🛡️ Cybershield — Job Offer Verification Platform

Full-Stack: React + Node.js + AI (TF-IDF + Naive Bayes)

AI-powered job scam detection. Analyze any job offer and get an instant risk score.

---

📁 Project Structure

cybershield/                  ← Frontend (React + Vite + Tailwind)
cybershield-backend/          ← Backend (Node.js + Express + AI)

---

🚀 Quick Setup (Run Both Together)

Step 1 — Backend Setup

cd cybershield-backend

# Install dependencies
npm install

# Train the AI model (required first time!)
node ml/train.js

# Start the backend server
npm start
# OR for auto-reload during development:
npm run dev

Backend runs at: http://localhost:5000

---

Step 2 — Frontend Setup

Open a new terminal:

cd cybershield

# Install dependencies
npm install

# Start the frontend dev server
npm run dev

Frontend runs at: http://localhost:5173

---

🤖 AI Model Details

Architecture: Hybrid (Rules + ML)

Input Text
    │
    ├─── Rule Engine (17 weighted pattern rules)
    │         ↓
    │    Rule Score (0–100)
    │
    ├─── TF-IDF Preprocessing
    │         ↓
    │    Naive Bayes Classifier
    │         ↓
    │    ML Probability (0–1)
    │
    └─── Hybrid Score = 60% Rules + 40% ML
              ↓
         Final Risk Score (0–100)

Training Data

• 100 labeled samples (50 scam + 50 legitimate)
• Covers: payment scams, WFH scams, internship scams, overseas job scams
• Legit samples: structured hiring, interview invitations, offer letters

Scam Signal Rules (17 total)

Signal	Score Impact
Payment/fee request	+30
Specific fee type (registration, joining)	+30
Untraceable payment method (Western Union, Bitcoin)	+25
Sensitive data request (passport, bank)	+25
Free email domain (Gmail, Yahoo, Hotmail)	+20
Unrealistic income promise	+20
No interview required	+20
False refund promise	+20
Urgency/pressure tactics	+15
Guaranteed job promise	+15
Secrecy demand	+15
MLM/passive income language	+15
Overseas unverified offer	+10
Work-from-home (unverified)	+10
No experience required	+10
Unsolicited selection	+10

Legit Signal Reductions

Signal	Score Reduction
Interview mentioned	-15
Employment benefits/PF	-15
Offer letter / CTC terms	-10
Background verification	-10
Professional platform mention	-10
Polite/professional language	-5

Score Interpretation

Score	Status	Action
0–29	✅ Safe	Verify company independently
30–69	⚠️ Suspicious	Research thoroughly
70–100	🚨 Scam	Do NOT respond or pay

---

🌐 API Endpoints

Base URL: http://localhost:5000/api

Method	Endpoint	Description
GET	/health	Server health check
GET	/ai/info	AI model information
POST	/analyze	Main: Analyze job offer text/URL
GET	/analyze/history	Recent scan history
GET	/analyze/stats	Aggregate stats
POST	/auth/register	Create user account
POST	/auth/login	Login user
GET	/auth/me	Get current user (requires token)
POST	/auth/logout	Logout
POST	/report/generate	Generate full report
GET	/report/:id	Get report by ID

Example: Analyze a Job Offer

curl -X POST http://localhost:5000/api/analyze \
  -H "Content-Type: application/json" \
  -d '{"text": "Send 200 registration fee via western union. No interview needed. Hired immediately from gmail account."}'

Response:

{
  "success": true,
  "data": {
    "scanId": "uuid-here",
    "finalScore": 82,
    "status": "Scam",
    "statusColor": "red",
    "riskLevel": "high",
    "recommendation": "HIGH SCAM RISK. Do not respond or pay any fees.",
    "detectedIssues": [
      {
        "category": "Payment Request",
        "severity": "critical",
        "description": "Asks you to pay or send money — a hallmark scam tactic.",
        "matchedText": "send 200 registration fee"
      }
    ],
    "flaggedWords": ["western union", "registration fee", "no interview"],
    "scoreBreakdown": {
      "ruleBasedScore": 85,
      "mlScore": 78,
      "hybridScore": 82,
      "nbProbability": 78
    },
    "aiConfidencePercent": 91,
    "modelVersion": "2.0-hybrid"
  }
}

---

📄 Frontend Pages

Route	Page	Backend Integration
/	Home	Static
/analyze	AI Analyzer	POST /api/analyze
/report	Full Report	localStorage + /api/report
/learn	Learn Center	Static
/examples	Examples	Static + pre-built test
/about	About	Static
/contact	Contact	Static
/login	Login	POST /api/auth/login
/signup	Sign Up	POST /api/auth/register
/dashboard	Dashboard	GET /api/analyze/history + /stats

---

🔧 Configuration

Frontend .env

VITE_API_URL=http://localhost:5000/api

Backend .env

PORT=5000
NODE_ENV=development
JWT_SECRET=your_secret_here
JWT_EXPIRES_IN=7d
FRONTEND_URL=http://localhost:5173
RATE_LIMIT_MAX=100

---

🔒 Security Features

• Helmet.js — HTTP security headers
• CORS — Restricted to frontend origin
• Rate Limiting — 100 req/15min globally, 20 req/min on analyze
• JWT Authentication — Stateless token auth for protected routes
• bcryptjs — Password hashing (12 rounds)
• Input validation — Length limits, email validation, sanitization

---

🛠️ Tech Stack

Frontend:

• React 18 + Vite
• Tailwind CSS
• Framer Motion
• React Router v6
• Axios
• Recharts
• Lucide React

Backend:

• Node.js + Express.js
• natural.js (Naive Bayes + TF-IDF)
• bcryptjs + JWT
• Helmet + CORS + Rate Limiter
• node-cache
• Morgan (logging)

---

📝 Notes

• The backend uses in-memory storage (no database). Data resets on server restart.
• For production, replace in-memory stores with MongoDB or PostgreSQL.
• AI model is saved to ml/model.json after training — no need to retrain on every restart.
• Frontend gracefully falls back to the local rule engine if the backend is offline.

---

Made with ❤️ to fight job scams.