Use of anomaly detection on client side to protect against web attacks

With the raise of web 2.0 applications we see more and more client side vulnerability in which a web application vulnerability is being used to attack one of the users of the web application.

    Today, automatic detections/preventions of this is mainly being done in two areas:
1. Server side protection (IPS/IDS) - Some of these protection mechanisms relies on signatures based rules or anomaly detection to identify attack requests. Beside having a lot of other problem - these protection mechanisms have a intrinsic problem

when trying to deal with some specific client side attacks such as dom based

cross-site scripting (in which the attack itself is not being sent to the server) and CSRF (in which the attack is delivered through one server tricking a victim into sending a seemingly legitimate request to another).
2. Client Side Protection - Today solution mainly use signature based protection, sandboxing and code execution to block or delete malicious scripts out of a response.

    Since many of these web attacks are done through textual modifications of the HTTP Requests, it is very easy to create a unique and new attack that will overcome many of the existing solutions
The flow will include 3 components:
1)

A utility installed on the client side gathering all the information mentioned above

A component maintaining the profile of a

                            "normal" use of the system, sitting on a central server (either the web application itself or some other...