College of Graduate Studies: Theses & Dissertations

Term of Award

Spring 2026

Degree Name

Master of Science, Information Technology

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Department

Department of Information Technology

Committee Chair

Dr. Atef Mohamed (Shalan)

Committee Member 1

Dr. Lei Chen

Committee Member 2

Dr. Hayden Wimmer

Abstract

The rapid evolution of web browsers into fully fledged application execution environments has significantly expanded their attack surface, making them prime targets for sophisticated zero-day exploits that evade traditional signature-based security mechanisms. To address this challenge, this research proposes an AI-driven framework for real-time detection and analysis of zero-day exploits in web browsers by integrating browser-level telemetry monitoring, unsupervised anomaly detection, and large language model–based threat interpretation. The framework introduces a lightweight WebAssembly telemetry agent embedded within the browser runtime to capture low-level execution behaviors, including WASM module instantiation, memory growth patterns, network interactions, and runtime API activity. These telemetry signals are aggregated and transformed into structured behavioral features representing browser activity in real time. To detect suspicious behavior without relying on labeled attack datasets, the system employs an Isolation Forest–based unsupervised anomaly detection model that learns baseline browser behavior and identifies deviations indicative of potential exploit activity. Detected anomalies are further analyzed using large language models (LLMs), including Gemini Flash and OpenAI-based models, which provide contextual interpretation, cluster related anomalous events, and assign structured risk levels. Experimental evaluation using live browser telemetry demonstrates the system’s ability to identify clusters of anomalous behavior associated with irregular WASM operations, abnormal network patterns, and suspicious domain interactions. Overall, the results show that combining browser instrumentation, unsupervised machine learning, and generative AI provides an effective and scalable approach for proactive detection of zero-day threats in modern web environments.

Research Data and Supplementary Material

No

Download

Share

COinS