Project Overview
This is a full-stack cybersecurity platform built to detect and respond to digital threats in real time. It combines multiple external threat intelligence APIs, a trained machine learning model, and a Django-powered dashboard into one unified system capable of scanning files, URLs, IP addresses, and open ports — with automated email alerts and file quarantine built in.
What Was Built
- Developed the entire platform in Python using the Django web framework, covering user authentication, scanning interfaces, alerting, and an admin dashboard
- Integrated 6 external threat intelligence APIs — VirusTotal, MalwareBazaar, Hybrid Analysis, AbuseIPDB, OTX (AlienVault), and Google Gemini AI — with automatic API key rotation so the system self-heals when a key hits its quota or fails
- Built an offline ML file scanner using a trained Random Forest model that classifies files as malicious or benign based on extracted features — works with zero internet access
- Implemented Hybrid Mode where the ML model runs alongside API results for stronger, combined threat scoring
- Integrated YARA rules for local signature-based malware pattern detection on files
- Built a port scanner using nmap with a socket-based fallback for detecting open, closed, and filtered ports and their services
- Set up Celery + Redis for background email alerting — users receive notifications when a threat meets or exceeds their configured severity threshold
- Implemented file quarantine — flagged malicious files are automatically moved to a secure quarantine directory with full logging
- Added result caching (1-hour TTL) to reduce API usage and speed up repeat scans
- Built a user file monitoring dashboard — users upload files for continuous automated scanning with periodic re-checks and instant alerts on detection
Tech Stack
| Layer | Technology |
|---|---|
| Language | Python |
| Framework | Django |
| ML Model | Random Forest (scikit-learn) |
| Task Queue | Celery + Redis |
| Threat APIs | VirusTotal, MalwareBazaar, Hybrid Analysis, AbuseIPDB, OTX, Gemini AI |
| Malware Signatures | YARA Rules |
| Port Scanning | nmap / socket fallback |
| Deployment | Django dev server (scalable to production) |
Scanning Capabilities
| Scanner | APIs Used | ML | YARA |
|---|---|---|---|
| File Scan | VirusTotal, MalwareBazaar, Hybrid Analysis | ✅ Yes | ✅ Yes |
| URL Scan | VirusTotal | ❌ | ❌ |
| IP Scan | VirusTotal, AbuseIPDB, OTX | ❌ | ❌ |
| Port Scan | None (nmap) | ❌ | ❌ |
Key Features
- Multi-source threat intelligence with automatic API key failover
- Offline ML scanning — no internet required for file analysis
- Hybrid threat scoring combining API signals + ML prediction
- Automated quarantine of malicious files with audit logs
- User-configurable alert thresholds with background email delivery
- Continuous file monitoring with scheduled re-scanning
- Full system logging to
threat_detection.log
0 Comments