Scam-Detector / README.md
Sanjam19's picture
Update README.md
ffb3f27 verified
|
Raw
History Blame Contribute Delete
5.4 kB
---
title: Scam Detector
emoji: πŸ›‘οΈ
colorFrom: red
colorTo: yellow
sdk: gradio
sdk_version: 6.9.0
app_file: app.py
pinned: false
license: mit
---
# πŸ›‘οΈ Scam Detector
AI-powered SMS and URL scam detection, trained on India-specific fraud patterns. Flags messages and links as **Safe**, **Suspicious**, or **Scam** in real time.
**Live demo:** [huggingface.co/spaces/Sanjam19/Scam-Detector](https://huggingface.co/spaces/Sanjam19/Scam-Detector)
---
## What It Does
- **Text / SMS analysis** β€” detects phishing, bank impersonation, KYC fraud, digital arrest scams, OTP theft, investment fraud, and more
- **URL analysis** β€” ensemble classifier (3 models) + rule-based pattern matching to flag malicious links
- **User feedback loop** β€” every prediction collects thumbs up/down, stored for future retraining
---
## Model Architecture
### Text Classifier
- **Pipeline:** TF-IDF (5,000 features, unigrams + bigrams) β†’ Logistic Regression (`class_weight='balanced'`)
- **Training data:** SMS Spam Collection (5,574 messages) + self-curated India-specific scam dataset (500 messages, 5Γ— upweighted)
- **Threshold:** Scam β‰₯ 0.55 Β· Suspicious β‰₯ 0.35 Β· Safe < 0.35 β€” tuned to minimise false negatives given the asymmetric cost of missing a scam
- **Rule layer:** 35+ regex patterns covering social engineering tactics specific to Indian fraud (KYC scams, RBI impersonation, digital arrest, UPI suspension, SIM KYC, Aadhaar fraud)
- **Final score:** `max(ML score, rule score)` β€” conservative by design
### URL Ensemble (3 models, soft-voted)
| Model | Features | CV Balanced Accuracy |
|-------|----------|---------------------|
| TF-IDF char n-gram (3–5) + Logistic Regression | Raw URL string | 63.0% |
| Random Forest | 21 engineered features (hyphen count, TLD type, subdomain depth, brand+hyphen flag, etc.) | 71.2% |
| XGBoost | URL + red_flags + domain_pattern text (word TF-IDF) | 70.5% |
Soft vote averages probability vectors across all three. If any single model exceeds 85% confidence on MALICIOUS, it overrides the average. Final score blends ensemble (50%) with rule-based checks (50%).
---
## Performance
**Text model** (200-sample stratified test, SMS Spam Collection):
| Metric | Score |
|--------|-------|
| Accuracy | 98.5% |
| Recall | 100% |
| Precision | 97.1% |
| F1 | 98.5% |
Zero false negatives by design β€” the threshold is deliberately set to catch every scam at the cost of a small increase in false positives.
**URL ensemble** (3-fold CV on 250-label phishing URL dataset): 63–71% balanced accuracy across models. Ensemble + rules combination handles edge cases neither approach catches alone.
---
## India-Specific Scam Coverage
The self-curated dataset and rule layer cover fraud patterns underrepresented in standard SMS spam datasets:
- Bank impersonation (HDFC, SBI, ICICI, Axis, Kotak, RBI)
- KYC expiry / Aadhaar deactivation fraud
- Digital arrest scams (CBI, ED, cybercrime impersonation)
- UPI / wallet suspension threats
- SIM KYC fraud (Airtel, Jio, Vi)
- Investment fraud / pig butchering (crypto trading groups)
- Government scheme fraud (EPFO, GST, income tax refunds)
- Customs clearance fee scams
- Job registration fee fraud
---
## Why Not BERT?
Tried it. Zero-shot BERT got 32% accuracy β€” worse than a coin flip on this task. General language models don't understand spam-specific vocabulary patterns. TF-IDF trained directly on scam messages learns exactly the right features: `URGENT`, `claim`, `KYC`, `OTP`, `verify`, n-gram combinations that appear almost exclusively in scam messages. Simpler model, better data, better result.
---
## Feedback Loop
Every prediction shows a **Was this correct? Yes / No** prompt. Responses are stored in SQLite with timestamp, prediction, and confidence. This builds a labelled dataset of real-world predictions for future active learning retraining β€” the gap between model agreement rate and 100% identifies the hardest edge cases.
---
## File Structure
```
scam-detector/
β”œβ”€β”€ app.py # Gradio UI + feedback DB
β”œβ”€β”€ ml_utils.py # Text classifier + URL ensemble + rule layer
β”œβ”€β”€ spam_model.pkl # Trained text model (auto-generated on first run)
β”œβ”€β”€ url_ensemble.pkl # Trained URL ensemble (auto-generated on first run)
β”œβ”€β”€ scam_messages_complete_500.csv # India-specific scam dataset
β”œβ”€β”€ spam.csv # SMS Spam Collection (base training data)
β”œβ”€β”€ scam_urls_training_250.csv # Labelled URL dataset for ensemble training
β”œβ”€β”€ evaluate.py # Evaluation script
β”œβ”€β”€ requirements.txt
└── README.md
```
If `spam_model.pkl` or `url_ensemble.pkl` are absent, both models retrain automatically on startup using the CSV files above.
---
## Evaluation
```bash
python evaluate.py
```
Reproduces the 98.5% accuracy result on a 200-message stratified test split.
---
## Tech Stack
- **UI:** Gradio 6.9
- **ML:** scikit-learn, XGBoost
- **Text features:** TF-IDF (sklearn)
- **URL features:** engineered + char n-gram TF-IDF + word TF-IDF
- **Storage:** SQLite (feedback)
- **Deployment:** Hugging Face Spaces
---
## Contact
**Sanjam Das** β€” [sanjamdas2@gmail.com](mailto:sanjamdas2@gmail.com) Β· [LinkedIn](https://www.linkedin.com/in/sanjamdas/) Β· [GitHub](https://github.com/SD1920)