Hugging Face's logo

Spaces:
Gankit12
/
scam
Sleeping

App Files Community
scam / Docs /FINAL_IMPLEMENTATION_SPEC.md
Gankit12's picture
Gankit12
Upload 129 files
31f0e50 verified
preview code
|
raw
history blame contribute delete
52.8 kB
# ScamShield AI: Agentic Honeypot System - FINAL IMPLEMENTATION SPECIFICATION
## India AI Impact Buildathon 2026 - Challenge 2
## Target: TOP 10 from 40,000 Participants
**Author/Team Lead:** Shivam Bhuva (@shivambhuva8866)
**Date:** January 26, 2026
**Submission Deadline:** February 5, 2026, 11:59 PM
**Challenge:** Agentic Honey-Pot for Scam Detection & Intelligence Extraction
**Testing Mode:** API Endpoint Submission (Mock Scammer API Integration)
---
## EXECUTIVE SUMMARY
This document provides the **production-ready implementation specification** for ScamShield AI's Agentic Honeypot System. Built exclusively for Challenge 2 of the India AI Impact Buildathon 2026, this system autonomously detects scam messages, engages scammers with believable AI personas, and extracts actionable intelligence (bank accounts, UPI IDs, phishing links).
**Key Differentiators:**
-**100% FREE TIER** - Zero paid APIs or services
-**Phased Implementation** - Text-first (Phase 1), Audio-later (Phase 2)
-**API-First Design** - Direct Mock Scammer API integration
-**Bilingual Focus** - English + Hindi only (high accuracy)
-**Structured JSON Outputs** - Competition-ready response format
-**Production-Grade** - LangGraph ReAct agents with state persistence
**AI Usage:** 90% (detection, agentic engagement, extraction)
**Non-AI:** 10% (API wrappers, data preprocessing)
---
## PROBLEM STATEMENT (Official Challenge 2 Requirements)
**Objective:** Design an autonomous AI honeypot system that:
1. Detects scam messages accurately
2. Actively engages scammers using believable personas
3. Extracts intelligence: bank accounts, UPI IDs, phishing links
4. Integrates with Mock Scammer API for testing
5. Returns structured JSON outputs
**India's Scam Crisis Context:**
- 500,000+ scam calls/messages daily (TRAI 2025)
- ₹60+ crore daily losses
- 3+ spam messages per citizen
- Predominant scams: UPI fraud, fake loans, police/bank impersonation
- 47% Indians affected by or know victims of scam fraud
---
## IMPLEMENTATION ARCHITECTURE
### **PHASE 1: TEXT-BASED HONEYPOT (Priority for Feb 5 Submission)**
```
┌─────────────────────────────────────────────────────────────────┐
│ INPUT LAYER │
│ Mock Scammer API → JSON Message → ScamShield API Endpoint │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ DETECTION MODULE │
│ • IndicBERT (ai4bharat/indic-bert) - Scam Classification │
│ • Keyword Matching (UPI, OTP, bank, police, arrest) │
│ • Language Detection (langdetect) - English/Hindi │
│ • Confidence Scoring (>0.7 = scam trigger) │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ HAND-OFF DECISION │
│ IF scam_confidence > 0.7: │
│ → Trigger Honeypot Engagement │
│ ELSE: │
│ → Return "not_scam" response │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ AGENTIC ENGAGEMENT MODULE │
│ Framework: LangGraph + ReAct Loop │
│ LLM: Groq Llama 3.1 70B (FREE API, 30 req/min) │
│ │
│ Agent Components: │
│ ├─ Persona Generator (elderly/gullible/confused) │
│ ├─ Response Planner (stalling tactics, probing questions) │
│ ├─ Context Tracker (conversation state in ChromaDB) │
│ ├─ Safety Monitor (avoid escalation) │
│ └─ Termination Logic (max 20 turns or intel extracted) │
│ │
│ Engagement Strategy: │
│ • Turn 1-5: Show interest, ask clarifying questions │
│ • Turn 6-12: Express confusion, request details repeatedly │
│ • Turn 13-20: Probe for bank/UPI/links with urgency │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ INTELLIGENCE EXTRACTION MODULE │
│ • NER: spaCy (en_core_web_sm) for entities │
│ • Regex Patterns: │
│ - UPI: [a-zA-Z0-9._]+@[a-zA-Z]+ │
│ - Bank Account: \d{9,18} │
│ - IFSC: [A-Z]{4}0[A-Z0-9]{6} │
│ - Phone: \+91[\s-]?\d{10}|\d{10} │
│ - URLs: https?://[^\s]+ │
│ • Confidence Scoring per entity (0.0-1.0) │
│ • Validation: Check format correctness │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ OUTPUT LAYER (JSON) │
│ { │
│ "scam_detected": true, │
│ "confidence": 0.95, │
│ "language": "hindi", │
│ "conversation_transcript": [...], │
│ "extracted_intelligence": { │
│ "upi_ids": ["scammer@paytm"], │
│ "bank_accounts": ["1234567890"], │
│ "ifsc_codes": ["SBIN0001234"], │
│ "phone_numbers": ["+919876543210"], │
│ "phishing_links": ["http://fake-bank.com"] │
│ }, │
│ "engagement_turns": 15, │
│ "extraction_confidence": 0.87 │
│ } │
└─────────────────────────────────────────────────────────────────┘
```
---
## TECH STACK (100% FREE TIER)
### **1. Core AI/ML Models**
| Component | Model/Library | Source | Free Tier Limits | Why Chosen |
|-----------|--------------|--------|------------------|------------|
| **LLM (Agentic Core)** | Groq Llama 3.1 70B | Groq Cloud API | 30 req/min, 6000/day | Fastest inference (280 tokens/sec), excellent Hindi support |
| **Scam Detection** | ai4bharat/indic-bert | Hugging Face | Unlimited (local) | Best for Hindi-English code-mixed text |
| **NER Extraction** | en_core_web_sm | spaCy | Unlimited (local) | Fast, accurate entity recognition |
| **Language Detection** | langdetect | PyPI | Unlimited (local) | 99%+ accuracy for Hindi/English |
| **Embeddings** | sentence-transformers/all-MiniLM-L6-v2 | Hugging Face | Unlimited (local) | Lightweight, 384-dim embeddings |
### **2. Agentic AI Framework**
```python
# LangGraph + LangChain (Open Source)
langgraph==0.0.20 # State graph orchestration
langchain==0.1.0 # ReAct agent framework
langchain-groq==0.0.1 # Groq LLM integration
```
**Why LangGraph:**
- Built-in state persistence (conversation memory)
- ReAct loop support (Reason → Act → Observe)
- Conditional branching for dynamic engagement
- Multi-turn conversation handling
- Free and open-source
### **3. Vector Database & Storage**
| Component | Tool | Free Tier | Purpose |
|-----------|------|-----------|---------|
| **Vector DB** | ChromaDB | Unlimited (local) | Store conversation embeddings, scam patterns |
| **Relational DB** | PostgreSQL | 1GB (Supabase free) | Conversation logs, scammer profiles |
| **Cache** | Redis | 30MB (Redis Cloud free) | Real-time state, session management |
### **4. API Framework**
```python
# FastAPI + Production Tools
fastapi==0.104.1 # High-performance API
uvicorn==0.24.0 # ASGI server
pydantic==2.5.0 # Data validation
```
### **5. Supporting Libraries**
```python
# NLP & Text Processing
spacy==3.7.2
transformers==4.35.0
torch==2.1.0
sentence-transformers==2.2.2
langdetect==1.0.9
# Vector & Data Storage
chromadb==0.4.18
psycopg2-binary==2.9.9
redis==5.0.1
sqlalchemy==2.0.23
# Utils
python-dotenv==1.0.0
requests==2.31.0
numpy==1.24.3
pandas==2.0.3
```
---
## API ENDPOINT SPECIFICATION
### **1. Competition Submission Endpoint**
**Base URL:** `https://your-api-domain.com/api/v1`
**Endpoint:** `POST /honeypot/engage`
**Request Format:**
```json
{
"message": "आप जीत गए हैं 10 लाख रुपये! अपना OTP शेयर करें।",
"session_id": "optional-session-123",
"language": "auto"
}
```
**Response Format (Scam Detected):**
```json
{
"status": "success",
"scam_detected": true,
"confidence": 0.92,
"language_detected": "hindi",
"session_id": "session-123",
"engagement": {
"agent_response": "वाह! बहुत अच्छी खबर है। मुझे OTP कहाँ भेजना है?",
"turn_count": 1,
"max_turns_reached": false,
"strategy": "show_interest"
},
"extracted_intelligence": {
"upi_ids": [],
"bank_accounts": [],
"ifsc_codes": [],
"phone_numbers": [],
"phishing_links": [],
"extraction_confidence": 0.0
},
"conversation_history": [
{
"turn": 1,
"sender": "scammer",
"message": "आप जीत गए हैं 10 लाख रुपये! अपना OTP शेयर करें।",
"timestamp": "2026-01-26T10:30:00Z"
},
{
"turn": 1,
"sender": "agent",
"message": "वाह! बहुत अच्छी खबर है। मुझे OTP कहाँ भेजना है?",
"timestamp": "2026-01-26T10:30:02Z"
}
],
"metadata": {
"processing_time_ms": 850,
"model_version": "v1.0.0",
"detection_model": "indic-bert",
"engagement_model": "groq-llama-3.1-70b"
}
}
```
**Response Format (Not Scam):**
```json
{
"status": "success",
"scam_detected": false,
"confidence": 0.15,
"language_detected": "english",
"session_id": "session-456",
"message": "No scam detected. Message appears legitimate."
}
```
### **2. Mock Scammer API Integration**
**How Competition Testing Works:**
1. Competition provides Mock Scammer API endpoint
2. Your system detects scam → sends engagement response
3. Mock Scammer API replies → your system continues conversation
4. Loop continues until intelligence extracted or max turns
5. Your API returns final JSON with extracted data
**Integration Architecture:**
```python
# Your API receives initial message
POST /honeypot/engage
{
"message": "Send money to UPI: scammer@paytm",
"mock_scammer_callback": "https://competition-api.com/scammer/reply"
}
# Your system detects scam, engages
# For each turn, call Mock Scammer API:
POST https://competition-api.com/scammer/reply
{
"session_id": "xyz",
"agent_message": "Which UPI ID should I use?"
}
# Mock Scammer responds
{
"scammer_reply": "Use scammer@paytm and send 5000 rupees"
}
# Your system extracts: upi_ids=["scammer@paytm"], continues or terminates
```
### **3. Additional Testing Endpoints**
```python
# Health Check
GET /health
Response: {"status": "healthy", "version": "1.0.0"}
# Batch Processing (if needed)
POST /honeypot/batch
{
"messages": [
{"id": "1", "message": "..."},
{"id": "2", "message": "..."}
]
}
# Get Conversation History
GET /honeypot/session/{session_id}
Response: {conversation history JSON}
```
---
## MULTILINGUAL SUPPORT (ENGLISH + HINDI)
### **Language Detection Pipeline**
```python
# Step 1: Detect language
import langdetect
detected_lang = langdetect.detect(message) # 'en' or 'hi'
# Step 2: Route to appropriate processing
if detected_lang == 'hi':
# Use IndicBERT for detection
# Use Hindi persona prompts for engagement
# Apply Hindi regex patterns
elif detected_lang == 'en':
# Use IndicBERT (supports English too)
# Use English persona prompts
# Apply English regex patterns
```
### **Hindi Support Specifications**
**Models:**
- **Detection:** `ai4bharat/indic-bert` (pre-trained on 12 Indic languages)
- **LLM:** Groq Llama 3.1 70B (strong Hindi capabilities)
- **Alternative:** Gemma-2-9B-it (good Hindi, can run locally)
**Hindi Regex Patterns:**
```python
# Hindi text patterns
HINDI_UPI_KEYWORDS = ['भेजें', 'ट्रांसफर', 'पैसे', 'यूपीआई', 'खाता']
HINDI_SCAM_KEYWORDS = ['जीत', 'ईनाम', 'लॉटरी', 'ओटीपी', 'पुलिस', 'गिरफ्तार']
# Numeric patterns work same (0-9 digits in Hindi text)
UPI_PATTERN = r'[a-zA-Z0-9._]+@[a-zA-Z]+'
ACCOUNT_PATTERN = r'\d{9,18}'
```
**Hindi Persona Examples:**
```
Persona 1 (Elderly):
"अरे वाह! बहुत अच्छा है। लेकिन मुझे समझ नहीं आ रहा, कैसे करूँ?"
Persona 2 (Confused):
"जी हाँ, मैं पैसे भेज दूंगा। पर कौन सा बटन दबाऊं?"
Persona 3 (Eager):
"हाँ हाँ, मुझे पैसे चाहिए। आप कहाँ भेजूं?"
```
### **English Support Specifications**
**Models:**
- Same as Hindi (IndicBERT is multilingual)
- Groq Llama 3.1 70B (native English)
**English Persona Examples:**
```
Persona 1 (Elderly):
"Oh wonderful! But I'm not very good with technology. Can you help me?"
Persona 2 (Confused):
"I want to claim my prize. Where do I send the money again?"
Persona 3 (Eager):
"Yes, I'm ready to transfer. What's your account number?"
```
### **Code-Mixed (Hinglish) Support**
Many Indian scams use code-mixed Hindi-English. IndicBERT handles this well:
```
Input: "Aapne jeeta 10 lakh rupees! Send OTP to claim prize"
Language: hinglish (auto-detected as 'hi' or 'en')
Processing: IndicBERT detects scam patterns in mixed text
Engagement: Respond in same mixing pattern
```
---
## AGENTIC ENGAGEMENT STRATEGY
### **LangGraph ReAct Agent Architecture**
```python
from langgraph.graph import StateGraph, END
from langchain_groq import ChatGroq
# State Definition
class HoneypotState(TypedDict):
messages: List[dict]
scam_confidence: float
turn_count: int
extracted_intel: dict
strategy: str
language: str
# Agent Nodes
def detect_scam(state):
"""Classify if message is scam"""
# IndicBERT classification
# Return updated state with confidence
def plan_response(state):
"""Decide engagement strategy"""
if state['turn_count'] < 5:
strategy = "show_interest"
elif state['turn_count'] < 12:
strategy = "express_confusion"
else:
strategy = "probe_details"
return {"strategy": strategy}
def generate_response(state):
"""LLM generates believable reply"""
# Groq Llama 3.1 with persona prompt
# Returns agent message
def extract_intelligence(state):
"""Extract financial details"""
# spaCy NER + Regex
# Update extracted_intel
def should_continue(state):
"""Termination logic"""
if state['turn_count'] >= 20:
return "end"
if len(state['extracted_intel']['upi_ids']) > 0:
return "end"
return "continue"
# Build Graph
workflow = StateGraph(HoneypotState)
workflow.add_node("detect", detect_scam)
workflow.add_node("plan", plan_response)
workflow.add_node("generate", generate_response)
workflow.add_node("extract", extract_intelligence)
workflow.add_edge("detect", "plan")
workflow.add_edge("plan", "generate")
workflow.add_edge("generate", "extract")
workflow.add_conditional_edges(
"extract",
should_continue,
{
"continue": "plan",
"end": END
}
)
workflow.set_entry_point("detect")
agent = workflow.compile()
```
### **Persona Management**
**Persona Types:**
1. **Elderly Person (60+ years)**
- Slow to understand technology
- Trusting and polite
- Asks basic questions
- Expresses confusion often
2. **Middle-Aged Eager Victim**
- Excited about prizes/offers
- Willing to comply
- Asks for step-by-step instructions
- Shows urgency
3. **Young Confused User**
- Familiar with tech but cautious
- Asks verification questions
- Requests proof/links
- Seeks reassurance
**Persona Selection Logic:**
```python
def select_persona(language, scam_type):
if "prize" in scam_type or "lottery" in scam_type:
return "eager_victim"
elif "police" in scam_type or "arrest" in scam_type:
return "elderly_fearful"
else:
return "confused_user"
```
### **Stalling Tactics**
**Goal:** Keep scammer engaged to extract more information
**Tactics:**
1. **Repeated Clarification:** "I didn't understand, can you repeat?"
2. **Technical Confusion:** "Which button do I press? My phone is old."
3. **Fake Delays:** "Let me find my card. Hold on..."
4. **Partial Compliance:** "I sent something, did you receive?"
5. **Request Verification:** "Can you send me official proof?"
**Turn-by-Turn Strategy:**
```python
ENGAGEMENT_STRATEGY = {
"turns_1_5": {
"goal": "Build trust, show interest",
"tactics": ["express_excitement", "ask_basic_questions"],
"example": "Really? I won? How do I claim it?"
},
"turns_6_12": {
"goal": "Extract contact/payment info",
"tactics": ["request_details", "express_confusion"],
"example": "Should I send money to your account? What's the number?"
},
"turns_13_20": {
"goal": "Force reveal of bank/UPI/links",
"tactics": ["fake_compliance", "probe_urgently"],
"example": "I'm ready to transfer. Send me your UPI ID again?"
}
}
```
---
## INTELLIGENCE EXTRACTION
### **Extraction Targets (Competition Requirements)**
1. **UPI IDs:** `user@paytm`, `9876543210@ybl`, etc.
2. **Bank Account Numbers:** 9-18 digit sequences
3. **IFSC Codes:** 11-character bank codes
4. **Phone Numbers:** +91 or 10-digit Indian numbers
5. **Phishing Links:** URLs to fake websites
### **Extraction Pipeline**
```python
import spacy
import re
nlp = spacy.load("en_core_web_sm")
def extract_intelligence(text):
intel = {
"upi_ids": [],
"bank_accounts": [],
"ifsc_codes": [],
"phone_numbers": [],
"phishing_links": []
}
# UPI IDs
upi_pattern = r'\b[a-zA-Z0-9._-]+@[a-zA-Z]+\b'
intel['upi_ids'] = re.findall(upi_pattern, text)
# Bank Accounts (9-18 digits, with validation)
account_pattern = r'\b\d{9,18}\b'
accounts = re.findall(account_pattern, text)
intel['bank_accounts'] = [acc for acc in accounts if validate_account(acc)]
# IFSC Codes
ifsc_pattern = r'\b[A-Z]{4}0[A-Z0-9]{6}\b'
intel['ifsc_codes'] = re.findall(ifsc_pattern, text)
# Phone Numbers
phone_pattern = r'(?:\+91[\s-]?)?[6-9]\d{9}\b'
intel['phone_numbers'] = re.findall(phone_pattern, text)
# Phishing Links
url_pattern = r'https?://[^\s<>"{}|\\^`\[\]]+'
intel['phishing_links'] = re.findall(url_pattern, text)
# SpaCy NER for additional entities
doc = nlp(text)
for ent in doc.ents:
if ent.label_ == "CARDINAL" and len(ent.text) >= 9:
# Possible account number
if ent.text not in intel['bank_accounts']:
intel['bank_accounts'].append(ent.text)
# Calculate confidence
confidence = calculate_extraction_confidence(intel)
return intel, confidence
def validate_account(account_number):
"""Basic validation for bank account"""
if len(account_number) < 9 or len(account_number) > 18:
return False
# Add checksum validation if needed
return True
def calculate_extraction_confidence(intel):
"""Score based on number and quality of extractions"""
score = 0
weights = {
'upi_ids': 0.3,
'bank_accounts': 0.3,
'ifsc_codes': 0.2,
'phone_numbers': 0.1,
'phishing_links': 0.1
}
for key, weight in weights.items():
if len(intel[key]) > 0:
score += weight
return min(score, 1.0)
```
### **Hindi Text Extraction Challenges**
**Challenge:** Numbers in Hindi text (Devanagari script: ०१२३...)
**Solution:** Devanagari digits to ASCII conversion
```python
def convert_devanagari_to_ascii(text):
"""Convert Devanagari digits to ASCII"""
devanagari_to_ascii = {
'०': '0', '१': '1', '२': '2', '३': '3', '४': '4',
'५': '5', '६': '6', '७': '7', '८': '8', '९': '9'
}
for dev, asc in devanagari_to_ascii.items():
text = text.replace(dev, asc)
return text
# Apply before extraction
text = convert_devanagari_to_ascii(hindi_text)
intel = extract_intelligence(text)
```
---
## DATABASE & STATE MANAGEMENT
### **PostgreSQL Schema**
```sql
-- Conversations Table
CREATE TABLE conversations (
id SERIAL PRIMARY KEY,
session_id VARCHAR(255) UNIQUE NOT NULL,
language VARCHAR(10) NOT NULL,
scam_detected BOOLEAN DEFAULT FALSE,
confidence FLOAT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Messages Table
CREATE TABLE messages (
id SERIAL PRIMARY KEY,
conversation_id INTEGER REFERENCES conversations(id),
turn_number INTEGER NOT NULL,
sender VARCHAR(50) NOT NULL, -- 'scammer' or 'agent'
message TEXT NOT NULL,
timestamp TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Extracted Intelligence Table
CREATE TABLE extracted_intelligence (
id SERIAL PRIMARY KEY,
conversation_id INTEGER REFERENCES conversations(id),
upi_ids TEXT[], -- PostgreSQL array
bank_accounts TEXT[],
ifsc_codes TEXT[],
phone_numbers TEXT[],
phishing_links TEXT[],
extraction_confidence FLOAT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Scammer Profiles (for analytics)
CREATE TABLE scammer_profiles (
id SERIAL PRIMARY KEY,
phone_hash VARCHAR(64), -- Hashed for privacy
scam_tactics TEXT[],
languages_used TEXT[],
total_conversations INTEGER DEFAULT 1,
first_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
```
### **ChromaDB for Vector Storage**
```python
import chromadb
from sentence_transformers import SentenceTransformer
# Initialize
client = chromadb.Client()
collection = client.create_collection("scam_conversations")
embedder = SentenceTransformer('all-MiniLM-L6-v2')
# Store conversation embeddings
def store_conversation(session_id, messages):
# Combine messages into single text
full_text = " ".join([msg['message'] for msg in messages])
# Generate embedding
embedding = embedder.encode(full_text)
# Store in ChromaDB
collection.add(
embeddings=[embedding.tolist()],
documents=[full_text],
ids=[session_id],
metadatas=[{
"session_id": session_id,
"turn_count": len(messages),
"language": messages[0].get('language', 'unknown')
}]
)
# Query similar conversations (for learning)
def find_similar_scams(query_text, n_results=5):
query_embedding = embedder.encode(query_text)
results = collection.query(
query_embeddings=[query_embedding.tolist()],
n_results=n_results
)
return results
```
### **Redis for Session State**
```python
import redis
import json
# Initialize Redis
redis_client = redis.Redis(
host='redis-free-tier.cloud.redislabs.com',
port=12345,
password='your-password',
decode_responses=True
)
# Store session state
def save_session_state(session_id, state):
redis_client.setex(
f"session:{session_id}",
3600, # 1 hour expiry
json.dumps(state)
)
# Retrieve session state
def get_session_state(session_id):
data = redis_client.get(f"session:{session_id}")
return json.loads(data) if data else None
# Update turn count
def increment_turn(session_id):
redis_client.incr(f"session:{session_id}:turns")
```
---
## DEPLOYMENT ARCHITECTURE
### **Free Tier Hosting Options**
| Service | Free Tier | Best For | Limits |
|---------|-----------|----------|--------|
| **Render** | 750 hours/month | FastAPI deployment | Sleep after 15min inactivity |
| **Railway** | $5 credit/month | PostgreSQL + API | 500 hours |
| **Fly.io** | 3 shared VMs | Low-latency API | 160GB transfer/month |
| **Supabase** | 500MB PostgreSQL | Database | 2GB transfer/month |
| **Redis Cloud** | 30MB Redis | Cache/sessions | 30 connections |
### **Recommended Stack for Competition**
```
API Server: Render (or Railway)
├─ FastAPI application
├─ Uvicorn ASGI server
├─ 512MB RAM, 0.1 CPU
└─ Environment: Python 3.11
Database: Supabase PostgreSQL
├─ 500MB storage
├─ 2GB transfer/month
└─ Connection pooling
Cache: Redis Cloud
├─ 30MB storage
├─ Session state management
└─ 30 concurrent connections
Vector DB: ChromaDB (Local)
├─ Embedded in API server
├─ Persistent storage in Docker volume
└─ No external service needed
Model Hosting: Hugging Face (Local)
├─ IndicBERT loaded at startup
├─ spaCy models bundled
└─ 2GB disk space for models
LLM API: Groq Cloud
├─ 30 requests/minute
├─ 6000 requests/day
└─ Zero cost
```
### **Docker Configuration**
```dockerfile
# Dockerfile
FROM python:3.11-slim
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y \
build-essential \
&& rm -rf /var/lib/apt/lists/*
# Copy requirements
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Download models at build time
RUN python -c "from transformers import AutoModel, AutoTokenizer; \
AutoModel.from_pretrained('ai4bharat/indic-bert'); \
AutoTokenizer.from_pretrained('ai4bharat/indic-bert')"
RUN python -m spacy download en_core_web_sm
# Copy application code
COPY . .
# Expose port
EXPOSE 8000
# Run application
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
```
```yaml
# docker-compose.yml (for local testing)
version: '3.8'
services:
api:
build: .
ports:
- "8000:8000"
environment:
- GROQ_API_KEY=${GROQ_API_KEY}
- POSTGRES_URL=${POSTGRES_URL}
- REDIS_URL=${REDIS_URL}
volumes:
- chromadb_data:/app/chromadb
depends_on:
- postgres
- redis
postgres:
image: postgres:15
environment:
- POSTGRES_DB=scamshield
- POSTGRES_USER=admin
- POSTGRES_PASSWORD=securepass
volumes:
- postgres_data:/var/lib/postgresql/data
redis:
image: redis:7-alpine
volumes:
- redis_data:/data
volumes:
chromadb_data:
postgres_data:
redis_data:
```
---
## GROQ API INTEGRATION
### **Setup & Configuration**
```python
# .env file
GROQ_API_KEY=gsk_your_free_api_key_here
GROQ_MODEL=llama-3.1-70b-versatile
# config.py
import os
from dotenv import load_dotenv
load_dotenv()
GROQ_API_KEY = os.getenv("GROQ_API_KEY")
GROQ_MODEL = os.getenv("GROQ_MODEL", "llama-3.1-70b-versatile")
GROQ_TEMPERATURE = 0.7
GROQ_MAX_TOKENS = 500
GROQ_TIMEOUT = 30
```
### **LangChain Integration**
```python
from langchain_groq import ChatGroq
from langchain.prompts import ChatPromptTemplate
# Initialize Groq LLM
llm = ChatGroq(
model=GROQ_MODEL,
api_key=GROQ_API_KEY,
temperature=GROQ_TEMPERATURE,
max_tokens=GROQ_MAX_TOKENS
)
# Persona Prompts
ELDERLY_HINDI_PROMPT = """
आप एक 65 वर्षीय व्यक्ति हैं जो टेक्नोलॉजी में बहुत अच्छे नहीं हैं।
आप विनम्र और भरोसेमंद हैं। आप अक्सर सवाल पूछते हैं और भ्रमित होते हैं।
आपका लक्ष्य: घोटालेबाज से बैंक डिटेल्स, UPI ID, या लिंक निकालना, लेकिन
असली व्यक्ति की तरह व्यवहार करना।
बातचीत का इतिहास:
{conversation_history}
घोटालेबाज का संदेश: {scammer_message}
आपका जवाब (केवल एक संदेश, 1-2 वाक्य):
"""
ELDERLY_ENGLISH_PROMPT = """
You are a 65-year-old person who is not tech-savvy.
You are polite, trusting, and often confused about technology.
Your goal: Extract bank details, UPI IDs, or phishing links from the scammer
while acting like a real elderly person.
Conversation history:
{conversation_history}
Scammer's message: {scammer_message}
Your response (only one message, 1-2 sentences):
"""
# Generate response
def generate_agent_response(language, persona, conversation_history, scammer_message):
if language == "hindi":
prompt_template = ELDERLY_HINDI_PROMPT
else:
prompt_template = ELDERLY_ENGLISH_PROMPT
prompt = ChatPromptTemplate.from_template(prompt_template)
chain = prompt | llm
response = chain.invoke({
"conversation_history": format_conversation(conversation_history),
"scammer_message": scammer_message
})
return response.content
def format_conversation(history):
"""Format conversation for prompt"""
formatted = []
for msg in history[-5:]: # Last 5 turns for context
sender = "Scammer" if msg['sender'] == 'scammer' else "You"
formatted.append(f"{sender}: {msg['message']}")
return "\n".join(formatted)
```
### **Rate Limiting & Retry Logic**
```python
import time
from functools import wraps
def rate_limited_groq_call(max_retries=3, backoff=2):
"""Decorator for handling Groq rate limits"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
for attempt in range(max_retries):
try:
return func(*args, **kwargs)
except Exception as e:
if "rate_limit" in str(e).lower():
wait_time = backoff ** attempt
print(f"Rate limited. Waiting {wait_time}s...")
time.sleep(wait_time)
else:
raise e
raise Exception("Max retries exceeded")
return wrapper
return decorator
@rate_limited_groq_call(max_retries=3)
def call_groq_api(messages):
"""Safe Groq API call with retry"""
return llm.invoke(messages)
```
---
## EVALUATION METRICS
### **Competition Judging Criteria (Predicted)**
Based on Challenge 2 requirements, judges will likely evaluate:
1. **Scam Detection Accuracy (25%)**
- True Positive Rate (detecting actual scams)
- False Positive Rate (avoiding false alarms)
- Target: >90% accuracy
2. **Engagement Quality (25%)**
- Naturalness of conversation (believable persona)
- Number of turns sustained
- Avoidance of detection by scammer
- Target: >10 turns average
3. **Intelligence Extraction (30%)**
- UPI IDs extracted correctly
- Bank accounts extracted correctly
- Phishing links identified
- Extraction accuracy (no false positives)
- Target: >85% precision, >80% recall
4. **Response Time (10%)**
- API latency
- Time to extract intelligence
- Target: <2s per response
5. **System Robustness (10%)**
- Handle edge cases (empty messages, very long texts)
- Error handling
- API availability
### **Testing Framework**
```python
# test_metrics.py
import pytest
from app.honeypot import HoneypotAgent
def test_scam_detection_accuracy():
"""Test detection accuracy on known scam messages"""
test_cases = [
{
"message": "You won 10 lakh! Send OTP to claim.",
"expected_scam": True,
"expected_confidence": 0.9
},
{
"message": "Hi, how are you doing today?",
"expected_scam": False,
"expected_confidence": 0.1
},
# Add 100+ test cases
]
agent = HoneypotAgent()
correct = 0
for case in test_cases:
result = agent.detect_scam(case["message"])
if result["scam_detected"] == case["expected_scam"]:
correct += 1
accuracy = correct / len(test_cases)
assert accuracy >= 0.90, f"Accuracy {accuracy} below 90% threshold"
def test_intelligence_extraction():
"""Test extraction accuracy"""
test_text = """
Please send 5000 rupees to my UPI: scammer@paytm
My bank account is 1234567890123 with IFSC SBIN0001234
Call me at +919876543210 or visit http://fake-bank.com
"""
agent = HoneypotAgent()
result = agent.extract_intelligence(test_text)
assert "scammer@paytm" in result["upi_ids"]
assert "1234567890123" in result["bank_accounts"]
assert "SBIN0001234" in result["ifsc_codes"]
assert "+919876543210" in result["phone_numbers"]
assert "http://fake-bank.com" in result["phishing_links"]
def test_response_latency():
"""Test API response time"""
import time
agent = HoneypotAgent()
start = time.time()
result = agent.engage("Send money to win prize!")
latency = time.time() - start
assert latency < 2.0, f"Latency {latency}s exceeds 2s threshold"
```
### **Monitoring Dashboard**
```python
# metrics.py
from prometheus_client import Counter, Histogram, Gauge
# Define metrics
scam_detection_total = Counter(
'scam_detection_total',
'Total number of scam detections',
['language', 'result']
)
intelligence_extracted = Counter(
'intelligence_extracted_total',
'Total pieces of intelligence extracted',
['type'] # upi, bank_account, etc.
)
response_time = Histogram(
'response_time_seconds',
'Response time in seconds',
buckets=[0.1, 0.5, 1.0, 2.0, 5.0]
)
active_sessions = Gauge(
'active_honeypot_sessions',
'Number of active honeypot sessions'
)
# Use in code
scam_detection_total.labels(language='hindi', result='scam').inc()
intelligence_extracted.labels(type='upi_id').inc()
response_time.observe(1.2)
```
---
## PHASE 2: AUDIO INTEGRATION (POST-TEXT IMPLEMENTATION)
**Note:** Only proceed with Phase 2 after Phase 1 is fully tested and working.
### **Phase 2 Additions**
```python
# Additional requirements for Phase 2
openai-whisper==20231117 # ASR for audio transcription
torchaudio==2.1.0 # Audio processing
librosa==0.10.1 # Audio features
soundfile==0.12.1 # Audio I/O
pydub==0.25.1 # Audio format conversion
```
### **Audio Endpoint**
```python
# POST /honeypot/engage-audio
# Accept: multipart/form-data or JSON with base64 audio
@app.post("/honeypot/engage-audio")
async def engage_audio(audio_file: UploadFile):
# Step 1: Save audio temporarily
temp_path = f"/tmp/{audio_file.filename}"
with open(temp_path, "wb") as f:
f.write(await audio_file.read())
# Step 2: Transcribe with Whisper
import whisper
model = whisper.load_model("base")
result = model.transcribe(temp_path, language="hi") # or "en"
transcribed_text = result["text"]
detected_language = result["language"]
# Step 3: Process as text (reuse Phase 1 pipeline)
response = await engage_text({
"message": transcribed_text,
"language": detected_language,
"source": "audio"
})
# Step 4: Add audio-specific metadata
response["audio_metadata"] = {
"original_filename": audio_file.filename,
"transcription": transcribed_text,
"detected_language": detected_language,
"transcription_confidence": result.get("confidence", 1.0)
}
return response
```
### **Audio-Specific Scam Detection**
```python
# Voice deepfake detection (Phase 2 only)
from resemblyzer import preprocess_wav, VoiceEncoder
encoder = VoiceEncoder()
def detect_synthetic_voice(audio_path):
"""Detect if voice is AI-generated"""
wav = preprocess_wav(audio_path)
embed = encoder.embed_utterance(wav)
# Compare against known synthetic voice embeddings
# Return confidence score
return {
"is_synthetic": False, # Placeholder
"confidence": 0.95
}
```
---
## RESPONSIBLE AI & COMPLIANCE
### **Privacy & Data Protection**
**DPDP Act 2023 Compliance:**
1. **Consent:** User must opt-in to honeypot engagement
2. **Data Minimization:** Store only essential data
3. **Anonymization:** Hash PII (phone numbers, etc.)
4. **Retention:** Delete logs after 30 days
5. **Right to Erasure:** Provide deletion API
```python
import hashlib
def anonymize_phone(phone_number):
"""Hash phone numbers for privacy"""
return hashlib.sha256(phone_number.encode()).hexdigest()
def schedule_data_deletion(session_id, days=30):
"""Schedule automatic data deletion"""
deletion_date = datetime.now() + timedelta(days=days)
# Store in deletion_queue table
db.execute("""
INSERT INTO deletion_queue (session_id, deletion_date)
VALUES (%s, %s)
""", (session_id, deletion_date))
```
### **Safety Guidelines**
**Agent Behavior Rules:**
1. **No Escalation:** Never threaten or provoke scammer
2. **No Personal Info:** Never share real personal details
3. **No Financial Transactions:** Never actually transfer money
4. **Termination:** End conversation if scammer becomes violent
5. **Legal Compliance:** Ensure honeynet operations are legal
```python
def safety_check(agent_message):
"""Ensure agent response is safe"""
unsafe_patterns = [
r'I will kill',
r'real address',
r'my actual bank',
# Add more unsafe patterns
]
for pattern in unsafe_patterns:
if re.search(pattern, agent_message, re.IGNORECASE):
return False, "Unsafe content detected"
return True, "Safe"
```
### **Bias Mitigation**
**Addressing Potential Biases:**
1. **Language Bias:** Equal performance for Hindi and English
2. **Dialect Bias:** Test on multiple Indian accents
3. **Age Bias:** Personas represent diverse age groups
4. **Regional Bias:** Test on North and South Indian scam patterns
```python
def test_language_fairness():
"""Ensure equal accuracy across languages"""
hindi_accuracy = evaluate_on_dataset("hindi_test_set")
english_accuracy = evaluate_on_dataset("english_test_set")
difference = abs(hindi_accuracy - english_accuracy)
assert difference < 0.05, "Language bias detected"
```
---
## WINNING STRATEGY
### **What Makes This Solution Top 10 Material**
1. **Technical Excellence (40%)**
- ✅ Production-grade LangGraph architecture
- ✅ State-of-the-art models (IndicBERT, Llama 3.1)
- ✅ Robust state management (PostgreSQL + Redis + ChromaDB)
- ✅ Free tier deployment (cost-effective)
2. **Innovation (30%)**
- ✅ Multi-turn agentic engagement (beyond simple detection)
- ✅ Dynamic persona adaptation
- ✅ Intelligent stalling tactics
- ✅ Real-time intelligence extraction
3. **India-Specific (20%)**
- ✅ Hindi + English bilingual support
- ✅ UPI/IFSC/Indian bank patterns
- ✅ Local scam tactics knowledge
- ✅ Cultural context in personas
4. **Execution Quality (10%)**
- ✅ Clean API design
- ✅ Comprehensive documentation
- ✅ Testing framework
- ✅ Production deployment
### **Competition Day Checklist**
**Before Submission (Feb 4):**
- [ ] API deployed and publicly accessible
- [ ] Health check endpoint working
- [ ] Test with 100+ sample scam messages
- [ ] Verify JSON response format matches requirements
- [ ] Check response latency (<2s average)
- [ ] Ensure Groq API key has remaining credits
- [ ] Database backups configured
- [ ] Monitoring dashboard active
- [ ] Documentation complete
- [ ] Demo video recorded (if required)
**Submission Day (Feb 5):**
- [ ] Submit API endpoint URL
- [ ] Verify endpoint is reachable from external networks
- [ ] Monitor logs for incoming test requests
- [ ] Have fallback plan (backup deployment)
- [ ] Team available for support
- [ ] Response to any judge queries within 2 hours
### **Differentiation from Competitors**
Most participants will likely build:
- Simple rule-based detection (keyword matching only)
- Single-turn response (no multi-turn engagement)
- Basic regex extraction (no NER)
- No state management (stateless API)
**Your Edge:**
-**Agentic AI** with LangGraph (complex, adaptive)
-**Multi-turn engagement** (up to 20 turns)
-**State persistence** (remembers conversation)
-**Dynamic personas** (believable, adaptive)
-**Hybrid extraction** (NER + regex + validation)
-**Production architecture** (scalable, monitored)
---
## PROJECT STRUCTURE
```
scamshield-ai/
├── README.md
├── requirements.txt
├── Dockerfile
├── docker-compose.yml
├── .env.example
├── .gitignore
├── app/
│ ├── __init__.py
│ ├── main.py # FastAPI app
│ ├── config.py # Configuration
│ │
│ ├── api/
│ │ ├── __init__.py
│ │ ├── endpoints.py # API routes
│ │ └── schemas.py # Pydantic models
│ │
│ ├── models/
│ │ ├── __init__.py
│ │ ├── detector.py # IndicBERT scam detection
│ │ ├── extractor.py # Intelligence extraction
│ │ └── language.py # Language detection
│ │
│ ├── agent/
│ │ ├── __init__.py
│ │ ├── honeypot.py # LangGraph agent
│ │ ├── personas.py # Persona definitions
│ │ ├── prompts.py # LLM prompts
│ │ └── strategies.py # Engagement strategies
│ │
│ ├── database/
│ │ ├── __init__.py
│ │ ├── postgres.py # PostgreSQL connection
│ │ ├── redis_client.py # Redis connection
│ │ ├── chromadb_client.py # ChromaDB connection
│ │ └── models.py # SQLAlchemy models
│ │
│ └── utils/
│ ├── __init__.py
│ ├── preprocessing.py # Text preprocessing
│ ├── validation.py # Input validation
│ ├── metrics.py # Prometheus metrics
│ └── logger.py # Logging configuration
├── tests/
│ ├── __init__.py
│ ├── test_detection.py
│ ├── test_extraction.py
│ ├── test_engagement.py
│ └── test_api.py
├── scripts/
│ ├── setup_models.py # Download ML models
│ ├── init_database.py # Initialize DB schema
│ └── test_deployment.py # Deployment smoke tests
├── data/
│ ├── test_scam_messages.json # Test dataset
│ ├── personas.json # Persona definitions
│ └── scam_patterns.json # Known scam patterns
└── docs/
├── API_DOCUMENTATION.md
├── DEPLOYMENT_GUIDE.md
└── TESTING_GUIDE.md
```
---
## IMPLEMENTATION TIMELINE
### **Week 1 (Jan 26 - Feb 1): Core Development**
**Day 1-2: Project Setup**
- Initialize repository
- Setup virtual environment
- Install dependencies
- Configure PostgreSQL, Redis, ChromaDB
- Obtain Groq API key
**Day 3-4: Detection Module**
- Implement IndicBERT integration
- Build language detection
- Create keyword matching
- Test on sample messages
**Day 5-6: Agentic Module**
- Build LangGraph workflow
- Integrate Groq Llama 3.1
- Implement persona system
- Test engagement loop
**Day 7: Extraction Module**
- Implement spaCy NER
- Build regex patterns
- Create validation logic
- Test on sample extractions
### **Week 2 (Feb 2 - Feb 5): Testing & Deployment**
**Day 8: Integration**
- Connect all modules
- Build FastAPI endpoints
- Implement database operations
- End-to-end testing
**Day 9: Testing**
- Unit tests (80%+ coverage)
- Integration tests
- Load testing (100 req/min)
- Fix bugs
**Day 10: Deployment**
- Deploy to Render/Railway
- Configure environment variables
- Setup monitoring
- Test production endpoint
**Day 11: Buffer & Submission**
- Final testing
- Documentation review
- Submit API endpoint
- Monitor for test requests
---
## SUCCESS METRICS
### **Minimum Viable Product (MVP) Criteria**
**Must Have:**
- [x] Scam detection with >85% accuracy
- [x] Multi-turn engagement (at least 10 turns)
- [x] Extract at least 1 UPI ID or bank account
- [x] API response time <3s
- [x] Handle Hindi and English
- [x] Structured JSON output
**Should Have:**
- [x] >90% detection accuracy
- [x] 15+ turn average engagement
- [x] Extract 2+ intelligence types per conversation
- [x] API response time <2s
- [x] State persistence across sessions
- [x] Monitoring and metrics
**Nice to Have:**
- [ ] >95% detection accuracy
- [ ] 20 turn max engagement
- [ ] Extract all 5 intelligence types
- [ ] API response time <1s
- [ ] Advanced persona adaptation
- [ ] Voice deepfake detection (Phase 2)
---
## RISK MITIGATION
| Risk | Probability | Impact | Mitigation |
|------|-------------|--------|------------|
| **Groq API rate limits** | High | High | Implement retry logic, use backoff, cache responses |
| **Model loading time** | Medium | Medium | Load models at startup, not per request |
| **Database connection loss** | Low | High | Connection pooling, auto-reconnect, fallback to local storage |
| **Competition API changes** | Medium | High | Flexible schema design, comprehensive testing |
| **Deployment downtime** | Low | Critical | Multiple hosting options, health checks, auto-restart |
| **Hindi detection accuracy** | Medium | Medium | Extensive testing, fallback to English, hybrid approach |
---
## CONCLUSION
This specification provides a **complete, production-ready blueprint** for building a winning Agentic Honeypot System for the India AI Impact Buildathon 2026.
**Key Strengths:**
1.**100% Free Tier** - No cost barriers
2.**Phased Approach** - Text first, audio later
3.**Production Architecture** - Scalable, monitored, robust
4.**India-Specific** - Hindi support, local scam patterns
5.**Competition-Ready** - API-first, JSON outputs
6.**Technically Superior** - LangGraph, state management, multi-turn
7.**Well-Documented** - Clear implementation path
**Expected Ranking:** TOP 10 from 40,000 participants
**Next Steps:**
1. Begin implementation following project structure
2. Test continuously against test dataset
3. Deploy early to identify issues
4. Iterate based on testing feedback
5. Submit before deadline with confidence
**Team Focus:**
- Speed of execution (10 days remaining)
- Quality over features (MVP first)
- Testing, testing, testing
- Documentation for judges
- Monitoring for competition day
---
## APPENDIX
### **A. Sample API Requests/Responses**
See API ENDPOINT SPECIFICATION section above.
### **B. Groq API Key Setup**
1. Visit: https://console.groq.com/
2. Sign up with email
3. Navigate to API Keys section
4. Generate new API key
5. Free tier: 30 requests/minute, 6000/day
### **C. Supabase PostgreSQL Setup**
1. Visit: https://supabase.com/
2. Create account
3. New project → Select free tier
4. Copy connection string
5. Use in DATABASE_URL environment variable
### **D. Redis Cloud Setup**
1. Visit: https://redis.com/try-free/
2. Create account
3. New database → Free 30MB
4. Copy connection details
5. Use in REDIS_URL environment variable
### **E. Testing Commands**
```bash
# Run all tests
pytest tests/ -v
# Run specific test
pytest tests/test_detection.py::test_hindi_scam_detection
# Test API locally
curl -X POST http://localhost:8000/honeypot/engage \
-H "Content-Type: application/json" \
-d '{"message": "You won 10 lakh rupees!"}'
# Load test
locust -f tests/load_test.py --host http://localhost:8000
```
### **F. Deployment Commands**
```bash
# Build Docker image
docker build -t scamshield-ai .
# Run locally
docker-compose up
# Deploy to Render
git push render main
# Check logs
render logs --tail 100
```
---
**Document Version:** 1.0
**Last Updated:** January 26, 2026
**Status:** Ready for Implementation
**Approved By:** Shivam Bhuva (Team Lead)
**For Questions/Support:**
- GitHub Issues: [Your Repo]
- Email: shivambhuva8866@gmail.com
- Team Channel: [Your Communication Channel]
---
**END OF DOCUMENT**