WebSentinel: Modular Web Security

• WebSentinel is a family of frameworks that use both static and dynamic analysis to identify malicious web content and enforce security policies.
• It employs advanced techniques such as YARA-based signature matching, Rhino sandboxing, and LLM-driven context analysis to detect script attacks and prompt injections.
• The system integrates in-browser security tests, event telemetry, and SIEM reporting to deliver high detection accuracy and comprehensive threat posture assessment.

WebSentinel denotes a family of frameworks and systems targeting the analysis, protection, and posture assessment of web security at various architectural layers. Its instantiations address real-time script-based attack detection at the network edge, prompt injection mitigation in LLM-powered web agents, and client-side browser security diagnostics. WebSentinel designs emphasize modular analysis pipelines capable of both static and dynamic inspection, segment-level context-aware reasoning for adversarial UI/DOM manipulations, and a comprehensive, in-browser testbed for security policy enforcement scoring.

1. WebSentinel for Real-Time Malicious Script Detection

WebSentinel was initially formulated as an inline appliance for detecting and mitigating malicious JavaScript-driven attacks at the network perimeter (Jung et al., 2015). It operates as a forward-proxy, intercepting all HTTP(S) traffic, and analyzes web content via the following workflow:

• Content Adaptation: The content adapter parses HTML5/CSS/JS, extracts and retrieves external script sources, and assembles a unified web content bundle.
• Analysis Engine: The engine comprises static and dynamic analysis modules:
  • Static analysis applies YARA-based signature matching for known malicious tokens, assigns an obfuscation score

  $$S_{\text{obs}} = w_1\,\text{NgramScore} + w_2\,\text{EntropyScore} + w_3\,\text{MaxStringLengthScore},$$

  and performs weighted HTML5-tag usage scoring. - Dynamic analysis executes suspect scripts in a Rhino sandbox, extracts JavaScript API call-traces, and evaluates trace similarity using SimHash and Hamming distance.

• Signature Management: Detected cases are clustered using hierarchical complete-linkage clustering on TF-IDF feature vectors, with token intersection forming conjunction signatures for subsequent detection.

• Control and Enforcement: A decision system applies a scoring function $f(x)$:

$$f(x) = \begin{cases} 1 & \text{if } g(x) \geq \tau \ 0 & \text{otherwise} \end{cases}$$

to block, permit, or sanitize scripts.

Performance benchmarks demonstrate sustained 1 Gbps throughput, ≈2.95 s average per-page latency, and ≈95.3 % detection accuracy across obfuscated and modified-code attacks. Deployment options include integration with ICAP-based proxies, SIEM alerting, and high-availability frontends (Jung et al., 2015).

2. Prompt Injection Detection and Localization in Web Agents

WebSentinel advances the state-of-the-art in the detection and localization of prompt injection attacks (PIA) targeting LLM-based web agents (Wang et al., 3 Feb 2026). In the web-agent threat model, attackers manipulate webpage content (including DOM nodes, injected HTML/JS, pixel-modified canvases, pop-ups) to subvert agent intent. The architectural pipeline consists of two primary steps:

1. Segment Extraction: WebSentinel identifies "segments of interest" with high injection likelihood through:

   • Code-pattern matching (forms, duplicate elements, comments, pixel-modified DOM nodes).
   • An extractor LLM, system-prompted to produce candidates for pop-ups and modals.
2. Consistency Evaluation: Each segment is evaluated in context via:
   • Context pruning (untargeted: removal of scripts/styles/etc.; targeted: extraction of relevant DOM subtrees).
   • An analyzer LLM enforces alignment and type-specific checks (duplicate elements, misleading instructions, sensitive-data requests) to classify segments as contaminated or clean.

A detection function

$$f(s, W) = \begin{cases} 1 & \text{if segment } s \text{ is contaminated in context } W \ 0 & \text{otherwise} \end{cases}$$

is applied per segment, and the page is flagged contaminated if any $f(s_i, W) = 1$.

Experimental results over multiple contaminated and clean datasets indicate detection accuracy (0.991) and localization Jaccard coefficient (0.987) that surpass prior baselines (PromptArmor: 0.871/0.860) (Wang et al., 3 Feb 2026). Ablations confirm the necessity of both context-driven analysis and segment-level granularity. Limitations include dependence on large open-domain LLMs (GPT-4o), manual prompt engineering, and the lack of automatic remediation upon localization.

3. Browser Security Posture Analysis

A browser-resident variant of WebSentinel, based on the Browser Security Posture Analysis Framework, delivers comprehensive in situ client-side security assessments (Cohen, 12 May 2025). Distributed as an HTML/JavaScript/WebAssembly agent, it orchestrates a battery of over 120 security test modules categorized as follows:

• SOP (Same-Origin Policy) Enforcement: Detects cross-origin DOM access vulnerabilities.
• CORS Validation: Verifies enforcement of cross-origin resource sharing policies.
• CSP (Content Security Policy) Analysis: Tests prevention of inline script execution with strict CSP.
• XSS Filter/Auditor Test: Assesses browser-level XSS protection.
• Extension Interference via WeakRef: Detects data-leak risk from persistent DOM references.
• Permissions Audit: Enumerates and verifies navigator.permissions defaults.
• SSL/TLS Validation: Checks browser response to invalid certificates (expired, self-signed).
• Cryptographic API & RNG Assessment: Tests WebCrypto availability/function and randomness quality.
• Advanced Feature Restrictions: Evaluates, e.g., SharedArrayBuffer accessibility vis-à-vis Spectre mitigations.

Module results $p_i\in\{0,1\}$ are aggregated with criticality weights $w_i$ to form a composite security posture score:

$$S = \frac{\sum_{i=1}^N w_i p_i}{\sum_{i=1}^N w_i} \times 100\%.$$

Empirical baselines show Chrome/Edge/Firefox attain $S\approx96\%$, Safari $S\approx94\%$; enterprise configurations with policy hardening achieve $S\approx99\%$. Test durations are under five minutes (sequential) and sub-30 seconds (parallel) (Cohen, 12 May 2025).

4. Signature and Event Management

WebSentinel incorporates automatic signature generation and robust event telemetry for both edge-based script detection and in-browser assessment regimes. Upon malicious script detection, the system:

• Captures event tuples: (script text, type, obfuscation, IP, protocol, timestamp).
• Performs TF-IDF vectorization and hierarchical clustering with a meta-similarity adjustment:

$$D'(v_1,v_2) = \|v_1 - v_2\|\cdot(1-\alpha\cdot\mu),\quad \alpha=0.3$$

• Extracts conjunction signatures as the intersection of tokens within clusters, refining by IDF, and converting relevant IPs/URLs to regex.

Event and posture status updates are exported via JSON or syslog to SIEM/orchestration frameworks, supporting real-time compliance monitoring and policy enforcement. In-browser agents transmit detailed module outcomes and scores with user, hostname, and browser metadata, adhering to privacy-by-design principles (Jung et al., 2015, Cohen, 12 May 2025).

5. Evaluation and Performance Benchmarks

Empirical assessment of WebSentinel modules employs detection accuracy, false negative/positive rates, throughput, and real-time latency:

• Malicious script detection: ≈95.3% accuracy, 1 Gbps sustained throughput, 2.95 s mean web-page latency (Jung et al., 2015).
• Prompt injection defense: 0.991 detection accuracy, 0.987 localization JC, adaptive attack reductions in attack success rate from 0.64 to 0.06 (Wang et al., 3 Feb 2026).
• Browser posture analysis: Aggregate scores $S$ ranging from 94% (Safari) to 99% (enterprise Chrome), with module-level 95% confidence intervals for pass-rates (Cohen, 12 May 2025).

Performance optimizations include dynamic analysis offload, multi-threaded signature engines, LRU-caching of benign pages, and partial module re-execution on environmental changes.

6. Deployment, Integration, and Limitations

WebSentinel systems are operationalized via multiple vectors:

• Perimeter: Inline forward proxy, ICAP-units with policy-based routing, SIEM integration.
• Endpoint: Browser-centric instrumentation via user login scripts, scheduled tasks, or continuous SIEM reporting.
• Administration: UI for review/management of signatures, blacklists, and forensic logs.

Noted limitations involve the continued arms race with adaptive attackers (necessitating monitoring of evolving attack vectors), dependence on LLM capabilities (cost and prompt evolution), and the lack of automated remediation for compromised content in agent-facing scenarios. Privacy assurances are enforced through restricted data export and non-capture of user PII.

7. Research Impact and Future Directions

WebSentinel frameworks have established new benchmarks for accuracy and localization in both network-layer and agent-based attack detection, and have operationalized comprehensive, real-time browser posture measurement suitable for SIEM-driven enterprise environments. These systems advance detection methodology by combining modular static/dynamic inspection, segment-aware context parsing, and robust event-driven reporting.

Prospective advancements include automated remediation of localized attacks, scaling alignment checks through self-supervised methods, and expanding client-side test suites as web APIs and associated threats evolve. Continual integration of zero-trust verification architectures positions WebSentinel as an integral component of web and enterprise security assurance (Jung et al., 2015, Wang et al., 3 Feb 2026, Cohen, 12 May 2025).