Khipu
Modern web platform that analyzes real-time threats using machine learning and conversational AI, with multiple detection models and a natural language interface.
Khipu is an advanced cybersecurity analysis platform that combines machine learning with conversational AI to detect and analyze security threats in real-time. Developed as a hackathon project by students from Universidad Nacional de Colombia Sede Manizales, the platform democratizes access to professional-grade security analysis tools.
Core Capabilities
The system integrates four specialized machine learning models for comprehensive threat detection:
- Spam Classifier - Email content analysis using TF-IDF vectorization
- Phishing URL Detector - Malicious URL identification with logistic regression
- Suspicious Access Detector - Network access pattern analysis using Gradient Boosting
- Network Logs Analyzer - Traffic anomaly detection with Decision Tree algorithms
Technical Architecture
Frontend Layer
Built with Next.js 15, TypeScript, and Tailwind CSS, featuring:
- Dashboard - Real-time security event monitoring and alert visualization
- Conversational Interface - Natural language threat analysis powered by OpenAI GPT models
- Component Library - Specialized UI components for ML detection results
Backend Services
FastAPI-based microservices architecture exposing REST endpoints:
/api/v1/spam/classify- Email spam classification/api/v1/phishing/check-url- URL phishing detection/api/v1/suspicious/check-access- Network access analysis/api/v1/suspicious-logs/check-log- Network traffic anomaly detection
Data Layer
- Database: PostgreSQL with Drizzle ORM for type-safe queries
- ML Models: Pre-trained scikit-learn models stored as
.pklfiles - Feature Engineering: TF-IDF vectorization, OneHotEncoder, StandardScaler
Key Features
Real-Time Threat Detection
Processes security events through a standardized pipeline:
- Event ingestion via REST API
- ML model analysis with confidence scoring
- Threat classification and severity assessment
- Results storage in PostgreSQL database
Conversational Security Analysis
Natural language interface where users can:
- Analyze emails, URLs, and network logs using plain English
- Receive structured threat assessments with confidence scores
- Get actionable security recommendations
- Access historical analysis and trend data
Comprehensive Testing Infrastructure
Robust testing suite with 13 predefined scenarios covering:
- Normal corporate access patterns
- Brute force attacks and data exfiltration attempts
- SYN floods, port scans, and UDP flood attacks
- Various network traffic anomalies
Technology Stack
- Frontend: Next.js 15, React, TypeScript, Tailwind CSS, Vercel AI SDK
- Backend: FastAPI, LangChain, OpenAI GPT, Scikit-learn, Pydantic
- Database: PostgreSQL with Drizzle ORM
- ML Models: TF-IDF, Logistic Regression, Gradient Boosting, Decision Trees
- Deployment: Vercel, Render
Impact & Innovation
Khipu represents a significant advancement in democratizing cybersecurity tools by:
- Combining multiple ML detection models into a unified platform
- Providing conversational AI interface for non-technical users
- Offering real-time threat analysis with confidence scoring
- Implementing comprehensive testing with realistic attack scenarios
- Deploying a production-ready system with modern web technologies
The platform successfully bridges the gap between complex security analysis and user-friendly interfaces, making professional-grade threat detection accessible to organizations of all sizes.
Notes
This summary is based on the project's technical documentation and codebase. The platform demonstrates full-stack development capabilities including ML model integration, API design, database architecture, and modern frontend development. All cited information comes directly from the project's source code and documentation files.
Wiki pages you might want to explore: