Md. Shohrab Hossain

Saikat Barua, Mostafizur Rahman, Md Jafor Sadek et al.

The principles of automation and innovation serve as foundational elements for advancement in contemporary science and technology. Here, we introduce Pygen, an automation platform designed to empower researchers, technologists, and hobbyists to bring abstract ideas to life as core, usable software tools written in Python. Pygen leverages the immense power of autoregressive large language models to augment human creativity during the ideation, iteration, and innovation process. By combining state-of-the-art language models with open-source code generation technologies, Pygen has significantly reduced the manual overhead of tool development. From a user prompt, Pygen automatically generates Python packages for a complete workflow from concept to package generation and documentation. The findings of our work show that Pygen considerably enhances the researcher's productivity by enabling the creation of resilient, modular, and well-documented packages for various specialized purposes. We employ a prompt enhancement approach to distill the user's package description into increasingly specific and actionable. While being inherently an open-ended task, we have evaluated the generated packages and the documentation using Human Evaluation, LLM-based evaluation, and CodeBLEU, with detailed results in the results section. Furthermore, we documented our results, analyzed the limitations, and suggested strategies to alleviate them. Pygen is our vision of ethical automation, a framework that promotes inclusivity, accessibility, and collaborative development. This project marks the beginning of a large-scale effort towards creating tools where intelligent agents collaborate with humans to improve scientific and technological development substantially. Our code and generated examples are open-sourced at [https://github.com/GitsSaikat/Pygen]

Md Abdul Ahad Minhaz, Zannatul Zahan Meem, Md. Shohrab Hossain

Phishing remains one of the most prevalent online threats, exploiting human trust to harvest sensitive credentials. Existing URL- and HTML-based detection systems struggle against obfuscation and visual deception. This paper presents \textbf{PhishSnap}, a privacy-preserving, on-device phishing detection system leveraging perceptual hashing (pHash). Implemented as a browser extension, PhishSnap captures webpage screenshots, computes visual hashes, and compares them against legitimate templates to identify visually similar phishing attempts. A \textbf{2024 dataset of 10,000 URLs} (70\%/20\%/10\% train/validation/test) was collected from PhishTank and Netcraft. Due to security takedowns, a subset of phishing pages was unavailable, reducing dataset diversity. The system achieved \textbf{0.79 accuracy}, \textbf{0.76 precision}, and \textbf{0.78 recall}, showing that visual similarity remains a viable anti-phishing measure. The entire inference process occurs locally, ensuring user privacy and minimal latency.

Hafijul Hoque Chowdhury, Riad Ahmed Anonto, Sourov Jajodia et al.

With the rapid growth of smart home IoT devices, users are increasingly exposed to various security risks, as evident from recent studies. While seeking answers to know more on those security concerns, users are mostly left with their own discretion while going through various sources, such as online blogs and technical manuals, which may render higher complexity to regular users trying to extract the necessary information. This requirement does not go along with the common mindsets of smart home users and hence threatens the security of smart homes furthermore. In this paper, we aim to identify and address the major user-level security concerns in smart homes. Specifically, we develop a novel dataset of Q&A from public forums, capturing practical security challenges faced by smart home users. We extract major security concerns in smart homes from our dataset by leveraging the Latent Dirichlet Allocation (LDA). We fine-tune relatively "smaller" transformer models, such as T5 and Flan-T5, on this dataset to build a QA system tailored for smart home security. Unlike larger models like GPT and Gemini, which are powerful but often resource hungry and require data sharing, smaller models are more feasible for deployment in resource-constrained or privacy-sensitive environments like smart homes. The dataset is manually curated and supplemented with synthetic data to explore its potential impact on model performance. This approach significantly improves the system's ability to deliver accurate and relevant answers, helping users address common security concerns with smart home IoT devices. Our experiments on real-world user concerns show that our work improves the performance of the base models.

Asad Ali, Samin Rahman Khan, Sadman Sakib et al.

Multi-Access or Mobile Edge Computing (MEC) is being deployed by 4G/5G operators to provide computational services at lower latencies. Federating MECs across operators expands capability, capacity, and coverage but gives rise to two issues - third-party authentication and application mobility - for continuous service during roaming without re-authentication. In this work, we propose a Federated State transfer and 3rd-party Authentication (FS3A) mechanism that uses a transparent proxy to transfer the information of both authentication and application state across operators to resolve these issues. The FS3A proxy is kept transparent, with virtual counterparts, to avoid any changes to the existing MEC and cellular architectures. FS3A provides users with a token, when authenticated by an MEC, which can be reused across operators for faster authentication. Prefetching of subscription and state is also proposed to further reduce the authentication and application mobility latencies. We evaluated FS3A on an OpenAirInterface (OAI)-based testbed and the results show that token reuse and subscription prefetching reduce the authentication latency by 53-65%, compared to complete re-authentication, while state prefetching reduces application mobility latency by 51-91%, compared to no prefetching. Overall, FS3A reduces the service interruption time by 33%, compared to no token reuse and prefetching.

Asad Ali, Tushin Mallick, Sadman Sakib et al.

Multi-Access Edge computing (MEC) and Fog computing provide services to subscribers at low latency. There is a need to form a federation among 3GPP MEC and fog to provide better coverage to 3GPP subscribers. This federation gives rise to two issues - third-party authentication and application mobility - for continuous service during handover from 3GPP MEC to fog without re-authentication. In this paper, we propose: 1) a proxy-based state transfer and third-party authentication (PS3A) that uses a transparent proxy to transfer the authentication and application state information, and 2) a token-based state transfer and proxy-based third-party authentication (TSP3A) that uses the proxy to transfer the authentication information and tokens to transfer the application state from 3GPP MEC to the fog. The proxy is kept transparent with virtual counterparts, to avoid any changes to the existing 3GPP MEC and fog architectures. We implemented these solutions on a testbed and results show that PS3A and TSP3A provide authentication within 0.345-2.858s for a 0-100 Mbps proxy load. The results further show that TSP3A provides application mobility while taking 40-52% less time than PS3A using state tokens. TSP3A and PS3A also reduce the service interruption latency by 82.4% and 84.6%, compared to the cloud-based service via tokens and prefetching.