Research

Current research interests and ongoing projects

Research Interests

AI for Software Engineering (AI4SE) Empirical Software Engineering Software and LLM Security Human-Centered Computing Blockchain Systems

Research Projects

First large-scale cross-platform study analyzing ~45,000 repositories across 5 major platforms (Hugging Face, ModelScope, OpenCSG, OpenMMLab, PyTorch Hub) with co-authors Mohammad Latif Siddiq and Joanna C. Santos. Detected security vulnerabilities using static analyzers (Bandit, CodeQL, Semgrep) and YARA malware signatures: found CWE-502 (unsafe deserialization) in 74.54% and CWE-95 (eval injection) in 15.02% of affected repositories; 10.41% of Hugging Face repos contain security smells. Analyzed 600+ developer discussions to create taxonomy of security misconceptions; revealed only 6.6% SafeTensors adoption and widespread trust_remote_code usage. In Review at MSR 2026.
Extending ReAgent to detect aligned backdoors that maintain semantic consistency while subverting user intent through preference manipulation; collaboration with Dr. Chowdhury Md. Rakin Haider (BUET). Implementing Text/Env-STRIP for perturbation-based runtime detection achieving FAR ≤ 5% at FRR = 1-2%, and K-Arm trigger inversion for forensic analysis with multi-armed bandit optimization. Evaluating on 3 benchmarks (WebShop-1.18M products, OSWorld-369 tasks, AgentBench) against comprehensive attack suite including Sleeper-style, instruction backdoors, and multi-turn hidden triggers.

Multi-Agent Framework for Generating Relational DB Schema & ERD

July 2025 - Present
Extended SchemaAgent with Dr. Sukarna Barua (BUET) using LangGraph StateGraph architecture with conditional routing and 3-tier auto-repair system. Designed 6-stage decomposed pipeline with specialized agents for entity extraction, relationship mining, and normalization with Z3 formal verification. Implemented granular component-level retry mechanism with intelligent violation analysis, reducing redundant LLM calls by 80%.
Collaborating with Dr. Sukarna Barua, Assistant Professor at BUET, who specializes in software engineering, data science, and machine learning applications.

Design by Contract for LLM APIs

Nov 2024 - Present
Developing taxonomy for API contracts through empirical study of 412 real-world issues with Dr. Akond Rahman (Auburn University). Created OpenAI SDK and LangChain extensions for automatic contract enforcement and runtime remediation. Implemented precondition/postcondition validators with automatic retry mechanisms and fallback strategies.
Collaborating with Dr. Akond Rahman, Assistant Professor at Auburn University, who specializes in DevOps, cybersecurity, and secure software development. Dr. Rahman leads the PASER (Practical and Actionable Software Engineering Research) group, focusing on practical software engineering research that bridges the gap between academic research and industry practice.
Developed uReporter -- Bangladesh's first anonymous reporting system during 2024 national crisis. Analyzed 124 crowd-sourced reports using six transformer models with multilingual NLP pipeline for Bengali/Romanized Bengali. Demonstrated anonymous crowd-sourcing's potential for understanding Global South socio-political dynamics.
Collaborated with the uReporter team at BUET. The project has received coverage from international media including BBC Bengali, Saudi Gazette, and Global Voices.
Undergraduate Thesis. Designed blockchain framework with encrypted off-chain IPFS storage and on-chain Ethereum access control under Professor ASM Latiful Hoque (BUET). Implemented ERC-721 based patient records with AES-GCM encryption, ECIES key wrapping, and EIP-712 signed permissions. Evaluated system performance and security on 10,000 synthetic patient records demonstrating scalability and privacy preservation.
Supervised by Professor ASM Latiful Hoque from BUET (my undergraduate thesis supervisor), who specializes in data warehousing, data mining, big data analytics, and database technologies.