GuardSec: A Multi-Modal Web Platform for Real-Time Digital Fraud Detection, Entity Verification, and Connection Security Analysis in the African Context

Gilda Rech Bansimba; Regis Freguin Babindamana

arxiv: 2605.02502 · v4 · submitted 2026-05-04 · 💻 cs.CR

GuardSec: A Multi-Modal Web Platform for Real-Time Digital Fraud Detection, Entity Verification, and Connection Security Analysis in the African Context

Gilda Rech Bansimba , Regis Freguin Babindamana This is my paper

Pith reviewed 2026-05-14 22:02 UTC · model grok-4.3

classification 💻 cs.CR

keywords digital fraud detectionweb platformreal-time verificationAfrican contextconnection securityentity verificationmulti-modal threatscybersecurity accessibility

0 comments

The pith

GuardSec is a no-registration web platform that lets African users verify URLs, phones, emails and businesses for fraud in seconds while auditing their own connection security.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Online fraud affects ordinary citizens across Africa, but most cybersecurity tools remain out of reach because they target expert analysts and assume stable broadband. GuardSec is introduced as a production web platform that removes those barriers, letting any browser user check the legitimacy of URLs, websites, phone numbers, email addresses and business entities in under five seconds. Its standout feature, Mon Empreinte, runs a real-time audit of the visitor's IP address, geolocation, ISP, device fingerprint and twelve security indicators to reveal personal exposure to tracking or compromise. The platform also includes Gilda, a conversational assistant that gives plain-language answers and personalised recommendations on demand. The overall goal is to turn advanced threat verification into an everyday, context-aware service for users who previously had no practical access to it.

Core claim

GuardSec is a production-deployed web platform for real-time multi-modal threat verification built from the start around the African user. Anyone with a browser can assess the legitimacy of URLs, websites, phone numbers, email addresses, and business entities in under five seconds. No registration. No API key. No prerequisite knowledge of cybersecurity. The platform's most distinctive component is Mon Empreinte, a real-time audit of the user's own connection and digital exposure that analyses the visitor's IP address, geolocation, ISP identity, connection type, device fingerprint, browser configuration, and twelve security indicators covering network integrity, tracking exposure, and anonymi

What carries the argument

Mon Empreinte, the real-time personal connection and digital exposure audit that evaluates IP address, geolocation, ISP, device fingerprint, browser configuration and twelve security indicators to show network integrity, tracking exposure and anonymisation status.

If this is right

Ordinary users without cybersecurity training can run multi-modal checks on URLs, contacts and businesses in seconds.
Personal connection audits via Mon Empreinte let users see their own tracking and exposure risks directly.
An embedded conversational assistant supplies plain-language answers and tailored recommendations on demand.
The single browser interface unifies verification of web content, phone numbers, emails and business entities.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Widespread adoption could lower successful scam rates by giving non-technical users an immediate way to verify suspicious contacts and sites.
The zero-barrier design may serve as a model for security tools in other regions where broadband is unstable or technical literacy is low.
Adding user-reported threat data over time could refine detection for fraud patterns that are specific to African markets.

Load-bearing premise

The platform's verification methods and Mon Empreinte audit accurately detect real threats and exposures in practice.

What would settle it

Independent submission of known fraudulent and legitimate test cases (URLs, phone numbers, emails, businesses) to the live platform followed by comparison of its outputs against ground-truth verification from separate sources.

Figures

Figures reproduced from arXiv: 2605.02502 by Gilda Rech Bansimba, Regis Freguin Babindamana.

**Figure 1.** Figure 1: GuardSec use case diagram. Three actor types interact with seven view at source ↗

**Figure 2.** Figure 2: GuardSec four-layer system architecture. The presentation layer serves view at source ↗

**Figure 2.** Figure 2: GuardSec four-layer system architecture. The presentation layer serves [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: URL/domain threat assessment pipeline. Four external sub-queries view at source ↗

**Figure 4.** Figure 4: GuardSec UML class diagram. EntiteNumerique is the abstract base class for the five verification subtypes. Visiteur aggregates MonEmpreinte for connection-level auditing. GildaAssistant associates with EntiteNumerique to contextualise verdicts. RapportMenace is populated via the community reporting endpoint view at source ↗

**Figure 5.** Figure 5: Per Entity Detection Metrics view at source ↗

**Figure 6.** Figure 6: Radar Multimetrics Comparison Reviewer note: The labelled set covers URL and domain entities only. Business, phone, and email metrics derive from the production corpus using a majority-vote labelling protocol over community reports combined with VirusTotal crossvalidation where applicable. These figures carry lower statistical confidence and should be read as preliminary estimates. D. Mon Empreinte Modul… view at source ↗

**Figure 7.** Figure 7: Latency Distribution view at source ↗

**Figure 7.** Figure 7: Latency Distribution F. Comparison with the Literature Table V places GuardSec next to prior systems. GuardSec is the only system in Table V that puts external entity verification, connection-level security auditing, and a domain-constrained conversational assistant in one zeroregistration, multilingual interface. The benchmark comparison still needs the caveat we stated earlier: production metrics and … view at source ↗

**Figure 8.** Figure 8: Percentile Latency Profiles TABLE V COMPARISON AGAINST RELATED SYSTEMS System Scope Metric Accessible Sahingoz et al. [9] URL F1 0.979 No Vinayakumar et al. [10] URL Acc. 0.973 No 1D-CNN+BiLSTM [11] Email F1 0.994 No PMANet [13] URL AUC 0.994 No VirusTotal Multi , API key req. PhishTank URL , Limited ipleak.net / whoer.net Conn. only , Partial GuardSec (ours) Multi+Biz F1 0.890 Yes +Conn.+Chat F. Compariso… view at source ↗

read the original abstract

Online fraud in Africa has reached an epidemic scale. The few cybersecurity tools that exist are out of reach for ordinary citizens, built almost exclusively for SOC analysts and technically literate users sitting on stable broadband. That mismatch isn't accidental. It's what happens when a research culture rewards benchmark numbers and treats deployability, accessibility, and local threat context as someone else's problem. We present \textit{GuardSec}, a production-deployed web platform for real-time multi-modal threat verification, built from the start around the African user. Anyone with a browser can assess the legitimacy of URLs, websites, phone numbers, email addresses, and business entities in under five seconds. No registration. No API key. No prerequisite knowledge of cybersecurity. The platform's most distinctive component is \textit{Mon Empreinte} (My Footprint), a real-time audit of the user's own connection and digital exposure: it analyses the visitor's IP address, geolocation, ISP identity, connection type, device fingerprint, browser configuration, and twelve security indicators covering network integrity, tracking exposure, and anonymisation status. With this in hand, GuardSec becomes more than a passive checker; the user can see whether their own connection is being tracked or exposed, not just whether some external entity is dangerous. The platform also embeds \textit{Gilda}, a context-aware conversational security assistant that answers questions about digital threats in plain language and offers personalised recommendations on demand.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

GuardSec describes an accessible web tool for African fraud checks but supplies zero evidence that any of its verifications actually work.

read the letter

The core takeaway is that this is a system-description paper for a deployed browser-based platform, not a research contribution with measurable results. GuardSec lets users check URLs, phones, emails, and entities without signing up, and it adds a personal audit called Mon Empreinte that reports on the visitor's own IP, device fingerprint, and twelve connection indicators. It also includes a simple conversational helper named Gilda. Those features are genuinely aimed at non-technical users in a region with high fraud exposure, and the no-registration design removes a real barrier that most existing tools still have. That focus on immediate accessibility is the part worth noting if you're working on deployable security interfaces for similar settings. Everything else is thin. The manuscript states that checks happen in under five seconds and that the audit accurately flags exposures, yet it contains no methodology, no ground-truth tests, no precision or recall numbers, and no comparison against known African fraud cases or other tools. There are no user studies, no false-positive rates, and no description of how the underlying checks are implemented or updated. Without that, the claims about real-time detection and production readiness rest on assertion alone. The paper would interest developers or NGOs who want concrete UI ideas for low-resource environments, but it does not advance the technical literature on detection methods or evaluation practices. I would not send it to peer review for a research venue; it lacks the empirical grounding needed to justify referee time.

Referee Report

3 major / 1 minor

Summary. The manuscript presents GuardSec, a production-deployed web platform for real-time multi-modal threat verification tailored to African users. It allows browser-based assessment of URLs, websites, phone numbers, email addresses, and business entities in under five seconds without registration. Key components include Mon Empreinte, which audits the user's IP, geolocation, ISP, device fingerprint, and twelve security indicators, and Gilda, a conversational security assistant.

Significance. If the verification methods prove effective, the platform could address a critical gap in accessible cybersecurity tools for non-technical users in Africa, where online fraud is described as epidemic. The emphasis on deployability and local context is a strength, but the lack of any empirical validation limits the ability to gauge its significance.

major comments (3)

[Abstract] Abstract: The claim that the platform enables accurate real-time assessment of legitimacy for URLs, phone numbers, emails, and entities is unsupported by any data, error rates, precision/recall metrics, ground-truth comparisons, or validation against known African fraud datasets.
[Mon Empreinte] Mon Empreinte description: The twelve security indicators covering network integrity, tracking exposure, and anonymisation status are listed but neither defined in detail nor evaluated for their effectiveness in detecting real threats or exposures.
[Overall] Overall evaluation: No methodology, benchmarks, or experimental results section is present to substantiate the production deployment, under-five-seconds performance, or the accuracy of the multi-modal checks.

minor comments (1)

[Abstract] Abstract: The term 'production-deployed' requires clarification on the deployment environment, user base, or uptime metrics to support the accessibility claims.

Simulated Author's Rebuttal

3 responses · 1 unresolved

We thank the referee for their constructive comments. We recognize that the current manuscript is a system description paper and lacks the empirical sections expected for claims of accuracy and performance. We will make revisions to clarify this and provide additional details where feasible.

read point-by-point responses

Referee: [Abstract] Abstract: The claim that the platform enables accurate real-time assessment of legitimacy for URLs, phone numbers, emails, and entities is unsupported by any data, error rates, precision/recall metrics, ground-truth comparisons, or validation against known African fraud datasets.

Authors: We agree that the abstract makes unsupported claims regarding accuracy. In the revised version, we will modify the abstract to describe the platform as providing real-time multi-modal assessments without asserting accuracy or specific performance metrics. We will also include a dedicated limitations section discussing the lack of formal validation against datasets. revision: yes
Referee: [Mon Empreinte] Mon Empreinte description: The twelve security indicators covering network integrity, tracking exposure, and anonymisation status are listed but neither defined in detail nor evaluated for their effectiveness in detecting real threats or exposures.

Authors: We will revise the Mon Empreinte section to provide detailed definitions and explanations for each of the twelve security indicators. However, since the paper does not include an evaluation study, we cannot provide effectiveness metrics; we will explicitly state that such an evaluation is left for future work. revision: partial
Referee: [Overall] Overall evaluation: No methodology, benchmarks, or experimental results section is present to substantiate the production deployment, under-five-seconds performance, or the accuracy of the multi-modal checks.

Authors: We will add a new section on system architecture and deployment to substantiate the production status. For the under-five-seconds claim, we will report observed average response times from the live deployment. Regarding accuracy, we will remove unsubstantiated claims and note the absence of benchmarks as a limitation. revision: partial

standing simulated objections not resolved

We do not possess ground-truth labeled datasets for African fraud cases to compute precision/recall, so cannot add such metrics without new data collection.

Circularity Check

0 steps flagged

No significant circularity: descriptive platform paper with no derivations or fitted predictions

full rationale

The manuscript is a system description of GuardSec, a web platform for real-time threat verification. It details UI features, Mon Empreinte's 12 security indicators (IP, geolocation, device fingerprint, etc.), and a conversational assistant without any equations, models, parameter fitting, or predictive derivations. No self-citations, uniqueness theorems, or ansatzes are invoked to justify core claims. The central assertions are about deployment and accessibility rather than reductions of outputs to inputs by construction. This matches the reader's 0.0 assessment; the paper is self-contained as a descriptive artifact with no opportunity for the enumerated circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 2 invented entities

The description relies on the unverified effectiveness of custom components and standard web APIs without providing independent evidence or benchmarks for their fraud detection or auditing performance.

axioms (1)

domain assumption Browser APIs for IP geolocation, device fingerprinting, and connection analysis are accurate enough for security auditing purposes.
Implicitly required for the Mon Empreinte feature to function as described.

invented entities (2)

Mon Empreinte personal audit system no independent evidence
purpose: Real-time analysis of user's IP, geolocation, ISP, device fingerprint, and twelve security indicators
New component introduced as core distinctive feature without external validation or performance data.
Gilda conversational security assistant no independent evidence
purpose: Context-aware chatbot providing plain-language answers and personalized recommendations on digital threats
Custom assistant presented as part of the platform without details on its training or accuracy.

pith-pipeline@v0.9.0 · 5570 in / 1354 out tokens · 55466 ms · 2026-05-14T22:02:33.889461+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We ground the system design in a formal binary classification framework over a heterogeneous feature space... f:R^d→[0,1], ŷ_i=1[f(x_i)≥θ*] under an asymmetric cost function with c_FN=3·c_FP
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The platform’s most distinctive component is Mon Empreinte... twelve security indicators covering network integrity, tracking exposure, and anonymisation status

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

22 extracted references · 22 canonical work pages

[1]

INTERPOL, Africa Cyberthreat Assessment Report 2025, 4th ed.,” IN- TERPOL African Joint Operation against Cybercrime (AFJOC), Lyon, France, June 2025

work page 2025
[2]

BusinessDay NG, Africa’s top 4 countries with the highest scam losses in 2024,”BusinessDay Nigeria, Nov

work page 2024
[3]

Available: https://businessday.ng/news/article/ africas-top-4-countries-with-the-highest-scam-losses-in-2024/

[Online]. Available: https://businessday.ng/news/article/ africas-top-4-countries-with-the-highest-scam-losses-in-2024/

work page 2024
[4]

Smile ID, Digital Identity Fraud in Africa Report 2025,” Smile Iden- tity Inc., Jan. 2025. [Online]. Available: https://usesmileid.com/blog/ 2025-digital-identity-fraud-in-africa-report

work page 2025
[5]

South African Banking Risk Information Centre, Annual Crime Statistics Report 2024,” SABRIC, Midrand, South Africa, Aug. 2025. [Online]. Available: https://www.sabric.co.za/ media-statement-sabric-annual-crime-statistics-2024/

work page 2024
[6]

TransUnion, More Than Two-Thirds of South Africans Said They Were Recently Targeted With Fraud,” TransUnion Consumer Pulse Survey, Dec. 2024. [Online]. Available: https://newsroom.transunion.co.za

work page 2024
[7]

GSMA, The Mobile Economy: Sub-Saharan Africa 2024,” GSMA Intelligence, London, UK, 2024

work page 2024
[8]

[Online]

Youverify, What Is the Biggest Fraud Trend in Africa Right Now?” Youverify Blog, 2025. [Online]. Available: https://youverify.co

work page 2025
[9]

Sahoo, C

D. Sahoo, C. Liu, and S. C. H. Hoi, Malicious URL detection using machine learning: A survey,”arXiv preprintarXiv:1701.07179, 2017

work page arXiv 2017
[10]

O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, Machine learning based phishing detection from URLs,”Expert Systems with Applications, vol. 117, pp. 345–357, 2019

work page 2019
[11]

Vinayakumar, K

R. Vinayakumar, K. P. Soman, and P. Poornachandran, Evaluating deep learning approaches to characterize and classify malicious URLs,” Journal of Intelligent & Fuzzy Systems, vol. 34, no. 3, pp. 1333–1343, 2018

work page 2018
[12]

Altwaijry, I

N. Altwaijry, I. Al-Turaiki, R. Alotaibi, and F. Alakeel, Advancing phishing email detection: A comparative study of deep learning models,” Sensors, vol. 24, no. 7, p. 2077, Mar. 2024

work page 2077
[13]

Thakur, M

K. Thakur, M. L. Ali, M. A. Obaidat, and A. Kamruzzaman, A systematic review on deep-learning-based phishing email detection,” Electronics, vol. 12, p. 4545, Nov. 2023

work page 2023
[14]

Liuet al., PMANet: Malicious URL detection via post-trained language model guided multi-level feature attention network,”IEEE Access, vol

R. Liuet al., PMANet: Malicious URL detection via post-trained language model guided multi-level feature attention network,”IEEE Access, vol. 12, pp. 13453–13468, 2024

work page 2024
[15]

Phiri, T

J. Phiri, T. Lavhengwa, and M. A. Segooa, Online banking fraud detection: A comparative study of cases from South Africa and Spain,” South African Journal of Information Management, vol. 26, no. 1, pp. 1– 8, 2024

work page 2024
[16]

Bansimba, R.F

G.R. Bansimba, R.F. Babindamana, B.G.R. Bossoto A Contin- ued Fraction-Hyperbola based Attack on RSA cryptosystemarXiv preprint:2304.03957, 2023

work page arXiv 2023
[17]

M. A. Ferreiraet al., A phishing-attack-detection model using natural language processing and deep learning,”Applied Sciences, vol. 13, no. 9, p. 5275, Apr. 2023

work page 2023
[18]

Macas, C

M. Macas, C. Wu, and W. Fuertes, Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems,” Expert Systems with Applications, vol. 238, p. 122223, 2024

work page 2024
[19]

M. A. Ferreiraet al., Phishing detection using natural language process- ing,”SMU Data Science Review, vol. 7, no. 1, 2023

work page 2023
[20]

J. R. Landis and G. G. Koch, The measurement of observer agreement for categorical data,”Biometrics, vol. 33, no. 1, pp. 159–174, 1977

work page 1977
[21]

Vanhoef and F

M. Vanhoef and F. Piessens, DNS hijacking: Understanding and coun- termeasures,” inProc. USENIX Security Symposium, 2016, pp. 673–688

work page 2016
[22]

Hadi Amini, and Yanzhao Wu

B. Motlaghet al., Large language models in cybersecurity: State-of-the- art,”arXiv preprintarXiv:2402.00888, 2024

work page arXiv 2024

[1] [1]

INTERPOL, Africa Cyberthreat Assessment Report 2025, 4th ed.,” IN- TERPOL African Joint Operation against Cybercrime (AFJOC), Lyon, France, June 2025

work page 2025

[2] [2]

BusinessDay NG, Africa’s top 4 countries with the highest scam losses in 2024,”BusinessDay Nigeria, Nov

work page 2024

[3] [3]

Available: https://businessday.ng/news/article/ africas-top-4-countries-with-the-highest-scam-losses-in-2024/

[Online]. Available: https://businessday.ng/news/article/ africas-top-4-countries-with-the-highest-scam-losses-in-2024/

work page 2024

[4] [4]

Smile ID, Digital Identity Fraud in Africa Report 2025,” Smile Iden- tity Inc., Jan. 2025. [Online]. Available: https://usesmileid.com/blog/ 2025-digital-identity-fraud-in-africa-report

work page 2025

[5] [5]

South African Banking Risk Information Centre, Annual Crime Statistics Report 2024,” SABRIC, Midrand, South Africa, Aug. 2025. [Online]. Available: https://www.sabric.co.za/ media-statement-sabric-annual-crime-statistics-2024/

work page 2024

[6] [6]

TransUnion, More Than Two-Thirds of South Africans Said They Were Recently Targeted With Fraud,” TransUnion Consumer Pulse Survey, Dec. 2024. [Online]. Available: https://newsroom.transunion.co.za

work page 2024

[7] [7]

GSMA, The Mobile Economy: Sub-Saharan Africa 2024,” GSMA Intelligence, London, UK, 2024

work page 2024

[8] [8]

[Online]

Youverify, What Is the Biggest Fraud Trend in Africa Right Now?” Youverify Blog, 2025. [Online]. Available: https://youverify.co

work page 2025

[9] [9]

Sahoo, C

D. Sahoo, C. Liu, and S. C. H. Hoi, Malicious URL detection using machine learning: A survey,”arXiv preprintarXiv:1701.07179, 2017

work page arXiv 2017

[10] [10]

O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, Machine learning based phishing detection from URLs,”Expert Systems with Applications, vol. 117, pp. 345–357, 2019

work page 2019

[11] [11]

Vinayakumar, K

R. Vinayakumar, K. P. Soman, and P. Poornachandran, Evaluating deep learning approaches to characterize and classify malicious URLs,” Journal of Intelligent & Fuzzy Systems, vol. 34, no. 3, pp. 1333–1343, 2018

work page 2018

[12] [12]

Altwaijry, I

N. Altwaijry, I. Al-Turaiki, R. Alotaibi, and F. Alakeel, Advancing phishing email detection: A comparative study of deep learning models,” Sensors, vol. 24, no. 7, p. 2077, Mar. 2024

work page 2077

[13] [13]

Thakur, M

K. Thakur, M. L. Ali, M. A. Obaidat, and A. Kamruzzaman, A systematic review on deep-learning-based phishing email detection,” Electronics, vol. 12, p. 4545, Nov. 2023

work page 2023

[14] [14]

Liuet al., PMANet: Malicious URL detection via post-trained language model guided multi-level feature attention network,”IEEE Access, vol

R. Liuet al., PMANet: Malicious URL detection via post-trained language model guided multi-level feature attention network,”IEEE Access, vol. 12, pp. 13453–13468, 2024

work page 2024

[15] [15]

Phiri, T

J. Phiri, T. Lavhengwa, and M. A. Segooa, Online banking fraud detection: A comparative study of cases from South Africa and Spain,” South African Journal of Information Management, vol. 26, no. 1, pp. 1– 8, 2024

work page 2024

[16] [16]

Bansimba, R.F

G.R. Bansimba, R.F. Babindamana, B.G.R. Bossoto A Contin- ued Fraction-Hyperbola based Attack on RSA cryptosystemarXiv preprint:2304.03957, 2023

work page arXiv 2023

[17] [17]

M. A. Ferreiraet al., A phishing-attack-detection model using natural language processing and deep learning,”Applied Sciences, vol. 13, no. 9, p. 5275, Apr. 2023

work page 2023

[18] [18]

Macas, C

M. Macas, C. Wu, and W. Fuertes, Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems,” Expert Systems with Applications, vol. 238, p. 122223, 2024

work page 2024

[19] [19]

M. A. Ferreiraet al., Phishing detection using natural language process- ing,”SMU Data Science Review, vol. 7, no. 1, 2023

work page 2023

[20] [20]

J. R. Landis and G. G. Koch, The measurement of observer agreement for categorical data,”Biometrics, vol. 33, no. 1, pp. 159–174, 1977

work page 1977

[21] [21]

Vanhoef and F

M. Vanhoef and F. Piessens, DNS hijacking: Understanding and coun- termeasures,” inProc. USENIX Security Symposium, 2016, pp. 673–688

work page 2016

[22] [22]

Hadi Amini, and Yanzhao Wu

B. Motlaghet al., Large language models in cybersecurity: State-of-the- art,”arXiv preprintarXiv:2402.00888, 2024

work page arXiv 2024