Cybersecurity Final Year Project Ideas

An NLP-based email classifier that scans incoming emails for phishing indicators — suspicious URLs, spoofed sender addresses, urgency-based language patterns, and malicious attachment types. Achieves high precision to minimise false positives for legitimate email.

A network traffic analyser that classifies packets as normal or attack traffic (DoS, DDoS, port scan, brute force) using a machine learning classifier trained on the CICIDS2018 dataset. Includes real-time alert generation and a SIEM-style dashboard.

An automated web security scanner that probes target URLs for OWASP Top 10 vulnerabilities including SQL injection, XSS, CSRF, insecure headers, and open redirects. Generates a professional pentest-style vulnerability report with severity ratings and remediation guidance.

A real-time URL reputation checker that extracts lexical, host-based, and content-based features from URLs and classifies them as benign, phishing, malware, or defacement using an ensemble ML model. Includes a browser extension prototype.

A personal cloud storage platform implementing AES-256 encryption for all uploaded files, with SHA-256 integrity verification, role-based access control, and a full audit trail. Files are encrypted client-side before upload — ensuring zero-knowledge storage.

Deploys a simulated vulnerable server (honeypot) that logs and analyses attacker behaviour — recording connection attempts, login brute-force patterns, exploit payloads, and geographic origin. A SIEM-style dashboard visualises attack patterns and generates threat intelligence reports.

A Chrome/Firefox browser extension that rates website safety in real time — checking SSL certificate validity, domain age, Google Safe Browsing status, and known phishing indicators. Displays a safety badge and blocks navigation to high-risk sites.

A network forensics tool that captures live packets on a selected interface, dissects protocol layers (Ethernet, IP, TCP/UDP, HTTP/DNS), reconstructs sessions, and flags suspicious patterns like port scans, ARP spoofing, and cleartext password transmission.

A sandboxed, safe educational simulator that demonstrates ransomware behaviour patterns — file system scanning, extension filtering, symmetric encryption, ransom note generation, and C2 communication simulation — on designated test files only, with full rollback. No malicious payload.

A multi-factor authentication system combining facial recognition and fingerprint verification. The system registers users biometrically, then validates identity at login using a CNN-based face matcher and fingerprint feature comparison — eliminating password-based vulnerabilities.

A real-time messaging application where all messages are encrypted end-to-end using the Signal Protocol (X3DH key exchange + Double Ratchet algorithm). The server never stores plaintext — even a compromised server cannot read messages. Includes forward secrecy.

A personal password manager where all credentials are stored in an AES-256-GCM encrypted vault, protected by a master password using PBKDF2/Argon2 key derivation. Includes a password strength analyser, breach checker (HaveIBeenPwned API), and secure password generator.

A lightweight Security Information and Event Management (SIEM) system that ingests logs from multiple sources (web server, firewall, SSH), parses and normalises them, applies correlation rules to detect attacks (brute force, privilege escalation, data exfiltration), and sends real-time alerts.

A network scanner that discovers IoT devices on a subnet, fingerprints device type and firmware version, checks for default credentials, open ports, and known CVEs (Common Vulnerabilities and Exposures), and generates a risk assessment report.

A digital forensics workbench that analyses disk images, memory dumps, and file artefacts — extracting metadata, recovering deleted files, identifying steganographic content, generating MD5/SHA256 file hashes, and producing a chain-of-custody evidence report.