SPAM-JAMR™ — About the Engine

☰

THREE-TIER ARCHITECTURE

How the engine is structured

SPAM-JAMR's threat engine is built as a three-tier pipeline. Each tier has a single responsibility, and data flows forward from raw sources to a final risk verdict. No tier reaches back — information always moves in one direction.

TIER 1 — COLLECT

DataiNetX™

The Data Intelligence Network. Gathers raw intelligence from 8 distinct sources, detects attack scenarios (neighbor spoofing, rotating numbers, robocall farms), and transforms everything into a normalized 47-element FloatArray for the ML engine.

TIER 2 — PREDICT

AdaptEdgeML™

The Machine Learning Engine. Receives the 47-feature array, runs it through a single-layer neural network with trained weights and sigmoid activation, and outputs a risk probability. Learns from every user action — gets smarter with use.

TIER 3 — ANALYZE

ThreatIntelligence

The Decision Layer. Takes the ML prediction and combines it with three other risk factors in a weighted analysis. Then checks for escalation triggers that can bump the risk level up. Produces the final score and verdict.

📡

INTERACTIVE PIPELINE

Tap a scenario to see how the engine responds

SELECT A CALL SCENARIO

📞

SUSPECTED SPAM

Unverified caller, out-of-area, FTC complaints on file

MEDIUM → HIGH

✅

LEGITIMATE CALL

Known contact, verified by carrier, local area code

MINIMAL

❓

UNKNOWN CALLER

First contact, verified, no complaints, local number

LOW

🤖

ROBOCALL ATTACK

Rotating numbers, rapid calls, sequential pattern, not verified

CRITICAL

🎭

NEIGHBOR SPOOF

Matching area code and prefix, but not in contacts

HIGH

An unverified caller from an out-of-area code with FTC complaints. The engine detects NOT_VERIFIED and escalates from MEDIUM to HIGH.

SCROLL HORIZONTALLY TO VIEW FULL DIAGRAM • PINCH TO ZOOM

🧬

47 ML FEATURES

What the engine sees in every call

Every incoming call is decomposed into 47 distinct numerical features organized across 5 categories. DataiNetX™ extracts these from the raw data sources and normalizes them into a FloatArray — the language AdaptEdgeML™ understands. Each feature is a signal. Alone, any single feature means little. Combined through weighted multiplication, patterns emerge that no single rule could catch.

15

Temporal Patterns

Call duration, frequency, burst patterns, time-of-day analysis, weekend ratio, peak spam hours, night calls, time between calls, daily maximums

10

Number Analysis

Area code matching, prefix similarity, toll-free/premium detection, VOIP indicator, sequential digits, number length anomaly, format validation

8

Contextual Intel

First contact detection, recency scoring, geographic distance, Wangiri ring analysis, callback pressure, number entropy, timezone mismatch, neighbor spoofing

8

User Behavior

Answer ratio, block history, spam reports, contact list match, callback attempts, voicemail presence, conversation duration, repeat call patterns

6

Community & Database

Local spam reports, FTC complaint count, FCC complaint count, global blocklist match, area code risk score, database match confidence

ATTACK SCENARIO DETECTION

Before features reach the ML engine, DataiNetX™ runs scenario-level pattern matching to detect coordinated attack patterns that individual features might miss:

Neighbor Spoofing — Caller's area code and prefix match yours, but the number isn't in your contacts.
Rotating Number Attack — Multiple calls from sequential or near-identical numbers. Robocall farms cycling through pools.
Wangiri Detection — Ultra-short ring durations designed to trigger a callback to a premium-rate number.
Robocall Patterns — Sequential digit patterns across different callers suggesting automated dialing systems.

⚖

4-FACTOR RISK ANALYSIS

How the final score is calculated

ThreatIntelligence doesn't rely on any single signal. It combines four independent risk assessments, each weighted by reliability and predictive value, into a single composite score from 0 to 100.

AREA CODE RISK

25%

Geographic intelligence from NANPA area code data. Cross-references caller area codes against FTC/FCC complaint density, known scam corridors, and local vs. out-of-area status.

ML PREDICTION

35%

AdaptEdgeML™'s neural network output. The heaviest weight because ML adapts to new spam tactics that static rules miss. Sigmoid activation normalizes output to 0-1 probability.

BEHAVIOR ANALYSIS

20%

Real-time behavioral signals: call frequency, timing anomalies, burst calling detection, and historical interaction patterns between this number and the user.

REGULATORY DATA

20%

Combines: STIR/SHAKEN verification status (40% of this factor), FTC complaint data (30%), and FCC complaint data (30%).

RISK LEVEL SCALE

MINIMAL 0-24

LOW 25-44

MED 45-64

HIGH 65-79

CRIT 80-100

The weighted sum maps to one of five risk levels, each with a recommended action.

🚨

ESCALATION ENGINE

When the base score isn't enough

After ThreatIntelligence calculates the base risk score, the Escalation Engine checks for specific behavioral triggers that indicate higher danger than the raw numbers suggest.

7 ESCALATION TRIGGERS

Trigger	Detection	Threshold
NOT_VERIFIED	STIR/SHAKEN failed or unverified	Always +1 level
RAPID_CALLS	Same number calling repeatedly	2+ in 5 min or 5+ in 30 min
ROTATING_NUM	Similar numbers with sequential digits	2+ matching prefix
SEQ_PATTERN	Robocall farm detection	3+ distinct sequential numbers
PREV_BLOCKED	Number was previously blocked	In blocked list
OFF_HOURS	Calling outside normal hours	Before 8 AM or after 9 PM
HI_RISK_AREA	Known high-spam area code	Area code risk score 70+

ESCALATION RULES

NOT_VERIFIED present+1 level (guaranteed)

3+ triggers (incl. NOT_VERIFIED)+2 levels

2+ triggers (no NOT_VERIFIED)+1 level

FAILED verificationAlways HIGH min

MAXIMUM ESCALATION: 2 LEVELS

🎯

ADAPTIVE LEARNING

The engine learns from you

AdaptEdgeML™ doesn't just follow static rules — it learns from every action you take. When you block a number, report spam, or trust a caller, the engine adjusts its internal weights through gradient descent.

HOW IT LEARNS

The neural network uses a single-layer perceptron with sigmoid activation. Training uses stochastic gradient descent with a learning rate of 0.01.

Your Action	Signal	Weight	Why
Block a number	SPAM	1.5x	Strong spam signal
Report spam	SPAM	2.0x	Strongest — explicit confirmation
Quick hang-up	SPAM	0.8x	Weak — could be accidental
Ignore repeated	SPAM	0.7x	Weak — passive rejection
Whitelist	SAFE	2.0x	Strongest safe — explicit trust
Answer (full call)	SAFE	1.2x	Moderate — user engaged
Call back	SAFE	1.5x	Strong safe — voluntary contact

TRAINING LIFECYCLE

Bootstrap Phase — First 50 training samples. Default weights, 30% confidence.
Learning Phase — 50-100 samples. Weights adapting. 50% confidence. Model saved every 10 events.
Mature Phase — 100+ samples. Accuracy-based confidence up to 90%. Personalized to your call landscape.

Weights persist in local storage and survive app restarts.

🔒

PRIVACY BY DESIGN

Your data never leaves your phone

🏠

100% On-Device Processing

All 47 features extracted and all ML predictions run entirely on your device. No cloud servers, no API calls for threat data.

🧠

Local Model Training

Neural network weights trained and stored exclusively in your phone's local storage.

📵

No PII in Logs

Release builds strip all personally identifiable information. Phone numbers and contact names never in system logs.

📡

Offline-Capable

Threat databases downloaded and stored locally. Full call screening works offline after initial setup.

🔐

Carrier Verification Only

STIR/SHAKEN status comes from your carrier's network — SPAM-JAMR reads it, never sends it.