Cybersecurity Content Moderator

LLM-powered harmful content detection — text, image, and PDF

VIT Capstone | Hate Speech & Harmful Content Classification
  • Ollama LLM (WizardLM 7b / Gemma3 12b)
  • FAISS semantic search
  • Dockerised deployment
  • GitHub Actions CI/CD

AI cybersecurity system to detect hate speech and harmful content in text, images, and PDFs. Custom-trained Ollama model running locally with FAISS semantic retrieval, FastAPI backend, and Streamlit UI — packaged as a Docker image with auto-versioned CI push to Docker Hub.

What it does

A full-stack AI system that analyses user-submitted text, images, and PDF files for hate speech, harmful content, and cybersecurity threats. The backend runs a locally-hosted Ollama LLM (WizardLM 7b or Gemma3 12b) with FAISS-powered semantic search to retrieve similar past cases before generating a verdict.

Custom Ollama model FAISS vector search Text + Image + PDF GPU-accelerated v2.0.0 released
Python FastAPI Streamlit Ollama FAISS Sentence Transformers Docker GitHub Actions

Features

  • Text, Image & PDF Moderation: A single endpoint stack handles all three input types via POST /upload-text, /upload-image, and /upload-pdf.
  • AI-Powered Content Analysis: Custom-trained Ollama model (cyber-moderator-Wlm:7b / cyber-moderator-G3:12b) — WizardLM 7b for text, Gemma3 12b vision for images.
  • Semantic Search: FAISS index + Sentence Transformers retrieves the most similar prior cases to ground the LLM verdict.
  • User-Friendly UI: Streamlit frontend lets users upload files or paste text and see instant moderation results.
  • Containerised: Single Docker image, GPU-passthrough supported, available on Docker Hub.
  • Auto-versioned CI: GitHub Actions builds and pushes latest + semantic version tag on every merge to main.

API Endpoints

EndpointMethodDescription
/upload-text or /upload-image POST Accepts plain text or image for moderation
/upload-pdf POST Accepts a PDF file — extracts text and analyses

Project structure

Content-moderator-image/ ├── backend/ │ ├── backend.py # FastAPI app — upload routes, FAISS, Ollama calls │ ├── start.sh # uvicorn launch │ └── requirements.txt ├── frontend/ │ ├── frontend.py # Streamlit UI │ └── start_frontend.sh ├── models/ │ ├── Modelfile # WizardLM 7b system prompt + params │ └── Modelfile_vision # Gemma3 12b vision config ├── images/ # README screenshots ├── .github/workflows/ │ └── docker-build.yml # GitHub Actions CI ├── Dockerfile ├── docker-compose.yml └── start_services.sh # Orchestrator: Ollama → backend → frontend

Architecture & system flows

End-to-end view: how a user input flows through Streamlit → FastAPI → Sentence Transformers + FAISS → Ollama LLM → verdict.

Full system — Streamlit FastAPI FAISS Ollama
Full system architecture User → Streamlit UI → FastAPI → Sentence Transformers + FAISS retrieval → Ollama LLM → verdict
Moderation pipeline input to verdict
Moderation pipeline Input → preprocess → embed → FAISS search → LLM classify → Harmful / Safe
Docker Compose service orchestration
Docker Compose services Ollama (port 11434, healthcheck) → backend (8000) → frontend (8501). Models persisted via volume.
GitHub Actions CI build push Docker Hub
CI/CD Push to main → GitHub Actions → auto-version → docker build → push latest + tag to Docker Hub

Custom Ollama model setup

Two fine-tuned models are created from base weights using Ollama Modelfile:

  • cyber-moderator-Wlm:7b — WizardLM 7b fine-tuned for text moderation (temperature 0.7, top_p 0.9)
  • cyber-moderator-G3:12b — Gemma3 12b vision model for image-based content classification

Modelfile (WizardLM)

FROM wizardlm2:7b SYSTEM "Cybersecurity content moderation model" PARAMETER "temperature" 0.7 PARAMETER "top_p" 0.9

Build & test the model

# Build ollama create cyber-moderator-Wlm:7b -f /app/models/Modelfile # Verify ollama list # GPU inference test OLLAMA_USE_CUDA=1 ollama run cyber-moderator-Wlm:7b \ "Analyze this message for harmful content."

FAISS semantic retrieval

Before calling the LLM, the backend embeds the input using Sentence Transformers and queries a FAISS index of past moderation examples. The top-k similar cases are injected as context into the LLM prompt, grounding the verdict in prior decisions and reducing hallucinations.

Supported moderation cases (capstone research)

  • Hate speech and slurs (text)
  • Weapons and drug imagery (images — WizardLM vision / Gemma3 12b)
  • Threat and harassment detection (text)
  • Harmful PDF content extraction and analysis
  • Toy / non-threatening object disambiguation (e.g., child with toy gun)

Backend processing output

FastAPI backend running — uvicorn output

FastAPI backend live — uvicorn on port 8000

Streamlit UI — text moderation

Streamlit UI text input

Streamlit text moderation interface

Streamlit text moderation result

LLM verdict — harmful content flagged

Vision model — image moderation

Vision model detects real guns and drugs

Real weapons & drugs — flagged harmful

Vision model — child with toy gun classified safe

Child with toy gun — correctly classified safe

GitHub Actions CI build

GitHub Actions build workflow step 1

GitHub Actions — build and versioning steps

GitHub Actions build workflow step 2

Docker push — latest + semantic version tag

Quick start — Docker Hub image

# Pull the pre-built image docker pull harishkumarthesde/content-moderator:latest # Run with GPU support docker run --gpus all \ -p 8000:8000 -p 8501:8501 \ --name content-moderator-container \ harishkumarthesde/content-moderator:latest # FastAPI: http://localhost:8000 # Streamlit: http://localhost:8501

Docker Compose (full stack)

docker-compose up --build # Starts: ollama (11434) → backend (8000) → frontend (8501) docker-compose down

How Compose orchestrates services

  • ollamaollama/ollama image, healthcheck on ollama list, persists models via volume.
  • backend — depends on ollama healthy; pulls base models, creates custom Modelfiles, starts uvicorn.
  • frontend — depends on backend; runs streamlit run frontend.py on port 8501.

GitHub Actions CI/CD

On every push to main: auto-calculates the next semantic version from git tags, builds the Docker image, pushes latest + version tag to Docker Hub, and creates a new git tag on the repository.

Trigger: push to main → Auto-version (e.g. v2.0.0 → v2.0.1) → docker build harishkumarthesde/content-moderator:latest → docker push :latest + :v2.0.1 → git tag -a v2.0.1

Prerequisites to run

  • Docker or Podman installed
  • NVIDIA GPU + NVIDIA drivers + CUDA (for full performance)
  • Access to Docker Hub image harishkumarthesde/content-moderator:latest

Links

Back to Portfolio