Sen Chen's Homepage

Sen Chen (陈 森)
Ph.D. Candidate
Nanyang Technological University, Singapore
East China Normal University, China
ecnuchensen AT gmail.com
chensen AT ntu.edu.sg

Sen Chen is a Ph.D. candidate focusing primarily on areas of mobile app security (e.g., Android malware, Android vulnerability) and mobile app testing (e.g., Android framework-specific exceptions). He received an ACM SIGSOFT Distinguished Paper Award at ICSE 2018.

I'm currently advised by Professor Lihua Xu (NYU Shanghai). In addition, I owe a big thanks to Professor Haojin Zhu (SJTU) for leading me into the field of mobile security. I am also a Research Assistant at School of Computer Science and Engineering of Nanyang Technological University in October 2016 to June 2019. During my visit in NTU, I am advised by Professor Liu Yang.

My research focuses on developing effective techniques and tools to improve mobile app security and quality:
Mobile APP Security:
  Android Malware Detection: StormDroid (AsiaCCS'16), Begonia (CCS'16)
  Adversarial Malware Detection: KuafuDet (MobiCom'16, Computers & Security'17)
  Android Vulnerability Detection: AUSERA (FSE'18)
  Android Grayware Detection: GrayDet
  Android Fake App Analysis: Ecosystem and Trend
  Android GUI Attack: GUI-Squatting Attack (TIFS)
Mobile APP Analysis:
  Android App Development (e.g., code review and code generation): StoryDroid
  Android App Exception Analysis: Exlocator (ICSE'18), APEChecker (ASE'18)
  Formal Verification: Eunomia (APSEC'16)


Android Malware: I worked on Android malware detection and classification (StormDroid) using machine learning (both static and dynamic features with statistical metrics) (refer to AsiaCCS'16). I've developed KuafuDet (refer to MobiCom'16, Elsevier Computers & Security'17) for Android malware detection using machine learning in adversarial environment. We examine how machine-learning classifiers (e.g., DroidAPIMiner, DREBIN, and MaMaDroid) can be misled under different threat models. We also proposed a malware detection system, termed Begonia (refer to CCS'16), through Pareto ensemble learning to trade off classification accuracy and time cost.

Android Vulnerability: I worked on security vulnerability detection (AUSERA) in security-critical FinTech applications (e.g., mobile banking apps and payment apps). We investigated the characteristics of these vulnerabilities, and the changing trend over time.

Android App Analysis/Testing: We conducted a large-scale empirical study to characterize framework-specific exceptions in Android apps, and implemented ExLocator (refer to ICSE'18), an exception localization tool, for Android applications. We proposed APEChecker (refer to ASE'18), a technique to efficiently manifest aysnc programming errors (APEs) in Android apps.

Formal Verification: We have developed a continuous verification system, termed Eunomia (refer to APSEC'16) to bi-directionally check conformance of model and corresponding source code.


Education

Ph.D. Student, Computer Science and Technology, East China Normal University, September 2014 - June 2019
Research Assistant, School of Computer Science and Engineering, NTU, January 2018 - June 2019
Visiting Ph.D. Student, School of Computer Science and Engineering, NTU, October 2016 - December 2017
B.S. Student, Software Engineering, Harbin Normal University, September 2010 - June 2014


Publications [Google Scholar] [DBLP]

 Sen Chen, Ting Su, Lingling Fan, Guozhu Meng, Minhui Xue, Yang Liu, and Lihua Xu, "Are Mobile Banking Apps Secure? What Can be Improved?", In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE2018), Industrial Track, Lake Buena Vista, Florida, United States, 2018

 Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu and Geguang Pu, "Efficiently Manifesting Asynchronous Programming Errors in Android Apps", In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE2018), Montpellier, France, 2018. (acceptance rate: 69/346 = 19.9%)

Sen Chen, Guozhu Meng, Ting Su, Lingling Fan, Yinxing Xue, Yang Liu, Lihua Xu, Minhui Xue, Bo Li, and Shuang Hao, "AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps".

Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu and Zhendong Su, "Large-Scale Analysis of Framework-Specific Exceptions in Android Apps", In Proceedings of the 40th International Conference on Software Engineering (ICSE2018), Gothenburg, Sweden, 2018. (acceptance rate: 105/502 = 20.9%) [Website]
 ACM SIGSOFT Distinguished Paper Award

Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojin Zhu, and Bo Li, "Automated Poisoning Attacks and Defenses in Malware Detection System: An Adversarial Machine Learning Approach", In Proceedings of the Elsevier Computers & Security, 2017. (accepted) [Download] [Website]

Lingling Fan, Sen Chen, Lihua Xu, Zongyuan Yang, Huibiao Zhu, Model-Based Continuous Verification, In Proceedings of the IEEE ASIA-Pacific Software Engineering Conference (APSEC2016), Hamilton, New Zealand, 2016. (acceptance rate: 19.7%)

Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu, "StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware", In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS2016), Xi'an, China, 2016. (acceptance rate: 20.9%)

Posters

Sen Chen, Minhui Xue, Lihua Xu, "Poster: Towards Adversarial Detection of Mobile Malware", In Proceedings of the Annual International Conference on Mobile Computing and Networking (MobiCom2016), New York, America, 2016.

Lingling Fan, Minhui Xue, Sen Chen, Lihua Xu, Haojin Zhu, "POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning", In Proceedings of the ACM Conference on Computer and Communications Security (CCS2016), Vienna, Austria, 2016.


Awards

FSE 2018 Travel Grant Award, ACM/SIGSOFT, September 2018
ACM SIGSOFT Distinguished Paper Award, May, 2018
University-level Outstanding Student, ECNU, China, December 2017
Graduate Student Visiting Scholarship, Singapore, February 2017
MobiCom 2016 Travel Grant Award, ACM/SIGMOBILE, August 2016
Graduate Student Overseas Visiting Scholarship, China, June 2016
University-level Outstanding Student, ECNU, China, December 2015
First Class Excellent Undergraduate Scholarship, October 2013
University-level Outstanding Student, October, 2013
National Scholarship, The Ministry of Education, China, October 2012


Talks

Automated Semantic-risk Assessment for Financial Apps, OCBC Bank, Singapore, January 2018

VulDigger: A Just-in-Time and Cost-Aware Tool for Digging Vulnerability-Contributing Changes, GLOBECOM'17, Singapore, December 2017

A Semantic-Based Analysis of Android Malware for Detection, SICW GovWare, Singapore, September 2017

Towards Adversarial Detection of Mobile Malware, MobiCom'16, New York, USA, October 2016

Machine Learning-Based Approach for Android Malware Detection, NTU, Singapore, October 2016

A Streaminglized Machine Learning-Based System for Detecting Android Malware, AsiaCCS'16, Xi'an, China, June 2016


Experience

Android Engineer -SOHU, Beijing, China - February to September, 2014
  -Android application development and Android UI analysis
JAVA Engineer -UFIDA, Beijing, China - March to July, 2013
  -Software application development and testing


Services

-REVIEWERS
IEEE Transactions on Information Forensics and Security (TIFS)

-Co-REVIEWERS
The ACM Conference on Computer and Communications Security (CCS 2018)
The IEEE/ACM International Conference on Automated Software Engineering (ASE 2018)
The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018)


Activities