← cd ../projects

file_01 · THREAT-DETECT

CyberVajra

● NATIONAL WINNER · CIPHERCOP 2025

AI-powered detection of fraudulent URLs and malicious APKs.

problem

Phishing URLs and trojanized Android APKs are the two dominant delivery vectors for cyber fraud in India. Signature-based blocklists lag hours-to-days behind new campaigns — by the time a URL or APK is blocklisted, victims already exist. Law enforcement needed a system that classifies never-seen-before threats, not just known ones.

architecture

Dual detection pipeline
URL / APK intake 01 Static & lexical an… 02 Feature engineering 03 ML classification 04 Risk verdict 05

approach

  • 01 Built a dual-engine detection platform: one pipeline analyzes URLs through lexical, structural, and domain-level features; the other performs static analysis on APKs — permissions, manifest configuration, and package characteristics.
  • 02 Engineered the full ML lifecycle end-to-end: data collection, preprocessing, feature engineering, model training, evaluation, and final threat classification with risk verdicts.
  • 03 Tuned for the asymmetric cost of errors in fraud detection — a missed malicious sample is far more expensive than a false positive on a benign one.

stack

Python ML models Feature engineering Static APK analysis URL analysis

impact

  • Won first place at CipherCop 2025, a national cybersecurity hackathon organized by BPR&D, ISB, and TGCSB — judged by national law-enforcement and security bodies.
  • Demonstrated real-time classification of previously unseen threats, where blocklists structurally fail.

key learnings

  • Feature engineering on adversarial data is different: attackers actively optimize against your features, so robustness matters more than raw accuracy.
  • Evaluation design — class imbalance, cost-sensitive metrics — decides whether a security model is usable, not just its headline score.
next file Nullify →