Client-side runtime integrity agent for detecting man-in-the-browser attacks using forensic monitoring and anomaly detection

Laila, D.; Amin, M.; Alqutaish, A.; Shehab, R.

Growing Science » International Journal of Data and Network Science » Client-side runtime integrity agent for detecting man-in-the-browser attacks using forensic monitoring and anomaly detection

Journals

IJDS Volumes

Volume 1 (8)
- Issue 1 (5)
- Issue 2 (3)

Volume 2 (12)
- Issue 1 (3)
- Issue 2 (3)
- Issue 3 (3)
- Issue 4 (3)

Volume 3 (27)
- Issue 1 (4)
- Issue 2 (9)
- Issue 3 (8)
- Issue 4 (6)

Volume 4 (37)
- Issue 1 (6)
- Issue 2 (15)
- Issue 3 (7)
- Issue 4 (9)

Volume 5 (86)
- Issue 1 (9)
- Issue 2 (11)
- Issue 3 (32)
- Issue 4 (34)

Volume 6 (163)
- Issue 1 (30)
- Issue 2 (33)
- Issue 3 (40)
- Issue 4 (60)

Volume 7 (200)
- Issue 1 (53)
- Issue 2 (46)
- Issue 3 (46)
- Issue 4 (55)

Volume 8 (243)
- Issue 1 (60)
- Issue 2 (61)
- Issue 3 (60)
- Issue 4 (62)

Volume 9 (96)
- Issue 1 (20)
- Issue 2 (6)
- Issue 3 (30)
- Issue 4 (40)

Volume 10 (80)
- Issue 1 (40)
- Issue 2 (40)

Countries

International Journal of Data and Network Science

ISSN 2561-8156 (Online) - ISSN 2561-8148 (Print) Quarterly Publication Volume 10 Issue 1 pp. 483-498 , 2026

Client-side runtime integrity agent for detecting man-in-the-browser attacks using forensic monitoring and anomaly detection Pages 483-498 Download PDF

Authors: Dena Abu Laila, Mohammed Amin, Amer Alqutaish, Rami Shehab

DOI: 10.5267/j.ijdns.2025.9.004

Keywords: Man-in-the-Browser, Cybersecurity, Anomaly detection, Runtime integrity, Browser security, Malware detection, Financial fraud preventio

Abstract: Man-in-the-Browser (MitB) attacks represent a sophisticated class of web-based threats that manipulate browser functionality to intercept and modify user transactions in real-time. Traditional server-side detection mechanisms often fail to identify these attacks due to their client-side nature and encrypted communication channels. This paper presents a novel client-side runtime integrity agent that employs forensic monitoring and machine learning-based anomaly detection to identify MitB attacks at their source. The proposed system integrates DOM integrity verification, memory forensic analysis, and behavioral pattern recognition to detect malicious browser modifications before they can compromise user sessions. Our experimental evaluation demonstrates a detection accuracy of 97.3% with a false positive rate of 2.1%, significantly outperforming existing client-side detection methods. The system successfully identified various MitB attack vectors, including Zeus, SpyEye, and custom injection payloads, while maintaining a minimal computational overhead of less than 3% CPU utilization.

How to cite this paper

 Laila, D., Amin, M., Alqutaish, A & Shehab, R. (2026). Client-side runtime integrity agent for detecting man-in-the-browser attacks using forensic monitoring and anomaly detection.International Journal of Data and Network Science, 10(1), 483-498.

Refrences

Abdulateef, O. G., Joudah, A., Abdulsahib, M. G., & Alrammahi, H. (2025). Designing a robust machine learning-based framework for secure data transmission in Internet of Things (IoT) environments: A multifaceted approach to security challenges. Journal of Cyber Security and Risk Auditing, 2025(4), 266–275. https://doi.org/10.63180/jcsra.thestap.2025.4.6 Addula, S. R., & Ali, A. (2025). A novel permissioned blockchain approach for scalable and privacy-preserving IoT authentication. Journal of Cyber Security and Risk Auditing, 2025(4), 222–237. https://doi.org/10.63180/jcsra.thestap.2025.4.3 Addula, S. R., Norozpour, S., & Amin, M. (2025). Risk assessment for identifying threats, vulnerabilities, and countermeasures in cloud computing. Jordanian Journal of Informatics and Computing, 2025(1), 38–48. https://doi.org/10.63180/jjic.thestap.2025.1.5 Akamai Technologies. (2023). State of the Internet / Security: Web attacks and gaming abuse report. Technical Report. Albinhamad, H., Alotibi, A., Alagnam, A., Almaiah, M., & Salloum, S. (2025). Vehicular ad-hoc networks (VANETs): A key enabler for smart transportation systems and challenges. Jordanian Journal of Informatics and Computing, 2025(1), 4–15. https://doi.org/10.63180/jjic.thestap.2025.1.2 Aldaghlawy, H. J., & Al-Shareeda, M. A. (2025). The role of simulating digital threats through interactive theater performances. Journal of Cyber Security and Risk Auditing, 2025(4), 276–286. https://doi.org/10.63180/jcsra.thestap.2025.4.7 Al-Shareeda, M. A., Najm, L. B., Hassan, A. A., Mushtaq, S., & Ali, H. A. (2024). Secure IoT-based smart agriculture system using wireless sensor networks for remote environmental monitoring. STAP Journal of Security Risk Management, 2024(1), 56–66. https://doi.org/10.63180/jsrm.thestap.2024.1.4 Alshinwan, M., Memon, A. G., Ghanem, M. C., & Almaayah, M. (2025). Unsupervised text feature selection approach based on improved prairie dog algorithm for text clustering. Jordanian Journal of Informatics and Computing, 2025(1), 27–36. https://doi.org/10.63180/jjic.thestap.2025.1.4 Alsahaim, S., & Maayah, M. (2023). Analyzing cybersecurity threats on mobile phones. STAP Journal of Security Risk Management, 2023(1), 3–19. https://doi.org/10.63180/jsrm.thestap.2023.1.2 Almaiah, M. (2025). Framework for node detection in cloud computing: A multi-metric approach integrating security, availability, and latency factors. Journal of Cyber Security and Risk Auditing, 2025(4), 238–256. https://doi.org/10.63180/jcsra.thestap.2025.4.4 Almaiah, M. A., & Kadel, R. (2025). Leveraging ACO, GA, and GWO for enhancing port scan attack detection using machine learning. Journal of Cyber Security and Risk Auditing, 2025(4), 306–326. https://doi.org/10.63180/jcsra.thestap.2025.4.9 Almaayah, M., & Sulaiman, R. B. (2024). Cyber risk management in the Internet of Things: Frameworks, models, and best practices. STAP Journal of Security Risk Management, 2024(1), 3–23. https://doi.org/10.63180/jsrm.thestap.2024.1.1 Asassfeh, M., Samara, G., Zaid, A. A., Laila, D. A., Al-Anzi, S., Alqammaz, A., & Al-Mousa, M. R. (2024, December). Penetration testing overview—Opportunities and ethical considerations: Literature notes. In 2024 International Jordanian Cybersecurity Conference (IJCC) (pp. 131–135). IEEE. Bandhakavi, S., et al. (2011). VEX: Vetting browser extensions for security vulnerabilities. In Proceedings of the 19th USENIX Security Symposium (pp. 339–354). Bilge, L., et al. (2012). EXPOSURE: Finding malicious domains using passive DNS analysis. In Proceedings of the Network and Distributed System Security Symposium (pp. 1–17). Binsalleeh, H., et al. (2010). On the analysis of the Zeus botnet crimeware toolkit. In Proceedings of the 8th Annual International Conference on Privacy, Security and Trust (pp. 31–38). Canali, D., et al. (2011). A quantitative study of accuracy in system call-based malware detection. In Proceedings of the International Symposium on Software Testing and Analysis (pp. 122–132). Cova, M., et al. (2010). Detection and analysis of drive-by-download attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web (pp. 281–290). Gühring, P. (2007). Concepts against man-in-the-browser attacks. In Secure Networking – CANS 2007 (pp. 1–12). Holz, T., et al. (2009). Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm worm. In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (pp. 1–9). Janczewski, L., & Colarik, A. M. (2013). Cyber warfare and cyber terrorism. IGI Global. Kirat, D., & Vigna, G. (2015). MalGene: Automatic extraction of malware analysis evasion signature. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 769–780). Kirda, E., & Kruegel, C. (2006). Protecting users against phishing attacks. The Computer Journal, 49(5), 554–561. Kotov, V., & Massacci, F. (2013, February). Anatomy of exploit kits: Preliminary analysis of exploit kits as software artefacts. In International symposium on engineering secure software and systems (pp. 181-196). Berlin, Heidelberg: Springer Berlin Heidelberg. Laila, D. A., Aljaidi, M., Almaiah, M. A., AlBourini, M., Al-Na’amneh, Q., Samara, G., & Momani, K. (2025). A novel scheme to optimize LSB steganography based on a logistic chaotic map and genetic algorithm. Iraqi Journal for Computer Science and Mathematics, 6(2), 24. Laila, D. A., Al-Na’amneh, Q., Aljaidi, M., Nasayreh, A. N., Gharaibeh, H., Al Mamlook, R., & Alshammari, M. (2024). Simulation of routing protocols for jamming attacks in mobile ad-hoc networks. In Risk Assessment and Countermeasures for Cybersecurity (pp. 235–252). IGI Global Scientific Publishing. Liu, D., et al. (2014). A survey on secure data analytics in edge computing. IEEE Internet of Things Journal, 6(3), 4946–4967. Reina, A., et al. (2013). A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors. EuroSec, 13. Rossow, C., et al. (2012). Prudent practices for designing malware experiments: Status quo and outlook. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 65–79). IEEE. Satar, S. D. M., Hussin, M., Afendee Mohamed, M., Abd Hamid, N., Abd Kadir, M. F., Muda, R., & Samual, J. (2025). Secure access control using ciphertext policy attribute-based encryption with performance optimization in cloud computing. Journal of Cyber Security and Risk Auditing, 2025(4), 287–305. https://doi.org/10.63180/jcsra.thestap.2025.4.8 Sood, A., & Enbody, R. (2014). Targeted cyber attacks: Multi-staged attacks driven by exploits and malware. Syngress. Stone-Gross, B., et al. (2011). The underground economy of Zeus: Research opportunities and challenges. In Proceedings of the 1st Workshop on Large-Scale Exploits and Emergent Threats (pp. 1–8). Sulaiman, R. B., & Khraisat, A. (2025). Metaheuristic-driven feature selection with SVM and KNN for robust DDoS attack detection: A comparative study. Journal of Cyber Security and Risk Auditing, 2025(4), 182–203. https://doi.org/10.63180/jcsra.thestap.2025.4.1 Wang, W., et al. (2017). Detecting Android malware leveraging text semantics of network flows. IEEE Transactions on Information Forensics and Security, 13(5), 1096–1109. Wyke, J., & Ajjan, A. (2013). The ZeuS P2P botnet. SophosLabs Technical Paper. Zhang, J., et al. (2018). Real-time detection of Android malware with ensemble learning methods. Journal of Real-Time Image Processing, 15(1), 189–201.