System Active // V3.0.0
LOC: 23.8103° N
Published & under review

Research

Academic work outside the day job — a Kubernetes runtime-security paper under review at an Elsevier journal, plus other written research.

PAPER: 001/2026

GCID: Graph-Correlated Intrusion Detection for Kubernetes, Delivering auditd-Class Event Correlation at eBPF Cost

Awesh Islam, Tausif RashidBangladesh University of Engineering and Technology

Under reviewComputers & Security (Elsevier)

Container escapes and lateral movement are the dominant post-compromise threats in Kubernetes, yet runtime defenses force a choice between semantic depth and deployability: auditd-based provenance IDS reason about why an event is malicious but impose 15-20% overhead with poor container attribution, while eBPF signature engines such as Falco deploy cheaply but evaluate one event at a time. We present GCID, a single Kubernetes-native agent that carries auditd-class event correlation onto the eBPF substrate with in-kernel cgroup attribution, detecting both container-escape and lateral-movement attacks; detection runs on bounded per-cgroup state while the provenance graph it builds serves explainability. On single-node k3s, GCID detects all eight evaluated scenarios at ≥99.9% per-scenario reliability at 3.4% application-throughput cost. Against a competent operator's Falco ruleset, Falco detects seven of eight at 100% but fails the credential-exfiltration chain (0/10): a correlation (token read then API connect) that per-event rule languages cannot express. We show this is not a one-off by detecting a second correlation-only family (data exfiltration, sensitive read then external egress) at 90/90 with zero false positives; we confirm the same gap directly in Tetragon, the closest eBPF prior art, whose complete policy grammar we enumerate to show it has no cross-event join operator. We are candid that this is one read-then-act primitive shown on two instantiations, not yet a broad taxonomy. The bare correlation false-fires on every legitimate API client, but service-account scoping restores a 0.55% false-positive rate under realistic churning load while still detecting a compromised pod. We bound the result honestly: it covers attacks within a 60s window (a one-line sleep evades it, the cost of bounded memory), with compromise of an already-authorized client the irreducible residual. We validate two real escapes on a patched kernel 6.8 and release a complete reproduction artifact.

eBPFKubernetes SecurityContainer EscapeLateral MovementProvenance GraphRuntime Intrusion DetectionSyscall Monitoring

PAPER: 002/2026-06-15

Beyond the Forum: From Perceived to Causal Sycophancy — A Critique and a Longitudinal Research Agenda

Awesh IslamBangladesh University of Engineering and Technology

Screening submissionUniversity of Illinois Urbana-Champaign — summer research program screening

A two-part piece written for a research-program screening round. Part 1 critiques a recent paper mapping how Reddit users detect and respond to LLM sycophancy, arguing that its forum-based design measures perceived sycophancy rather than model behavior, collapses distinct phenomena (stylistic flattery, epistemic capitulation, self-affirmation) into one construct, samples on the dependent variable, and draws an unidentified causal leap from felt support to actual benefit — set against a table of five representative studies from the experimental literature. Part 2 proposes the research this gap calls for: an 8-week, 2×2 (demeanor × stance) randomized field experiment with a purpose-built, transcript-logged AI assistant, testing whether sycophancy's effects on calibration, dependence, and well-being compound, plateau, or decay under real repeated use, with pre-registered hypotheses, a feedback-loop model, and vulnerable-subgroup safeguards (real-time distress detection, clinician escalation, a DSMB).

LLM SycophancyAI AlignmentLongitudinal RCTHCICausal InferenceResearch Methodology