WISE: A Browser Intrusion Prevention System Based on Generative AI and OSINT Threat Intelligence

WISE is a cloud-native browser Intrusion Prevention System (IPS) that integrates Groq Llama-3.3, Google Gemini generative AI, and multi-source OSINT threat intelligence to achieve real-time zero-day phishing detection, malicious script identification, and social engineering attack protection. It builds a complete protection loop through Chrome extensions, cloud-based intelligent core, and a visual dashboard.

In the digital age, browsers have become the core entry point for user interaction and the primary target for attackers. Traditional security software is limited to system-level protection and lacks an effective real-time response mechanism for in-browser threats (zero-day phishing, malicious script injection, social engineering attacks), leading to the birth of the WISE project.

WISE adopts a three-tier architecture:

1. Edge Perception Layer: A Chrome extension based on Manifest V3 that intercepts navigation requests in real time and sends URLs to the cloud for analysis;
2. Intelligent Core Layer: A FastAPI cloud backend that integrates multi-source OSINT intelligence queries and AI in-depth analysis, using SQLite3 to store logs;
3. Analysis and Display Layer: A glass-morphism visual dashboard that provides an intuitive display of threat logs, risk trends, and attack reports.

Dual-Model AI Analysis Engine

• Groq Llama 3.3 70B: Responsible for in-depth semantic analysis of web content, identifying phishing features, malicious scripts, and social engineering language;
• Google Gemini 1.5 Flash: Assists in content summarization and threat classification to improve analysis efficiency.

Multi-Source OSINT Integration

Integrates with authoritative intelligence sources such as VirusTotal v3 API, URLHaus, and Phishing.Database, matching known threats in milliseconds and initiating AI in-depth analysis for unknown threats.

• Hover Risk Assessment: Triggers background analysis when the mouse hovers over a link, displaying risk results in real time;
• Forced Isolation: Displays an isolation screen when the risk score exceeds 75%, blocking access and providing an AI-generated threat report;
• Glass-Morphism Dashboard: An immersive visual experience showing historical threats, risk trends, and attack type distribution.

Technology Stack:

• Backend: Python + FastAPI + SQLite3;
• Frontend: JS (ES6+) + Chrome Manifest V3 + CSS3 3D;
• AI/Intelligence: Groq API, Google Gemini, VirusTotal, etc. Deployment Steps:

1. Clone the repository: git clone https://github.com/surajyadav04/WISE-AI-Defense.git;
2. Configure API keys for GROQ, GEMINI, etc.;
3. Start the backend: python app.py;
4. Load the Chrome extension (from the /extension directory).

• Technological Innovation: First to deeply integrate generative AI and OSINT into real-time browser protection, creating an "AI-driven + intelligence-enabled" architecture;
• User Experience: Unobtrusive analysis + intuitive visualization, lowering the threshold for secure usage;
• Educational Significance: Developed by students from Parul University, providing a model for AI security talent cultivation;
• Open-Source Contribution: Offers reusable solutions to promote the sharing of browser security technologies.

WISE has built a browser security ecosystem with real-time detection, intelligent analysis, and visualization. Future explorations can include: deep integration with browser vendors, enterprise-level deployment solutions, federated learning-based privacy-preserving threat intelligence sharing mechanisms, to drive innovation in browser security technologies.