file_01 · THREAT-DETECT
CyberVajra
● NATIONAL WINNER · CIPHERCOP 2025
AI-powered detection of fraudulent URLs and malicious APKs.
problem
Phishing URLs and trojanized Android APKs are the two dominant delivery vectors for cyber fraud in India. Signature-based blocklists lag hours-to-days behind new campaigns — by the time a URL or APK is blocklisted, victims already exist. Law enforcement needed a system that classifies never-seen-before threats, not just known ones.
architecture
approach
- 01 Built a dual-engine detection platform: one pipeline analyzes URLs through lexical, structural, and domain-level features; the other performs static analysis on APKs — permissions, manifest configuration, and package characteristics.
- 02 Engineered the full ML lifecycle end-to-end: data collection, preprocessing, feature engineering, model training, evaluation, and final threat classification with risk verdicts.
- 03 Tuned for the asymmetric cost of errors in fraud detection — a missed malicious sample is far more expensive than a false positive on a benign one.
stack
Python ML models Feature engineering Static APK analysis URL analysis
impact
- Won first place at CipherCop 2025, a national cybersecurity hackathon organized by BPR&D, ISB, and TGCSB — judged by national law-enforcement and security bodies.
- Demonstrated real-time classification of previously unseen threats, where blocklists structurally fail.
key learnings
- Feature engineering on adversarial data is different: attackers actively optimize against your features, so robustness matters more than raw accuracy.
- Evaluation design — class imbalance, cost-sensitive metrics — decides whether a security model is usable, not just its headline score.