QrShield: A Malicious Qr Code Detection Tool

Professional QR threat analysis with transparent AI insight

Comment

QRShield: A Malicious QR Code Detection Tool

Inspiration

With the rapid increase in the use of QR codes in digital payments, advertisements, authentication systems, and public services, cybercriminals have started exploiting them for phishing and malware attacks. Many users scan QR codes without verifying the destination URL or checking whether the QR image has been visually tampered with.

This growing cybersecurity threat inspired us to develop \textbf{QRShield}, an intelligent malicious QR code detection system capable of protecting users before an attack occurs. Our vision was to combine modern Artificial Intelligence techniques with cybersecurity principles to create a practical and reliable QR security framework.

What it does

QRShield is a \textbf{hybrid AI-powered malicious QR code detection system} designed to identify both:

  1. Malicious URLs embedded inside QR codes
  2. Visually tampered or manipulated QR codes

The system performs two layers of security analysis:

1. URL-Based Threat Detection

  • Extracts lexical, DNS, WHOIS, and HTTP-based features from URLs.
  • Uses machine learning algorithms to classify URLs as legitimate or malicious.

2. QR Tampering Detection

  • Uses deep learning and computer vision techniques to analyze QR images.
  • Detects overlay attacks, hidden modifications, and visual tampering.

The final prediction is generated using a decision-level fusion strategy:

[ F(x) = \alpha M_{url}(x) + \beta M_{img}(x) ]

Where:

[ M_{url}(x) ]

represents the URL classification score, and

[ M_{img}(x) ]

represents the QR image tampering detection score.

How we built it

We developed QRShield using a combination of \textbf{Machine Learning}, \textbf{Deep Learning}, and \textbf{Computer Vision} techniques.

Technologies and Tools Used

  • Python
  • OpenCV
  • TensorFlow / PyTorch
  • Scikit-learn
  • XGBoost
  • ResNet18
  • NumPy
  • Pandas
  • Matplotlib

System Development Workflow

Step 1: QR Image Preprocessing

We first preprocess the QR image using:

  • Grayscale conversion
  • Noise reduction
  • Thresholding and binarization
  • QR localization and cropping

Step 2: URL Feature Extraction

The extracted URL undergoes feature engineering where we collect:

[ X = {x_1, x_2, x_3, ..., x_{29}} ]

These features include:

  • Lexical features
  • DNS attributes
  • WHOIS information
  • HTTP characteristics

Step 3: Machine Learning Classification

We trained an \textbf{XGBoost classifier} to detect phishing URLs:

[ \hat{y} = \sum_{k=1}^{K} f_k(x) ]

Where:

  • (f_k) represents decision trees
  • (K) is the number of boosting rounds

Step 4: Deep Learning Tampering Detection

For QR image analysis, we used \textbf{ResNet18} to identify visually tampered QR codes.

Residual learning in ResNet can be represented as:

[ H(x) = F(x) + x ]

Where:

  • (F(x)) represents the learned residual mapping
  • (x) represents the input feature map

Step 5: Decision-Level Fusion

Finally, both model outputs are combined to generate the final security decision.

The system was trained and evaluated using:

  • Team Eagle URL Dataset
  • Team Eagle QR Code Dataset

Challenges we ran into

One of the biggest challenges was collecting and preparing high-quality datasets for both malicious URLs and tampered QR images. Real-world malicious QR datasets are limited, which required significant preprocessing and data organization.

Other major challenges included:

  • Balancing model accuracy and computational efficiency
  • Detecting subtle visual tampering without affecting QR readability
  • Integrating machine learning and deep learning outputs into a single framework
  • Handling noisy and low-quality QR images
  • Preventing overfitting during deep learning training

Optimizing the hybrid architecture while maintaining fast detection speed was also technically challenging.

Accomplishments that we're proud of

We are proud of successfully developing a \textbf{hybrid AI-based QR security framework} capable of detecting both phishing URLs and visually manipulated QR codes.

Key Accomplishments

  • Built a dual-layer malicious QR detection system
  • Successfully integrated XGBoost and ResNet18
  • Developed custom datasets for QR threat analysis
  • Achieved strong classification performance
  • Designed a scalable cybersecurity-oriented architecture

QRShield demonstrates how Artificial Intelligence can improve security in modern QR-based ecosystems.

What we learned

Through this project, we gained valuable experience in:

  • Cybersecurity and phishing detection
  • Machine learning and deep learning workflows
  • Computer vision and image preprocessing
  • Dataset engineering and feature extraction
  • Hybrid AI system integration
  • Research methodology and experimental evaluation

We also learned the importance of combining multiple security layers instead of relying on a single detection mechanism.

What's next for QRShield: A Malicious QR Code Detection Tool

In the future, we plan to transform QRShield into a real-time intelligent cybersecurity platform.

Future Enhancements

  • Mobile application for real-time QR scanning
  • Browser extension integration
  • Cloud-based threat intelligence support
  • Live phishing database synchronization
  • Explainable AI for transparent decision-making
  • Detection of advanced adversarial QR attacks
  • Enterprise-level deployment support
  • Integration with digital payment systems

Our long-term vision is to make \textbf{QRShield} a complete AI-powered QR security solution that protects users from evolving QR-based cyber threats in real-world environments.

Built With

Share this project:

Updates