NEXORASCAN: A MACHINE LEARNING–DRIVEN CHROME EXTENSION FOR REAL-TIME DETECTION OF MALICIOUS WEBSITES AND BROWSER PERMISSION ABUSE

Abstract

Malicious websites and abusive browser permissions continue to pose serious cybersecurity threats to internet users, while traditional blacklist-based protection mechanisms often fail to detect newly emerging and adaptive attacks in real time. This paper presents NexoraScan, a machine learning–driven security framework designed to identify malicious websites and browser permission abuse through a lightweight and privacy-preserving approach. The proposed system consists of three integrated com-ponents: (1) a Google Chrome extension developed using Mani-fest V3 for real-time website monitoring, (2) a web-based URL scanning platform, and (3) a companion Android application for accessible cross-platform protection. The framework extracts six behavioural and infrastructural security features directly from active browsing sessions and evaluates them using supervised ma-chine learning models, including Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbours (KNN), Decision Tree (DT), Logistic Regression (LR), and Naive Bayes (NB). Experimental evaluation was conducted on a balanced dataset containing 3,000 labelled website instances. Among all classifiers, Random Forest achieved the best performance with 95.0% accuracy, a macro F1-score of 0.95, and a ROC-AUC score of 0.98 under 5-fold cross-validation. Furthermore, real-time inference latency remained below 300 ms, making the solution suitable for practical browser-based deployment. Feature importance analysis demonstrates that SSL certificate validity, domain age, redirect behaviour, and JavaScript obfuscation indicators provide the strongest discriminative capability for malicious website detec-tion. The proposed framework uniquely combines infrastructure-level indicators with behaviour-level JavaScript analysis to detect both phishing-oriented and permission-abusing web activity. All prediction and analysis operations are executed locally within the browser environment, ensuring that no user browsing history or metadata is transmitted externally, thereby preserving user privacy and supporting GDPR-oriented data minimisation prin-ciples. Experimental results indicate that NexoraScan provides an effective, lightweight, and deployable solution for real-time malicious website detection on resource-constrained systems..