Growling-Pi

Identify fraud websites at the earliest possible point, by using a Raspberry Pi as a network gateway, performing Man In the Middle analysis powered by AI. Growl at fraud and scare them away, raaar!

Comment

Inspiration

  • Traditional fraud detection relies on software that runs on the client's device. However, the effectiveness of this approach is undermined by the stable running of the software on numerous different machines, plus the challenges with spreading awareness and getting users to actually install the detection software. - We decide to take a different approach, to move fraud prevention to a centralized location, the network. - This way, the user could easily protect themselves in one click by connecting to our WiFi gateway, removing the obstacle of installing and setting up their own systems.
  • Also, sysadmins can manage gateways from our central control portal, boosting maintainability.

What it does

  • An AI-powered gateway system that monitors visited websites and evaluates whether their content shows signs of financial fraud.
  • Features: Real-time website monitoring, AI-based content analysis, fraud signal detection, structured risk scoring.
  • Users browse normally while the system runs in the background and provides clear warnings when a suspicious website is detected.
  • If detected, the destination IP is blocked and subsequent requests to the same destination are intercepted.
  • The user are shown with a page presenting the reason for blocking. Providing an explainable, multi-dimensional fraud assessment instead of only blacklist-based checking.

How we built it

  • We first set up a Raspberry Pi Zero to act as a relay. We created a Go program, paired with iptables TPROXY to intercept incoming HTTPS traffic.
  • Once we intercepted the return request, we decrypt TLS connections using a custom CA and obtain the domain and HTML which is sent to an LLM to analyze.
  • Based on a detection score, suspicious domains are blocked and will return the "page blocked" page we built to the user.
  • We also built a Go back-end to host a dashboard page to report statistics and manage blocked sites.

Challenges we ran into

  • Testing: It was challenging to find test sites that contained financial fraud, since they are either well-hidden or too obvious.
  • Client side rendered sites: Sites that does not return a populated HTML are hard to examine since the Pi had limited performance, making it hard to render the whole page on it.
  • Ethics issues: Spying on internet traffic is unethical, and we are aware of this problem. This project should only be deployed in cooperate networks, where the company owns everything - including hardware and data.

Accomplishments that we're proud of

  • Setting up the hardware: We spent some time setting up the Pi and a testing phone to route the network correctly. This involved learning a bit about networking and the relevant Go packages to solve the task.
  • Optimizing the prompt to increase the detection accuracy

What we learned

  • Some networking principles
  • Increased knowledge in Golang
  • Prompt engineering
  • Elevated awareness for scams in our search for test data

What's next

  • Use a headless browser to render the page and increase accuracy.
  • Optimize the solution for the cloud, as a distributed cloud system with a centralized controller node that manages all gateway nodes.
Share this project:

Updates