing the generated response in real-time.