EduShield AI is a hardened, appliance-grade forensic engine engineered to bridge the gap between high-level Neural Linguistic Inference and low-level Hardware Acceleration. Architected for the AMD Ryzen™ ecosystem, it transforms raw threat data into verifiable intelligence via a deterministic, multi-layer inspection pipeline.
Note: First load may take 30–50 seconds due to free cloud cold start.
| Vector | Forensic Execution |
|---|---|
| Linguistic Intelligence | High-dimensional vector space mapping via TF-IDF NLP Pipelines. |
| Structural Forensics | Recursive MIME-tree dissection for deep-artifact anomaly detection. |
| URL Telemetry | Real-time Shannon Entropy analysis and suspicious TLD mapping. |
| Hybrid Fusion | A weighted matrix synthesizing AI probability with deterministic rules. |
| Explainable Output | Human-readable Neural Reasoning Logs for forensic auditing. |
- Deterministic Scoring: Eliminates "Black-Box" uncertainty with verifiable, logic-based results.
- Auditable Architecture: Engineered for security-grade behavior and full process transparency.
- Modular Appliance Design: Built as a standalone security unit for seamless forensic integration.
- XDNA™ Powered Neural Offloading: EduShield AI is architected to exploit XDNA™ NPU tiles, offloading high-dimensional forensic math to a dedicated silicon engine for zero-latency analysis.
- AVX-512 VNNI Vectorization: The pipeline utilizes Zen 4 CPU vector instructions for high-speed structural heuristics, maintaining throughput without bottlenecking system resources.
- Silicon-Native Determinism: By leveraging the Ryzen™ AI software stack, the engine ensures consistent, hardware-optimized performance for reliable real-time results.
Figure 1: Silicon-Native Acceleration path utilizing AMD XDNA™ and Zen 4 architectures.
- Fused Risk Engine Orchestration: A multi-layered logic flow integrating Python-based forensic wrapping with a hybrid heuristic-neural orchestrator.
- INT8/BF16 Quantized Inference: Models are optimized via ONNX Runtime and Vitis™ AI EP to achieve maximum efficiency on local edge hardware.
- Explainable AI (XAI) Transparency: The XAI Path provides a visual trace of neural reasoning, delivering human-readable insights directly to the Forensic HUD.
Figure 2: 12-stage end-to-end forensic pipeline from raw ingestion to explainable output.
| Stage | Process | Key Operations |
|---|---|---|
| 01 | RAW EMAIL INPUT | Ingestion of raw text or .eml forensic streams. |
| 02 | MIME STRUCTURAL PARSER | Multipart traversal, Encoding normalization, and Payload isolation. |
| 03 | TF-IDF VECTORIZATION | High-dimensional linguistic feature mapping (NPU Optimized). |
| 04 | LOGISTIC REGRESSION | Hardware-accelerated NPU classification using XDNA synergy. |
| 05 | URL TELEMETRY ENGINE | Entropy scoring, TLD detection, and Redirect pattern analysis. |
| 06 | HYBRID FUSION MATRIX | Synthesis of neural probability and deterministic heuristic rules. |
| 07 | EXPLAINABLE OUTPUT | Generation of final risk score and transparent forensic logs (XAI). |
EduShield eliminates "Black-Box" uncertainty by synthesizing neural probability with deterministic forensic evidence. The result is a verifiable, multi-vector risk score optimized for the AMD Ryzen™ NPU.
70% NEURAL INTELLIGENCE • 30% DETERMINISTIC HEURISTICS
| Range | Threat Level | Response Protocol |
|---|---|---|
| 0.00 – 0.39 | 🟢 SAFE | Verified Clean Stream |
| 0.40 – 0.69 | 🟡 SUSPICIOUS | Quarantine & Manual Audit |
| 0.70 – 1.00 | 🔴 HIGH RISK | Immediate Forensic Intercept |
The engine generates structured JSON telemetry for seamless SIEM integration, providing full transparency into the Explainable AI (XAI) trigger flags.
{
"summary": {
"risk_score": 0.88, // 🔴 HIGH_RISK_DETECTED
"label": "MALICIOUS", // 🔴 THREAT_CONFIRMED
"confidence": 0.94, // 🔵 NEURAL_ACCURACY
"category": "PHISHING", // 🔴 ATTACK_VECTOR
"reasons": [
"high_entropy_domain",
"ip_based_url",
"urgent_language_pattern"
],
"explanations": "Multiple phishing indicators detected across ML and heuristic layers.",
"email_preview": "Dear User, Your account is locked. Click here: [http://192.168.1.1/login](http://192.168.1.1/login)..."
},
"advanced": {
"ml_probability": 0.94, // 🟢 PROCESSED_BY_NPU
"url_features": {
"entropy": 4.52,
"has_ip": true,
"suspicious_tld": true
},
"engine_logs": [
"🔥 NEURAL DECODER ACTIVE 🔥",
"ML Probability: 0.942319",
"Risk Result: HIGH",
"Body Length: 142 chars"
]
}
}
EduShield AI operates across three specialized forensic layers, engineered for high-fidelity threat isolation and optimized for **Ryzen™ AI** local execution.
Neural Vector Space - Semantic Inference :
- Architecture | High-dimensional
TF-IDFmapping &N-Gramfeature modeling. - Inference | Logistic Regression optimized for Ryzen™ NPU execution.
- Validation | 98.4% Accuracy on balanced forensic datasets.
Structural Forensic - Recursive Dissection :
- Protocol | Automated traversal of complex
.emlmultipart structures. - Decoding | Normalization of
Base64andQuoted-Printableobfuscation. - Isolation | Recursive payload sanitation with zero-persistence integrity.
Network Entropy - Path Analysis :
- Analytics | Shannon Entropy calculation to detect DGA-generated domains.
- Detection | Identification of
IPv4/IPv6direct-links and TLD anomaly mapping. - Heuristics | Logic-based tracking of obfuscated redirect chains.
The EduShield HUD provides a high-fidelity visualization of the hybrid fusion engine's telemetry, designed for real-time monitoring and threat intervention.
FIGURE 1.1: System Idle State - Ryzen™ Optimized listener waiting for forensic data stream.
FIGURE 1.2: Data Ingestion - Secure local traversal of .eml forensic artifacts.
FIGURE 2.1: Core Analysis - Real-time NPU latency tracking (629ms) and cross-vector inference completion.
FIGURE 2.2: Deep Scan View - Semantic highlighting of urgent language patterns and social engineering triggers.
FIGURE 3.1: Neural Vector Space - Shannon Entropy mapping and suspicious TLD telemetry.
FIGURE 3.2: Hardware Telemetry - AVX-512 VNNI instruction set utilization and NPU thermal monitoring.
FIGURE 3.3: Signal Processing - Real-time NPU core geometry and stream synchronization status.
The EduShield architecture is a modular security stack designed for high-concurrency forensic inspection and hardware-accelerated neural inference.
# 🧱 SYSTEM TOPOLOGY
EduShield_AI/
├── app/ # Appliance Runtime
│ ├── api/
│ │ └── routes.py # Ingestion Logic
│ ├── database/
│ │ ├── db.py # Engine Core
│ │ ├── edushield.db # Forensic Store
│ │ └── schemas.py # Data Models
│ ├── models/
│ │ ├── feature_engineering.py
│ │ └── ml_model.py # NPU Inference
│ ├── services/
│ │ ├── email_parser.py # MIME Dissector
│ │ ├── explanation_engine.py
│ │ ├── privacy_service.py # Content Masking
│ │ └── risk_engine.py # Hybrid Matrix
│ ├── static/ & templates/ # Dashboard HUD
│ ├── config.py
│ └── main.py # Entry Point
├── model/ # Training Pipeline
│ ├── edushield_spam_model.pkl
│ ├── phishing_model.pkl
│ ├── predict.py
│ └── train_model.py
├── assets/ # UI/UX Resources
├── data/ # Forensic Datasets
├── architecture_diagram.png # System Blueprint
└── requirements.txt # System Deps
✔ Deterministic scoring
✔ Explainable AI output
✔ Weighted risk fusion
✔ SHA-256 telemetry hashing
✔ Modular service isolation
✔ API-first architecture
✔ Asynchronous request handling
# 🚀 DEPLOYMENT :
git clone https://github.com/yourusername/EduShield_AI.git
cd EduShield_AI
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:app --reload
Access :
http://127.0.0.1:8000
# 🛡 SYSTEM STATE :
[✔] Linguistic Vector Intelligence
[✔] Structural Email Forensics
[✔] URL Heuristic Mapping
[✔] Hybrid Fusion Matrix
[✔] Explainable Threat Output
[✔] Appliance-Grade API Runtime
- Improved privacy-first offline detection design
- Improved hybrid ML + rule-based threat scoring logic
- Enhanced phishing pattern detection for academic attack scenarios
- Added explainable AI reasoning outputs for better transparency
- Optimized offline inference pipeline for faster local processing
- Improved frontend result visualization and risk indicators
- Added additional security documentation and demo guides
.svg)