| Metric | Value |
|---|---|
| Detection Accuracy | 91% |
| Memory Footprint | 45MB |
| Validation Layer | Response Time |
|---|---|
| Static Lists (Allow/Block) | < 50ms |
| Federated Blocklist | < 200ms |
| AI Analysis (Full Pipeline) | 2-4 seconds |
| Metric | Value |
|---|---|
| Threat Propagation | < 5 seconds |
| Network Synchronization | Real-time |
ECHOLOCK is a cybersecurity application designed to combat the growing sophistication of phishing attacks. Unlike traditional, isolated scanners, ECHOLOCK operates as a collective defense network. It solves the problem of reactive threat intelligence by implementing a federated architecture.
Traditional phishing detection systems operate in isolation. When one organization discovers a new threat, that knowledge doesn't immediately benefit others. This creates a window of vulnerability where attackers can reuse the same techniques across multiple targets.
When one node in the ECHOLOCK network detects a new, high-confidence threat, that threat's fingerprint (IOC) is instantly published to a central federation server powered by Redis. All other nodes subscribed to the network receive this update in milliseconds, granting them immediate immunity to a threat they have never even seen.
This is achieved through a hybrid validation system that combines multiple layers of defense for maximum speed and accuracy.
Built for the Cyber AI Hackathon 2025
| Feature | Traditional Scanners | ECHOLOCK |
|---|---|---|
| Threat Sharing | Isolated | Network-Wide |
| Detection Speed | Reactive | Proactive |
| Zero-Day Response | Hours/Days | Seconds |
| Scalability | Single-Node | Distributed |
| Intelligence | Static Lists Only | AI + Federation |
Clean, intuitive interface for URL submission and analysis |
Real-time verdict with confidence scoring |
Click to expand/collapse
ECHOLOCK employs a sophisticated fast-to-slow validation pipeline:
① Static Allowlist → Instant approval for trusted domains
② Static Blocklist → Instant block for known malicious domains
③ Federated Blocklist → Check network-shared threat intelligence
④ AI Analysis (LinearSVC) → Machine learning classification for unknown URLs
Each layer acts as a checkpoint, ensuring maximum speed for known URLs while maintaining accuracy for unknown threats.
Each layer acts as a checkpoint, ensuring maximum speed for known URLs while maintaining accuracy for unknown threats.
Built on Redis Pub/Sub for real-time threat intelligence sharing:
┌─────────────────────────────────────────────────────────┐
│ FEDERATION WORKFLOW │
└─────────────────────────────────────────────────────────┘
Step 1: Node A Detects Phishing URL
│
▼
┌─────────┐
│ Node A │───── Publishes Threat Hash ────>┌────────┐
│(Detects)│ │ Redis │
└─────────┘ │ Broker │
└────────┘
│
│
Step 2: Redis Broadcasts │
to All Nodes │
│
┌────────────────────────────────────────────┤
│ │
▼ ▼
┌─────────┐ ┌─────────┐
│ Node B │ │ Node C │
│(Receives│ │(Receives│
│ Update) │ │ Update) │
└─────────┘ └─────────┘
│ │
└──> Updates Local Blocklist <───────────────┘
Result: All nodes now immune to this threat
- Threat Propagation: < 5 seconds
- Network-Wide Protection: Simultaneous
- Zero-Day Response: Real-time
- Frontend — TypeScript/React interface
- Backend API — Flask orchestration layer
- Federation Worker — Python subscriber
- Redis Cloud — Pub/Sub broker + Database
┌─────────────────────────────────────────────────────────────────────────────┐
│ ECHOLOCK ECOSYSTEM │
└─────────────────────────────────────────────────────────────────────────────┘
┌──────────────┐
│ USER │
│ BROWSER │
└───────┬──────┘
│
HTTPS Request
│
▼
╔═══════════════════════════════════════════════════╗
║ FRONTEND (React/TypeScript) ║
║ • User Interface ║
║ • Real-time Visualization ║
║ • Confidence Scoring Display ║
╚═══════════════════════════════════════════════════╝
│
POST /api/check
│
▼
╔═══════════════════════════════════════════════════╗
║ BACKEND API (Flask/Python) ║
║ ║
║ ┌─────────────┐ ┌─────────────┐ ║
║ │ Allowlist │→ │ Blocklist │ ║
║ │ Check │ │ Check │ ║
║ └─────────────┘ └─────────────┘ ║
║ │ ║
║ ▼ ║
║ ┌─────────────┐ ║
║ │ Federated │ ║
║ │ Blocklist │ ║
║ └─────────────┘ ║
║ │ ║
║ ▼ ║
║ ┌─────────────┐ ║
║ │ AI Analysis │ ║
║ │ (LinearSVC)│ ║
║ └─────────────┘ ║
║ │ ║
║ If Phishing ║
║ │ ║
╚══════════════════════════ ════════════════════════╝
│
Publish Hash
│
▼
╔═══════════════════════════════════════════════════╗
║ REDIS CLOUD (Pub/Sub + Database) ║
║ • Message Broker ║
║ • Persistent Storage ║
║ • Federation Channel ║
╚═══════════════════════════════════════════════════╝
│
Subscribe
│
▼
╔═══════════════════════════════════════════════════╗
║ FEDERATION WORKER (Python Daemon) ║
║ • Listens to Redis Channel ║
║ • Updates Federated Blocklist ║
║ • Ensures All Nodes Stay Synchronized ║
╚═══════════════════════════════════════════════════╝
| Component | Primary Role | Technology |
|---|---|---|
| Frontend | User interface and result visualization | TypeScript, React, Vite |
| Backend API | Orchestrates validation logic, publishes threats | Python, Flask |
| Federation Worker | Subscribes to threats, updates blocklist | Python, Redis Client |
| Redis Cloud | Message broker and persistent storage | Redis Pub/Sub |
| ML Model | Classifies unknown URLs | Scikit-learn (LinearSVC) |
ECHOLOCK/
│
├── BACKEND_ECHOLOCK/
│ ├── app.py # Flask API (Publisher)
│ ├── federation.py # Threat publishing logic
│ ├── federation_worker.py # Redis subscriber daemon
│ ├── utils.py # Model loading & prediction
│ ├── ECHOLOCK.pkl # Pre-trained LinearSVC model
│ ├── requirements.txt # Python dependencies
│ ├── Procfile # Railway deployment config
│ └── .env # Environment variables
│
├── FRONTEND/
│ ├── src/
│ │ ├── components/ # React components
│ │ ├── pages/ # Application pages
│ │ ├── utils/ # Helper functions
│ │ └── App.tsx # Main application
│ ├── public/
│ ├── package.json # Node dependencies
│ ├── vite.config.ts # Vite configuration
│ └── .env # Environment variables
│
├── MODEL/NOTEBOOK/
│ └── ECHOLOCK.ipynb # RandomForest experimentation
│
├── examples/
│ ├── normal_verdict.png
│ └── phishing_verdict.png
│
├── .gitignore
├── LICENSE
└── README.md
|
Python |
Node.js |
Redis |
git clone https://github.com/ojayballer/ECHOLOCK.git
cd ECHOLOCKcd BACKEND_ECHOLOCK
pip install -r requirements.txtCreate .env file:
REDIS_HOST=your-redis-host.com
REDIS_PORT=12345
REDIS_PASS=your-password
REDIS_CHANNEL=echolock_federationcd ../FRONTEND
npm installCreate .env file:
VITE_API_URL=http://127.0.0.1:5000|
Terminal 1 cd BACKEND_ECHOLOCK
python app.pyStatus: |
Terminal 2 cd BACKEND_ECHOLOCK
python federation_worker.pyStatus: |
Terminal 3 cd FRONTEND
npm run devStatus: |
Navigate to http://localhost:5173 to use ECHOLOCK
Analyzes a submitted URL and returns a comprehensive verdict.
|
Request Example POST /api/check
Content-Type: application/json
{
"url": "https://example.com"
} |
Response Example HTTP/1.1 200 OK
Content-Type: application/json
{
"url": "https://example.com",
"verdict": "normal",
"confidence": 98.5
} |
| Field | Type | Description | Possible Values |
|---|---|---|---|
url |
string |
The analyzed URL | Any valid URL |
verdict |
string |
Classification result | normal, phishing |
confidence |
float |
Model certainty score | 0.0 - 100.0 |
Note: A confidence score of
100.0typically indicates the URL was caught by a static list rather than ML analysis.
The MODEL/NOTEBOOK/ECHOLOCK.ipynb notebook documents part of my experimentation process, specifically my work with a RandomForest classifier that achieved 92% accuracy on the validation set.
However, my model selection process extended beyond what is shown in the notebook. I experimented with multiple algorithms including LinearSVC, Logistic Regression, Gradient Boosting, and even explored LSTM networks with character-level tokenization for sequence-based feature learning through separate training scripts.
After extensive benchmarking, I chose LinearSVC for production deployment because it provides the optimal balance of high inference speed and strong predictive accuracy, which is critical for a low-latency, real-time API.
While RandomForest demonstrated slightly higher accuracy and LSTMs showed promise in capturing sequential patterns, they came with significant trade-offs. The LSTM approach suffered from overfitting issues despite regularization attempts, and RandomForest's inference time was too slow for real-time requirements. LinearSVC's efficient linear decision boundary computation allows ECHOLOCK to handle high request volumes without sacrificing detection performance, making it the clear choice for a production environment.
I chose to include only the RandomForest experimentation notebook in the repository to keep the project structure clean and focused. It effectively illustrates my approach to feature engineering and baseline model development. The additional experimentation notebooks, including LSTM implementations and hyperparameter tuning scripts, were development artifacts that I opted not to include in the final repository.
|
|
|
|
Contributions are what make the open-source community an amazing place to learn and create.
# 1. Fork the Project
# Click the 'Fork' button at the top right of this page
# 2. Clone your fork
git clone https://github.com/YOUR_USERNAME/ECHOLOCK.git
# 3. Create a feature branch
git checkout -b feature/AmazingFeature
# 4. Make your changes and commit
git commit -m 'Add some AmazingFeature'
# 5. Push to your branch
git push origin feature/AmazingFeature
# 6. Open a Pull Request
# Go to the original repo and click 'New Pull Request'- Write clear, descriptive commit messages
- Follow the existing code style
- Add tests for new features
- Update documentation as needed
- Be respectful and constructive in discussions
Distributed under the MIT License. See LICENSE file for more information.
Gmail: omojiremurewa@gmail.com
If you find ECHOLOCK useful, please consider giving it a star on GitHub!
Built with passion for the Cyber AI Hackathon 2025