Vinay Khosya

Deep Technical Dive

GuardEye — Offline AI Malware Scanner

AI-powered offline malware detection system for Android devices developed during internship with Haryana Police Cybersecurity Department.

PythonPyTorchADBOCRESP32
View Demo GitHub

Problem

Detecting Android malware is difficult because threats hide inside obfuscated files, embedded resources, documents, and disguised binaries that are usually missed by superficial app-only scans.

Project Context

  • Developed during internship with Haryana Police Cybersecurity Summer Internship Program (GPCSSI 2025).
  • The recurring field challenge was malware detection on user devices where suspicious files were hidden or users lacked technical visibility.
  • GuardEye was designed to support practical law-enforcement and forensic workflows with local processing.

Why It Was Hard

  • Hidden and obfuscated malware files are often outside visible app surfaces.
  • Signature-based engines miss modified and zero-day style variants.
  • Cloud scanning introduces privacy and data exposure risk for sensitive devices.
  • Users and non-specialists cannot manually inspect deep storage safely.

Solution

Built a multi-stage, offline-first malware analysis pipeline that performs deep device extraction via ADB, file-type aware analysis, specialized AI model scoring, and unified risk reporting without cloud upload.

System Architecture

Diagram space is ready — replace with visuals later if needed.

GuardEye — Offline AI Malware Scanner architecture placeholder
  1. Android device connected over USB to workstation
  2. ADB-driven full device file extraction (including hidden paths)
  3. Local file repository + file type categorization
  4. Specialized model routing (APK / image / PDF-document / binaries)
  5. Risk scoring engine + confidence fusion
  6. Final device security report with clean/suspicious/malicious labels

Implementation

  • Implemented ADB extraction workflow to retrieve installed APKs, hidden app data, system directories, documents, and media.
  • Built file categorization module to route each file class to appropriate analysis pipeline.
  • Integrated AI models for APK structure/metadata analysis, suspicious document-PDF inspection, and image anomaly checks.
  • Developed risk-scoring aggregation layer to combine multi-model probabilities into final threat categories.
  • Generated structured reports to help investigators prioritize suspicious artifacts quickly.

Results

  • Demonstrated reliable end-to-end offline malware detection during internship workflow.
  • Enabled full-device scanning instead of only installed app-level checks.
  • Detected suspicious artifacts in hidden and non-obvious directories.
  • Improved practical malware identification beyond pure signature matching approaches.
  • Delivered structured risk reports for field inspection and forensic use-cases.

Lessons Learned

  • Multi-model analysis by file type gives better coverage than one generic scanner.
  • Device-level extraction provides deeper visibility than app-level antivirus scans.
  • Offline-first architecture is essential where privacy and secure environments matter.
  • Operational security tools require robust preprocessing and risk aggregation, not just model accuracy.

Privacy & Security Design

  • No user file upload to cloud services; all processing stays local.
  • Analysis pipeline runs in offline mode for restricted and secure environments.
  • Local reporting keeps investigators in control of evidence handling.
  • Reduced leakage risk compared to remote scanning architectures.

Future Improvements

  • Add behavioral monitoring of running applications.
  • Expand model coverage for more file and archive formats.
  • Integrate dashboard-based automated threat reporting.
  • Improve model robustness with larger and newer malware corpora.

Internship Certificate / Reference

GuardEye — Offline AI Malware Scanner internship certificate
← Back to all projects