SentinelX

Project Proposal

Supervisor
Mr. Faizan Saleem

Submitted by
Athar Ibrahim Khalid (UOC-CS-F2022-008)
Misdaq Hussain Kausari (UOC-CS-F2022-046)
Raja Wardet Wahaj (UOC-CS-F2022-050)

Department of Computer Science & Information Technology

Faculty of Computing & Information Technology

The University of Chakwal

Introduction:
SentinelX is an AI-powered system that goes beyond antivirus tools by intelligently detecting
phishing emails, identifying malicious URLs, steganography, and verifying deepfake content. It
inspects emails, links, and multimedia files using machine learning, provides clear threat
explanations, and offers real-time protection. In this era of advanced cyber risks, SentinelX
delivers a smart, proactive, and easy-to-use security solution for users across multiple devices.

Literature Review / Existing Systems / Applications:

AI-based cybersecurity and threat detection systems have seen remarkable advancement in recent
years, demonstrating the potential of machine learning to recognize, classify, and prevent complex
online threats. However, despite their growth, these systems are often specialized in narrow
domains and fail to deliver comprehensive, real-time protection for everyday users.

1. Phishing Detection Systems:

Google Safe Browsing and PhishTank detect phishing links using static blacklists, but they fail
against new or unseen threats. Our phishing module overcomes this by using AI and NLP to
dynamically analyze email content, headers, and attachments in real time.

2. URL Reputation & Detection Systems:

Tools like URLScan and Zscaler analyze website reputations but lack personalized, on-device
protection. Our URL detection model continuously monitors user-accessed URLs and applies
ML-based risk scoring directly within the mobile app.

3. Steganography Tools:
OpenStego and SteganoGAN enable text hiding in images but provide no authentication or multi-
media support. Our system extends this by adding secure encoding and decoding for images,
videos, and audio with integrated user verification.

4. Deepfake Detection:
Existing tools such as Deepware Scanner detect manipulated videos only, missing image and
audio fakes. Our deepfake module unifies detection across all media types, using pre-trained CNN
and transformer models for higher accuracy and coverage.

Systems / Application Comparison Table

Systems / Application Name Existing Features Proposed Features
Detects malicious URLs and Adds on-device AI-based URL
phishing pages using centralized behavior analysis with real-time
Google Safe Browsing databases. background scanning.
Integrates dynamic NLP-based
A static phishing repository that email content and attachment
PhishTank identifies known phishing sites. analysis via Gmail API.
Adds intelligent ML-driven threat
Scans URLs and files using reasoning and personalized user
VirusTotal multiple antivirus engines. protection dashboards.
Extends to user-level real-time
Provides cloud-based web monitoring with mobile integration
Zscaler Internet Security filtering and threat protection. and device-based scanning.
Performs basic image Expands to multi-modal
steganography with limited steganography (image, video,
OpenStego formats. audio) with encryption and
Page 2 of 8
 authentication.
Replaced with deep-learning-
based embedding and decoding
Detects steganographic content in techniques for secure
StegExpose images using statistical methods. communication.
Introduces unified detection
across image, video, and audio
Detects manipulated (deepfake) using CNN and transformer
Deepware Scanner videos only. models.
Enhanced multi-modal deepfake
Identifies AI-generated video analysis with explainable AI
Microsoft Video Authenticator frames for deepfake detection. outputs and confidence scores.

Problem Statement:
• What problem does your software solve?
Users are increasingly exposed to advanced cyber threats such as phishing emails, malicious
URLs, deepfake media, and hidden data through steganography. Most existing cybersecurity tools
focus on a single protection aspect, forcing users to rely on multiple disconnected solutions that
result in delayed detection and incomplete defense.

• Why are you developing this system?

The objective of SentinelX is to develop an integrated, AI-driven cybersecurity platform that
delivers real-time, multi-layered protection. The system will automatically detect phishing
attempts, evaluate URL safety, verify media authenticity, and provide secure steganography-based
communication within one unified environment.

• Does the same system already exist? If yes, how will a re-implementation aid your
learning?
Although platforms like Google Safe Browsing, PhishTank, and Deepware Scanner address
specific security challenges, none offer a comprehensive and user-focused ecosystem. Re-
implementing and combining these technologies will enhance our understanding of AI-driven
threat analysis, data security mechanisms, and intelligent automation.

• What skills do you expect to learn from this project?

This project will help the team build professional expertise in cybersecurity analysis, artificial
intelligence integration, machine learning model deployment, natural language processing,
multimedia content authentication, secure data communication, and full-stack application
development using Flutter and Python.

Machine Learning Techniques / Algorithms:

To ensure intelligent, real-time detection and protection, SentinelX utilizes a combination of
machine learning and deep learning algorithms across its three core modules. Each model is
trained or fine-tuned using verified datasets and optimized for high accuracy and performance.

Phishing Detection Model:

This model analyzes user emails, including body text, headers, and attachments, to classify them
as legitimate or phishing. It employs Natural Language Processing (NLP) with deep learning
classifiers for text feature extraction and prediction.
Page 3 of 8
 Dataset: [Link]

URL Detection Model:

This model identifies malicious or suspicious web links using lexical, host-based, and network
features. It applies supervised ML algorithms like Random Forest and LightGBM for
classification.
Dataset: [Link]

Deepfake Detection Module (Image, Video, Audio):

The deepfake module detects synthetic or manipulated content across multiple formats using
state-of-the-art pretrained models.

Image Deepfake Detection:

EfficientNet-B0 and ViT (Vision Transformer) for static image forgery detection.
EfficientNet-B0: [Link]
ViT: [Link]

Video Deepfake Detection:

GenConViT (Generalized Convolutional Vision Transformer) for temporal and spatial deepfake
detection.
Model: [Link]

Audio Deepfake Detection:

WavLM (Speech Transformer Model) for identifying AI-generated or cloned voices.
Model: [Link]

Functional Requirements:
The system will provide several essential features to deliver accurate, automated, and real-time
protection against cyber threats. These functions ensure seamless integration of multiple AI
models for phishing, URL, steganography, and deepfake detection within a single platform.

1. Email Phishing Detection:

The system will analyze user emails via Gmail API, detecting suspicious text, links, or
attachments using NLP-based models.

2. URL Threat Analysis:

The application will monitor and evaluate URLs accessed on the device, classifying them as safe
or unsafe using an AI-driven model.

3. Steganography Encoding/Decoding:
Users will be able to securely hide or extract secret messages within images, videos, or audio files
through steganography with RSA Encryption/Decryption.

4. Deepfake Detection:
The system will allow users to upload or capture media files (images, videos, or audio) to verify
their authenticity using pre-trained CNN and transformer models.

5. Dashboard and Reports:

Page 4 of 8
 A user dashboard will display security alerts, threat summaries, and model decisions in an
interactive and easy-to-understand format.

6. Cross-Platform Accessibility:
The system will function on mobile, desktop, and browser extension versions for real-time
protection and scanning.

7. Background Automation:
Phishing and URL modules will run continuously in the background, automatically detecting
threats without manual input.

8. Secure Authentication:
The application will include user authentication to protect personal data and prevent unauthorized
system access.

Non-Functional Requirements
To ensure reliability, scalability, and user trust, the system must meet several non-functional
standards focused on performance, privacy, and usability.

1. User-Friendly Interface:
The system should have an intuitive and responsive UI, allowing both technical and non-technical
users to navigate easily.

2. Accuracy & Reliability:

All AI models must maintain high accuracy in identifying phishing, malicious URLs, hidden data,
and fake media to ensure dependable protection.

3. Performance:
The system should operate efficiently on both mobile and desktop devices, maintaining low
latency even during real-time scanning.

4. Compatibility:
The platform should support integration with Gmail APIs, device-level URL monitoring, and
standard multimedia file formats.

5. Data Privacy & Security:

The system must ensure complete user data confidentiality by using encryption, token-based
access, and secure backend communication.

6. Scalability:
The architecture should support model updates and dataset expansion without disrupting user
experience.

7. Maintainability:
The system codebase and models should be modular, allowing for easy updates, retraining, and
debugging.

8. Availability:

Page 5 of 8
 The service should ensure maximum uptime and reliable background processes for continuous
protection.

Tools and Technologies:

Frontend:
• Flutter: Used to build a dynamic, cross-platform, and responsive interface for mobile,
desktop, and web extensions. Flutter ensures a seamless UI/UX across devices with
real-time threat visualization and dashboards.
• Dart: Provides reactive programming capabilities and smooth integration with the
backend, enabling live updates for background monitoring and alerts.
• Figma (UI Design): Used for designing intuitive, user-friendly, and modern interfaces
before implementation.

Backend:
• Python (Flask / FastAPI): Manages backend logic, user requests, and API handling
between the app and AI models. It serves as the main communication layer for
phishing, URL, steganography, and deepfake modules.
• TensorFlow / PyTorch: Frameworks used to train, fine-tune, and deploy deep
learning models for phishing detection (NLP), deepfake identification, and multimedia
analysis.
• Scikit-learn / LightGBM: Used for classic ML tasks such as URL classification and
pattern-based threat detection.
• Cryptography (RSA): Ensures secure data transmission, encryption, and decryption
for steganography modules and user authentication.
• MongoDB / Firebase Firestore: For storing user profiles, logs, encoded message
metadata, and system events in a secure, cloud-based environment.
• Gmail API: Allows secure access to user emails for phishing detection with OAuth
2.0 token-based authentication.
• Model Deployment: AI models are containerized and deployed as backend
microservices, accessible via API endpoints for scalability and reusability

Machine Learning Models

• Pre-trained Models: Used for detecting deepfakes across images, videos, and audio.
Models such as EfficientNet-B0, ViT (Vision Transformer), GenConViT, and WavLM
are fine-tuned for high accuracy in multi-modal deepfake detection.
• Custom Models: Custom-trained models are developed for phishing email
classification and malicious URL detection using Kaggle datasets. Additionally, RSA
and cryptography-based algorithms are implemented in the steganography module to
ensure secure encoding and decoding of messages.

Page 6 of 8
System Requirements
• Operating System: Windows 10 / 11 for development and testing; Android / Web for
deployment.
• RAM: Minimum 8 GB for smooth training and testing of machine learning models.
• Processor: Intel Core i5 or equivalent (Quad-Core or higher).
• Storage: At least 20 GB free space for datasets, models, and logs.
• GPU: NVIDIA GPU for faster model training and inference.
• Internet: Required for Gmail API authentication and model updates.

Development Tools:
• Google Colab / Jupyter Notebook: Used for model training, experimentation, and
dataset preprocessing.
• Git & GitHub: For version control, code management, and collaborative
development.
• Postman: For testing backend APIs and verifying communication between frontend
and AI services.
• Docker (Optional): Used to containerize backend services and models for consistent
deployment across platforms.

Project Schedule / Work Timeline

The project will be completed over a 10-week period, focusing on modular development,
integration, and optimization. Each phase will involve iterative improvement and team
collaboration.

• Week 1–2: Requirement gathering, architecture design, and research on phishing,

URL, steganography, and deepfake detection techniques.
• Week 3–4: Data collection and preprocessing for email, URL, image, video, and audio
datasets.
• Week 5–6: Training and fine-tuning AI/ML models (phishing, URL, and deepfake
modules); implementing RSA and cryptography for steganography.
• Week 7–8: Flutter frontend development; connecting UI with Python backend via API
integration.
• Week 9–10: Testing system performance, optimizing models for accuracy and speed,
conducting user testing, and preparing for final deployment and documentation.

Page 7 of 8
References:

1. “Phishing Email Dataset – Kaggle.” Available at:

[Link]
2. “Phishing Dataset for Machine Learning – Kaggle.” Available at:
[Link]
learning
3. Malik, Asad; Kuribayashi, Minoru; Abdullahi, Sani M.; Neyaz Khan, Ahmad.
“DeepFake Detection for Human Face Images and Videos: A Survey.” IEEE
Access, Vol. 10, 2022. DOI:10.1109/ACCESS.2022.3151186. Available at:
[Link]
4. Almars, A.; “Deepfakes Detection Techniques Using Deep Learning: A Survey.”
Journal of Computer and Communications, Vol. 9, No. 5, May 2021. Available at:
[Link]
5. “A Survey on Multimedia-enabled Deepfake Detection: State-of-the-Art Tools
and Techniques, Emerging Trends, Current Challenges & Limitations.” 2025.
Available at: [Link]
6. Alvarado, B.; “Phishing-dataset – Hugging Face.” Available at:
[Link]
7. “Phishing Email Detection – Kaggle.” Available at:
[Link]
8. “Human-LLM generated phishing-legitimate emails – Kaggle.” Available at:
[Link]
phishing-legitimate-emails
9. “Malicious URL Dataset – Kaggle.” Available at:
[Link]
[Link], S. “Hiding Images in Plain Sight: Deep Steganography.” NeurIPS, 2017.
Available at: [Link]

Page 8 of 8