Sen Chen's Homepage

Sen Chen (陈 森)
Tenured Associate Professor (英才/长聘副教授, 特聘研究员)
Tianjin University, China (天津大学)
College of Intelligence and Computing (智能与计算学部)
School of Cybersecurity (网络安全学院)
Office: Room B331, Building #55, Beiyangyuan Campus

I am a tenured associate professor at the School of Cybersecurity, College of Intelligence and Computing in Tianjin University. I am focusing on mobile security, software & system security, AI security, and software analysis and testing (移动安全, 软件与系统安全, 人工智能安全, 软件分析与测试).
Before that, I was a research assistant professor (科研助理教授) @Nanyang Technological University (南洋理工大学) and working in the research group of Prof. Liu Yang (刘杨). I received my Ph.D. degree in East China Normal University (华东师范大学), Shanghai, China (2014-2019), under the superivsion of Prof. Lihua Xu (徐立华) (NYU Shanghai). I had been a research fellow (2019-2020) and research assistant (2016-2019) at NTU.
I received two ACM SIGSOFT Distinguished Paper Awards at ICSE 2018 and ICSE 2021.

 Our lab has several Ph.D. and Master positions. If you are interested in the research directions below, please send me your CV (senchen@tju.edu.cn). 实验室还有多个博士生和硕士生招生指标,欢迎感兴趣的同学进行邮件联系!
同时欢迎感兴趣学部(院)夏令营活动的同学进行邮件联系! 智能与计算学部夏令营活动通知
 My official homepage (官方主页): http://cic.tju.edu.cn/info/1076/3139.htm

Mobile/Software/System Security (移动/软件/系统/开源软件安全) [Vulnerability, Privacy, Malware] (2015-):
Android/iOS app vulnerability and privacy: Ausera (ICSE 2020, FSE 2018), SiOS (USENIX Security 2020), ATVHunter (ASE 2020, ICSE 2021), HPDroid (ISSRE 2020)
Android malware: MobiTive (TIFS 2020), XMal (TOSEM 2020, ICSE 2021), GUI-Squatting Attack (TDSC 2019), FakeApp (ICSE 2019), SeqDroid (ICECCS 2020), MobiDroid (ICECCS 2019), KuafuDet (COSE 2017), Begonia (CCS 2016), StormDroid (AsiaCCS 2016)
Dependency analysis: Security vulnerabilities in NPM ecosystem (2021)
AI Security (人工智能安全) [Adversarial attack and defense] (2016-) :
Speaker recognition system (SRS): FakeBob (Oakland 2021)
Adversarial (Android) malware attack and detection: KuafuDet (COSE 2017)
Adversarial (web) phishing attack and detection: Pelican (IJIS 2021)
Intelligent Software Development and Testing (智能软件开发与测试) (2016-):
Intelligent development: ATOM (TSE 2020), CORE (SANER 2020)
Android app development: StoryDroid (ICSE 2019)
Android app testing: DroidDefects (TSE 2020), APEChecker (ASE 2018), Exlocator (ICSE 2018)
DL testing: DL frameworks and platforms (ASE 2019)


News

  May 2021: Our paper "Advanced Evasion Attacks and Mitigations on Practical ML-Based Phishing Website Classifiers" accepted by International Journal of Intelligent Systems (IJIS).

  April 2021: Our paper "ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications" won ACM SIGSOFT Distinguished Paper Award at ICSE 2021.

  April 2021: Our two papers "Predicting Entity Relations across Different Security Databases by Using Graph Attention Network" and "Key Aspects Augmentation of Vulnerability Description based on Multiple Security Databases" accepted by COMPSAC 2021.

  Feb 2021: Our TOSEM paper "Why an Android App is Classified as Malware? Towards Malware Classification Interpretation" (XMal) will be presented at ICSE'21 Journal First Track.

  December 2020: Our paper "ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps" accepted by ICSE 2021!

  November 2020: Our paper "ATOM: Commit Message Generation Based on Abstract Syntax Tree and Hybrid Ranking" accepted by TSE!

  September 2020: Our two papers accepted by TIFS and TOSEM: "A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices" (MobiTive) and "Why an Android App is Classified as Malware? Towards Malware Classification Interpretation" (XMal)!

  August 2020: Our three papers accepted by ASE 2020, ISSRE 2020, and ICECCS 2020: automated third-party library detection, GDPR compliance violations in Android apps (HPDroid), and sequence-based Android malware detection (SeqDroid)!

  July 2020: Our paper "Why My App Crashes? Understanding and Benchmarking Framework-specific Exceptions of Android apps" accepted by TSE!

  April 2020: Our paper "Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems" accepted by IEEE Security & Privacy (Oakland 2021)!

  March 2020: Our paper "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications" accepted by USENIX Security 2020!

  December 2019: Our paper "An Empirical Assessment of Security Risks of Global Android Banking Apps" accepted by ICSE 2020!

 November 2019: Our paper "GUI-Squatting Attack: Automated Generation of Android Phishing Apps" accepted by Transactions on Dependable and Secure Computing (TDSC)!

 August 2019: Our paper "An Empirical Study towards Characterizing Deep Learning Development and Deployment across Different Frameworks and Platforms" accepted by ASE 2019!


Publications [Google Scholar] [DBLP] #: co-first author, *: corresponding author.

[2021]

  (IEEE Security & Privacy 2021, CCF-A) Guangke Chen, Sen Chen#, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, and Yang Liu, "Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems", In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 2021; Pages, doi. (~13%)
[Highlights] [Source code] [Website] [Press]
(1) Our attack is demonstrated to be effective on the commercial system Talentedsoft, transferable and practical on the open-set identification task of Microsoft Azure even when playing over the air in the physical world.

  (ICSE 2021, CCF-A) Xian Zhan, Lingling Fan, Sen Chen, Feng Wu, Tianming Liu, Xiapu Luo, and Yang Liu, "ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications", In Proceedings of the 43rd International Conference on Software Engineering, Madrid, Spain, May 2021; Pages, doi. (138/615 = 22.44%) [Highlights]
 ACM SIGSOFT Distinguished Paper Award
(1) ATVHunter is an obfuscation-resilient third-party libary-vulnerability (TPL-V) detection tool with high accuracy that can find vulnerable in-app TPL-Vs and provides detailed vulnerabilities and components reports.

  (IJIS 2021, JCR-Q1) Fu Song, Yusi Lei, Sen Chen#, Lingling Fan, and Yang Liu "Advanced Evasion Attacks and Mitigations on Practical ML-Based Phishing Website Classifiers", In Proceedings of the International Journal of Intelligent Systems, May 2021; Pages, doi.

  (COMPSAC 2021, CCF-C) Liu Yuan, Yude Bai, Zhenchang Xing, Sen Chen, Xiaohong Li, and Zhidong Deng, "Predicting Entity Relations across Different Security Databases by Using Graph Attention Network", In Proceedings of the 45th IEEE Computer Society Computers, Software, and Applications Conference, July 2021; Pages, doi.

  (COMPSAC 2021, CCF-C) Hao Guo, Zhenchang Xing, Sen Chen, Xiaohong Li, Yude Bai, and Hu Zhang, "Key Aspects Augmentation of Vulnerability Description based on Multiple Security Databases", In Proceedings of the 45th IEEE Computer Society Computers, Software, and Applications Conference, July 2021; Pages, doi.

  (TASE 2021, CCF-C) Yingwen Lin, Yao Zhang, Sen Chen, Fu Song, Xiaofei Xie, Xiaohong Li, and Lintan Sun, "Inferring Loop Invariants for Multi-Path Loops", In Proceedings of the 15th Theoretical Aspects of Software Engineering Conference, Aug 2021; Pages, doi.

[2020]

 (ICSE 2020, CCF-A) Sen Chen, Lingling Fan, Guozhu Meng, Ting Su, Minhui Xue, Yinxing Xue, Yang Liu, and Lihua Xu, "An Empirical Assessment of Security Risks of Global Android Banking Apps", In Proceedings of the 42nd International Conference on Software Engineering, Seoul, South Korea, June 2020; Pages 1310–1322, https://doi.org/10.1145/3377811.3380417. (129/617 = 20.9%) [Highlights] [Website]
(1) Until now, 21 banks such as HSBC (UK and China) and OCBC (Singapore) have confirmed 126 vulnerabilities, 52 vulnerabilities have been patched.
(2) Ausera will soon provide an automated security risk assessment for Android apps as a business online service, as well as the vulnerable third-party library assessment and native code vulnerability assessment.

  (TSE, CCF-A) Shangqing Liu, Cuiyun Gao, Sen Chen, Lun Yiu Nie, and Yang Liu, "ATOM: Commit Message Generation Based on Abstract Syntax Tree and Hybrid Ranking", IEEE Transactions on Software Engineering; Early Access, 10.1109/TSE.2020.3038681. (impact factor: 6.112)

  (TIFS, CCF-A) Ruitao Feng, Sen Chen*, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, and Yang Liu, "A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices", IEEE Transactions on Information Forensics and Security; Volume 16, Pages 1563 - 1578, 10.1109/TIFS.2020.3025436. (impact factor: 6.211) [Highlights] [Website]
(1) MobiTive is a mobile device-end solution as a pre-installed and run-time solution by leveraging deep learning.

  (TOSEM, CCF-A) Bozhi Wu, Sen Chen*, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, and Michael R. Lyu, "Why an Android App is Classified as Malware? Towards Malware Classification Interpretation", ACM Transactions on Software Engineering and Methodology; Pages, doi. [Highlights] [Website] [Source code]
(1) Invited to ICSE 2021 as part of the Journal First Paper Track.
(2) Focusing on Android malware interpretability.
(3) XMal interprets the malicious behaviors of Android malware by leveraging a customised attention mechanism with multi-layer perceptron (MLP).

 (USENIX Security 2020, CCF-A) Zhushou Tang, Ke Tang, Minhui Xue, Yuan Tian, Sen Chen, Muhammad Ikram, Tielei Wang, and Haojin Zhu, "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications", In Proceedings of the 29th USENIX Security Symposium, Boston, MA, USA, August 2020; Pages 2415-2432, doi. (158/972 = 16.3%) [Highlights] [Website]
(1) We have disclosed identified network service vulnerabilities in iOS apps and received acknowledgements from vendors, such as Google for Waze and Tencent for Now and QQBrowser.

  (TSE, CCF-A) Ting Su, Lingling Fan, Sen Chen, Yang Liu, Lihua Xu, Geguang Pu, and Zhendong Su, "Why My App Crashes? Understanding and Benchmarking Framework-specific Exceptions of Android apps", IEEE Transactions on Software Engineering; Early Access, 10.1109/TSE.2020.3013438. (impact factor: 6.112) [Highlights]
(1) DroidDefects, the first comprehensive and largest benchmark of Android app exception bugs, which contains 33 reproducible exceptions (test cases, stack traces, faulty/fixed app versions, bug types, etc.) and 3,696 ground-truth exceptions.

  (ASE 2020, CCF-A) Xian Zhan, Lingling Fan, Tianming Liu, Sen Chen, Li Li, Haoyu Wang, Yifei Xu, Xiapu Luo, and Yang Liu, "Automated Third-party Library Detection for Android Applications: Are We There Yet?", In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, Melbourne, Australia, September 2020; Pages: 919-930, doi. (93/414 = 22.5%)

 (ISSRE 2020, CCF-B) Ming Fan, Le Yu, Sen Chen, Hao Zhou, Xiapu Luo, Shuyue Li, Yang Liu, Jun Liu, and Ting Liu, "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps", In Proceedings of the 31st IEEE International Symposium on Software Reliability Engineering, Coimbra, Portugal, October 2020; Pages: 253-264, 10.1109/ISSRE5003.2020.00032. (33/148 = 22.3%)

 (ICECCS 2020, Core rank A) Ruitao Feng, Jing Qiang Lim, Sen Chen, Shang-Wei Lin, and Yang Liu, "SeqMobile: An Efficient Sequence-Based Malware Detection System Using RNN on Mobile Devices", In Proceedings of the 25th International Conference on Engineering of Complex Computer Systems, Singapore, Singapore, November 2020. (19/76 = 25%)

 (SANER 2020, CCF-B) Jing Kai Siow, Cuiyun Gao, Lingling Fan, Sen Chen, and Yang Liu, "CORE: Automating Review Recommendation for Code Changes", In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada, February 2020; Pages: 284-295, 10.1109/SANER48275.2020.9054794. (44/199 = 21.1%) [Highlights] [Website]

[2019]

 (TDSC 2019, CCF-A) Sen Chen, Lingling Fan, Chunyang Chen, Minhui Xue, Yang Liu, and Lihua Xu, "GUI-Squatting Attack: Automated Generation of Android Phishing Apps", Transactions on Dependable and Secure Computing; Early Access, 10.1109/TDSC.2019.2956035. (impact factor: 6.404) (CCF-A) [Highlights] [Website]

 (ICSE 2019, CCF-A) Sen Chen, Lingling Fan, Chunyang Chen, Ting Su, Wenhe Li, Yang Liu, and Lihua Xu, "StoryDroid: Automated Generation of Storyboard for Android Apps", In Proceedings of the 41st International Conference on Software Engineering, Montréal, QC, Canada, May 2019; Pages: 596-607, 10.1109/ICSE.2019.00070. (109/529 = 20.6%) [Highlights] [Website]StoryDroid automatelly generates the storyboards of Android apps and provides rich features (e.g., Activity transition graph with UI pages, GUI components, logic code, and layout code) for app review and competitive analysis.

 (ICSE 2019, CCF-A) Chongbin Tang, Sen Chen#, Lingling Fan, Lihua Xu, Yang Liu, Zhushou Tang and Liang Dou. "A Large-Scale Empirical Study on Industrial Fake Apps", In Proceedings of the 41st ACM/IEEE International Conference on Software Engineering, Software-Engineering-in-Practice Track (SEIP), Montréal, QC, Canada, May 2019; Pages: 183-192, 10.1109/ICSE-SEIP.2019.00028.

 (ASE 2019, CCF-A) Qianyu Guo, Sen Chen*, Xiaofei Xie, Lei Ma, Qiang Hu, Hongtao Liu, Yang Liu, Jianjun Zhao, and Xiaohong Li, "An Empirical Study towards Characterizing Deep Learning Development and Deployment across Different Frameworks and Platforms", In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, San Diego, California, United States, November 2019; Pages: 810-822, 10.1109/ASE.2019.00080. (93/445 = 20.9%) [Highlights] [Website]The found compatibility bugs have been confirmed by the TensorFlow.js development team.

 (ICECCS 2019, Core rank A) Ruitao Feng, Sen Chen*, Xiaofei Xie, Lei Ma, Guozhu Meng, Yang Liu, and Shangwei-Lin, "MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform", In Proceedings of the 24th International Conference on Engineering of Complex Computer Systems, Hong Kong, China, November 2019; Pages: 61-70, 10.1109/ICECCS.2019.00014. (21/88 = 23.9%)

 (SANER 2019, CCF-B) Sen Chen, Lingling Fan, Ting Su, Lei Ma, Yang Liu and Lihua Xu. "Automated Cross-Platform GUI Code Generation for Mobile Apps", In Proceedings of the 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering, AI4Mobile, Hangzhou, China, February 2019; Pages: 13-16, 10.1109/AI4Mobile.2019.8672718.

 (SANER 2019, CCF-B) Sen Chen, Minhui Xue, Lingling Fan, Lei Ma, Yang Liu and Lihua Xu. "How Can We Craft Large-Scale Mobile Malware? An Automated Poisoning Attack", In Proceedings of the 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering, AI4Mobile, Hangzhou, China, February 2019; Pages: 21-24, 10.1109/AI4Mobile.2019.8672691.

[2018]

 (ESEC/FSE 2018, CCF-A) Sen Chen, Ting Su, Lingling Fan, Guozhu Meng, Minhui Xue, Yang Liu, and Lihua Xu, "Are Mobile Banking Apps Secure? What Can be Improved?", In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Lake Buena Vista, Florida, United States, October 2018; Pages 797–802, https://doi.org/10.1145/3236024.3275523.

 (ASE 2018, CCF-A) Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu and Geguang Pu, "Efficiently Manifesting Asynchronous Programming Errors in Android Apps", In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering, Montpellier, France, September 2018; Pages 486–497, https://doi.org/10.1145/3238147.3238170. (69/346 = 19.9%)

 (ICSE 2018, CCF-A) Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu, and Zhendong Su, "Large-Scale Analysis of Framework-Specific Exceptions in Android Apps", In Proceedings of the 40th International Conference on Software Engineering, Gothenburg, Sweden, May 2018; Pages 408–419, https://doi.org/10.1145/3180155.3180222. (105/502 = 20.9%) [Highlights] [Dataset of Android Exceptions] [Statistics of Dataset Access] [Award] [Press]
 ACM SIGSOFT Distinguished Paper Award

 (NASAC 2018) Sen Chen, Guozhu Meng, Ting Su, Lingling Fan, Minhui Xue, Yinxing Xue, Yang Liu, and Lihua Xu, "AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps". [Highlights] We won a Prototype Research Tool Award 3rd Place (Freestyle) in NASAC 2018.

 (Secure DL 2018) Lei Ma, Felix Juefei-Xu, Minhui Xue, Qiang Hu, Sen Chen, Bo Li, Yang Liu, Jianjun Zhao, Jianxiong Yin and Simon See, "Secure Deep Learning Engineering: A Software Quality Assurance Perspective".

[2017]

 (Computers & Security 2017, CCF-B) Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojin Zhu, and Bo Li, "Automated Poisoning Attacks and Defenses in Malware Detection System: An Adversarial Machine Learning Approach", In Proceedings of the Elsevier Computers & Security, 2017; Volume 73 (2018), Pages 326-344, 10.1016/j.cose.2017.11.007.
[Highlights]  [Dataset of Android Malware]

[2016]

 (APSEC 2016, CCF-C) Lingling Fan, Sen Chen, Lihua Xu, Zongyuan Yang, and Huibiao Zhu, "Model-Based Continuous Verification", In Proceedings of the IEEE ASIA-Pacific Software Engineering Conference, Hamilton, New Zealand, December, 2016; Pages: 81-88, 10.1109/APSEC.2016.022. (acceptance rate: 19.7%)

 (CCS 2016, CCF-A) Lingling Fan, Minhui Xue, Sen Chen, Lihua Xu, and Haojin Zhu, "Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning", In Proceedings of the ACM Conference on Computer and Communications Security, Vienna, Austria, October, 2016; Pages 1748–1750, https://doi.org/10.1145/2976749.2989055. (CCF-A)

 (MobiCom 2016, CCF-A) Sen Chen, Minhui Xue, and Lihua Xu, "Towards Adversarial Detection of Mobile Malware", In Proceedings of the Annual International Conference on Mobile Computing and Networking, New York, USA, October, 2016; Pages 415–416, https://doi.org/10.1145/2973750.2985246. (CCF-A)

 (AsiaCCS 2016, CCF-C) Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu, "StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware", In Proceedings of the ACM Asia Conference on Computer and Communications Security, Xi'an, China, May 2016; Pages 377–388, https://doi.org/10.1145/2897845.2897860. (73/350 = 20.8%) [Highlights]  [Statistics of Dataset Access]


Awards

 ACM SIGSOFT Distinguished Paper Award (ICSE 2021), May 2021
 First Class of Progress of Science and Technology Prize of Tianjin, 2020
 Prototype Research Tool Award 3rd Place (Fixed topic) in NASAC 2020
 Outstanding Graduates of Shanghai, June 2019
 Prototype Research Tool Award 3rd Place (Freestyle) in NASAC 2018
ACM/SIGSOFT GAPS Award (ESEC/FSE 2018), September 2018
 ACM SIGSOFT Distinguished Paper Award (ICSE 2018), May 2018
Graduate Student Overseas Visiting Scholarship, November 2017
ACM/SIGSOFT GAPS Award (MobiCom 2016), August 2016
Graduate Student Overseas Visiting Scholarship, June 2016


Services

-Chairs
Early Research Achievements (ERA) Co-Chair of the 26th Asia-Pacific Software Engineering Conference (APSEC 2020)
Proceedings Chair of the 26th Asia-Pacific Software Engineering Conference (APSEC 2020)
Financial Chair of the 12nd Asia-Pacific Symposium on Internetware (Internetware 2020)

-Reviewers and PC members
Reviewer of the Journal of IEEE Transactions on Information Forensics and Security (TIFS 2018 - 2020)
Reviewer of the Journal of IEEE Transactions on Dependable and Secure Computing (TDSC 2019, 2020)
Reviewer of the Journal of IEEE Transactions on Software Engineering (TSE 2020)
Reviewer of the Journal of Computers & Security (COSE 2019, 2020)
Reviewer of the Journal of Automated Software Engineering (ASEJ 2019, 2020)
Reviewer of the Journal of Systems and Software (JSS 2020)
Reviewer of the ACM Transactions of Cyber-Physical Systems (TCPS 2020)
Reviewer of the Springer Cybersecurity (Cybersecurity 2020)

PC member of the Student Research Competition (ASE 2020)
PC member of the 25th International Conference on Engineering of Complex Computer Systems (ICECCS 2020)
PC member of the 1st IEEE International Workshop on Artificial Intelligence for Mobile (AI4Mobile 2019)

-Co-Reviewers
ISSTA 2018, 2019, ASE 2018, 2019, 2020, USENIX Security 2018, 2019, CCS 2018, 2019, Oakland 2018, 2019, ESEC/FSE 2019, ICSE 2021