Active Projects

CodeCleaner

CodeCleaner is about the supply chain security for RUST. The secure programming languages like RUST can also be made unsafe for critical softwares by adding malicious code to the dependecies. There is a notion of trust between developers when using these dependecies. However, some people exploit this to conduct attacks such as data leakages or creating a backdoor in the application. This tool aims to address this problem. We scan all the dependecies the application is using and check them for side effects. If found anything it automatically switches to a safer version. In case it cannot find a safe alternative, it notifies the developer about the side effects. The code will be made open source, once completed. This work is being done under the supervsion of Dr. Caleb Stanford.

Voice Domain Ad Targetting

We are currently embarking on an ambitious project aimed at revolutionizing voice domain ad targeting, specifically through Alexa-enabled devices. Our project, in its developmental phase, is centered around creating a 'Shazam for Ads'—a novel concept in the realm of digital advertising. Leveraging cutting-edge machine learning techniques, we are exploring new frontiers in advertisement targeting via smart speakers. A pivotal aspect of our research is the commitment to user privacy and data security. We are actively developing robust mechanisms for user data obfuscation to ensure the highest standards of privacy protection while delivering a tailored and efficient ad experience. This in-progress initiative promises to set new benchmarks in targeted advertising and user privacy in the voice-activated technology space. This work is done under the supervision of Dr. Zubair Shafiq.

DNS Vs DDoS Attacks

This is a course project for ECS 235A - Computer and Information Security. We are building a Domain Name Server that can remain functional in case of a denial of service attack. We also aim to maximise the efficiency and reduce latency.

Crowd Analytics

The Crowd Monitoring System is a startup project offering real-time crowd density data for public spaces. Utilizing advanced machine learning in computer vision, it integrates with existing camera infrastructure for cost-effective setup. This system aims to enhance decision-making and efficiency by providing crowd information through popular platforms like Google Maps, making it accessible to the public. This work is done under the supervision of Dr. Dipak Ghosal.

Relics from the Past

Privacy Enhancing Web Refactoring

The presence of tracking javascript code on a webpage poses a threat to the privacy of the user. To evade detection from privacy-enhancing content-blocking tools, trackers have started using bundling tools to 'mix' the scripts such that removing them breaks functionality. Our project aims to refactor or un-bundle such mixed-use javascript so that content-blocking tools can become effective again. Heading a team of students, I have designed and implemented a chromium browser-based pipeline to detect bundled code. We focus on the popular webpack bundling tool and use Brave's pagegraph representation for Alexa top 1K websites. We analyze the graphs and interactions between different graph components to train a Machine learning model. Our approach detects bundled code with 98% accuracy.

Accessibility of Advertisements

This is a first-of-its-kind study to quantify the accessibility of advertisements across websites and advertisement platforms. The main idea behind the project was that while accessibility support does exist, the browsing experience for visually impaired people is very different due to a lack of compliance and understanding. Our goal is to create an inclusive browsing experience for visually impaired users who rely on screen readers. We collected advertisements from the most frequently visited 10k websites from the tranco list. We analyzed the extracted HTML and checked features like the presence of aria-label, aria-hidden, and aria-live. We also performed a manual analysis of the meaningfulness of the aria label. We do this study across the ranks and ad platforms to see how this accessibility varies. Our results show that accessibility support is highly variable and is typically provided to tick a checkbox rather than care about actual usability.

Bloodlink

Bloodlink is department of community service society at LUMS. They aim to connect blood requestors with donors in case of an emergency. This society has been functional for 15+ years at LUMS. I developed a mobile application to automate their manual system. It allows people to request for blood and than application automatically makes a post on bloodlink social media accounts moreover, it also sends an email and push notification to people who have the requested blood group. Moreover, with a single click, it allows the admins to send a mass email to all email IDs registered under the LUMS domain. It is up on playstore at the following link.

LUMS Digital Archive

As part of my RAship at Technology for People Initiative Lab at LUMS. I developed parts of the LUMS digital archive website. The LUMS Digital Archive is a research repository that aims at collecting, cataloging and preserving rare material (books, pamphlets, newspapers and other items) of historical significance and making them available to researchers. In particular, the archive focuses on events, groups, movements and personalities relating to broader historical, political and cultural trends in South Asia, with an emphasis on preserving the accounts of marginalized and subaltern groups. This site is available at this link

Git Secrets

As part of my RAship at the Internet Security and Privacy Lab (LUMS), I worked on characterising secret leakages through public GitHub repos. We cloned the thousand most frequently updated public GitHub repos. We used deep learning techniques to process the code in these repositories to build a model that could extract secrets like API keys, access tokens, and app_keys. We were able to extract a lot of secrets from a small-scale experiment. This project is in second phase now, where we aim to extend this project by looking at the git history (for instance, if some secret was committed in the past and then removed) and to build a tool that can check the staged changes before pushing, thus avoiding accidental leakage of secrets.

NPM Hidden Dependencies

This was a measurement study of how NPM dependencies have evolved. We also programmatically analyzed these dependencies to flag any malicious dependencies. We built a parser to replicate the working of the npm dependency tree, but it also flags the packages in node_modules that are not present as a dependency for any other package. We aim to analyze these packages to see what purposes they serve programmatically. We akso see how and when these malicious dependecies were added in the package.

AssistTh

The idea was to tackle health-related problems by linking patients and physicians and considering numerous factors while optimizing the efficiency of available resources. The COVID-19 pandemic posed a threat to elderly and disabled patients who needed regular health care checkups. We conducted a study, taking in opinons of doctors and patients to develop a mobile application to effictively and effictively carry out these routine checkups. We also supported online consulations and checkups. Furthur details can be found on this link

ASR Model

Built an ASR model for Urdu langauge obtaining WER as low as 0.2. I also recorded the dataset myself which contained all the phonemes of Urdu Language.

Keyword Spotting System

Used the wav2vec2 model develiped by meta and fine tuned it for the Urdu language. Obtained an accuracy as high as ninety percent.

Chat Application

Built a simple chat application using sockets and mult-threading in python. Implemented the UDP protocol and than upgraded it to TCP. The application allowed file sharing as well.

Robot

Built a cute minion robot which could follow a line. It can avoid obstacles as well. I named it banaana. It was developed for a competetion held at LUMS. Around 40 teams partcipated in the competition. I ranked fourth in the tournament. Here is a picture of the robot