|Sen Chen (陈 森) Ph.D. Candidate Nanyang Technological University, Singapore East China Normal University, China ecnuchensen AT gmail.com chensen AT ntu.edu.sg|
Sen Chen is a Ph.D. candidate focusing primarily on areas of mobile security (e.g., Android malware, Android vulnerability) and Android testing. He received an ACM SIGSOFT Distinguished Paper Award at ICSE 2018.
My research focuses on developing effective techniques and tools to improve mobile app security and quality:
- Android Malware Detection: StormDroid (AsiaCCS'16), Begonia (CCS'16)
- Adversarial Malware Detection: KuafuDet (MobiCom'16, Computers & Security'17)
- Android Vulnerability Detection: AUSERA (FSE'18, arXiv'18)
- Android GUI Attack: GUI-Squatting Attack (XX'18)
- Android App Analysis/Testing: Exlocator (ICSE'18), APEChecker (ASE'18)
- Formal Verification: Eunomia (APSEC'16)
I am currently advised by Professor Lihua Xu at East China Normal University and NYU Shanghai. In addition, I owe a big thanks to Professor Haojin Zhu (Shanghai Jiao Tong University) and Minhui Xue for leading me into the field of mobile security pertinent issues with his profound knowledge.
I am also a research assistant at School of Computer Science and Engineering of Nanyang Technological University in October 2016 to June 2019. During my visit in NTU, I am advised by Professor Liu Yang. In addition, I am working closely with Lingling Fan, Ting Su, and Guozhu Meng on Android app security and testing.
I would like to thank Pwnzen Infotech Inc. for providing us a copy of industrial mobile malware and helpful industry experience.
Android Malware: I worked on Android malware detection and classification (StormDroid) using machine learning (both static and dynamic features with statistical metrics) (refer to AsiaCCS'16). I've developed KuafuDet (refer to MobiCom'16, Elsevier Computers & Security'17) for Android malware detection using machine learning in adversarial environment. We examine how machine-learning classifiers (e.g., DroidAPIMiner, DREBIN, and MaMaDroid) can be misled under different threat models. We also proposed a malware detection system, termed Begonia (refer to CCS'16), through Pareto ensemble learning to trade off classification accuracy and time cost.
Android Vulnerability: I worked on security vulnerability detection (AUSERA) in security-critical FinTech applications (e.g., mobile banking apps and payment apps). We investigated the characteristics of these vulnerabilities, and the changing trend over time.
Android App Analysis/Testing: We conducted a large-scale empirical study to characterize framework-specific exceptions in Android apps, and implemented ExLocator (refer to ICSE'18), an exception localization tool, for Android applications. We proposed APEChecker (refer to ASE'18), a technique to efficiently manifest aysnc programming errors (APEs) in Android apps.
Formal Verification: We have developed a continuous verification system, termed Eunomia (refer to APSEC 2016) to bi-directionally check conformance of model and corresponding source code.
Ph.D. Student, Computer Science and Technology, East China Normal University, September 2014 - June 2019
Research Assistant, School of Computer Science and Engineering, NTU, January 2018 - June 2019
Visiting Ph.D. Student, School of Computer Science and Engineering, NTU, October 2016 - December 2017
B.S. Student, Software Engineering, Harbin Normal University, September 2010 - June 2014
9. Sen Chen, Ting Su, Lingling Fan, Guozhu Meng, Minhui Xue, Yang Liu, and Lihua Xu, "Are Mobile Banking Apps Secure? What Can be Improved?", In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE2018), Industrial Track, Lake Buena Vista, Florida, United States, 2018
8. Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu and Geguang Pu, "Efficiently Manifesting Asynchronous Programming Errors in Android Apps", In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE2018), Montpellier, France, 2018. (acceptance rate: 69/346 = 19.9%) [Download]
7. Sen Chen, Guozhu Meng, Ting Su, Lingling Fan, Yinxing Xue, Yang Liu, Lihua Xu, Minhui Xue, Bo Li, and Shuang Hao, "AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps". [Download]
6. Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu and Zhendong Su, "Large-Scale Analysis of Framework-Specific Exceptions in Android Apps", In Proceedings of the 40th International Conference on Software Engineering (ICSE2018), Gothenburg, Sweden, 2018. (acceptance rate: 105/502 = 20.9%) [Download] [Website]
ACM SIGSOFT Distinguished Paper Award
5. Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojin Zhu, and Bo Li, "Automated Poisoning Attacks and Defenses in Malware Detection System: An Adversarial Machine Learning Approach", In Proceedings of the Elsevier Computers & Security, 2017. (accepted) [Download] [Website]
4. Lingling Fan, Sen Chen, Lihua Xu, Zongyuan Yang, Huibiao Zhu, Model-Based Continuous Verification, In Proceedings of the IEEE ASIA-Pacific Software Engineering Conference (APSEC2016), Hamilton, New Zealand, 2016. (acceptance rate: 19.7%) [Download] [BibTex]
3. Lingling Fan, Minhui Xue, Sen Chen, Lihua Xu, Haojin Zhu, "POSTER: Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning", In Proceedings of the ACM Conference on Computer and Communications Security (CCS2016), Vienna, Austria, 2016. [Download] [BibTex] [Website]
2. Sen Chen, Minhui Xue, Lihua Xu, "Poster: Towards Adversarial Detection of Mobile Malware", In Proceedings of the Annual International Conference on Mobile Computing and Networking (MobiCom2016), New York, America, 2016. [Download] [BibTex] [Website]
1. Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu, "StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware", In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS2016), Xi'an, China, 2016. (acceptance rate: 20.9%) [Download] [BibTex] [Website]
ACM SIGSOFT Distinguished Paper Award, May, 2018
University-level Outstanding Student, ECNU, China, December 2017
Graduate Student Visiting Scholarship, Singapore, February 2017
MobiCom Travel Grant Award, ACM/SIGMOBILE, August 2016
Graduate Student Overseas Visiting Scholarship, China, June 2016
University-level Outstanding Student, ECNU, China, December 2015
First Class Excellent Undergraduate Scholarship, October 2013
University-level Outstanding Student, October, 2013
National Scholarship, The Ministry of Education, China, October 2012
Automated Semantic-risk Assessment for Financial Apps, OCBC Bank, Singapore, January 2018
A Semantic-Based Analysis of Android Malware for Detection, SICW GovWare, Singapore, September 2017
Towards Adversarial Detection of Mobile Malware, MobiCom2016, New York, USA, October 2016
Machine Learning-Based Approach for Android Malware Detection, NTU, Singapore, October 2016
A Streaminglized Machine Learning-Based System for Detecting Android Malware, AsiaCCS2016, Xi'an, China, June 2016
Android Engineer -SOHU, Beijing, China - February to September, 2014
-Android application development and Android UI analysis
JAVA Engineer -UFIDA, Beijing, China - March to July, 2013
-Software application development and testing
IEEE Transactions on Information Forensics and Security (TIFS)
The 25th ACM Conference on Computer and Communications Security (CCS 2018)
The 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE 2018)
The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018)