Sen Chen's Homepage -- 中文主页

Sen Chen (陈 森)
Research Assistant Professor
Nanyang Technological University, Singapore
Cyber Security Lab@NTU
ecnuchensen@gmail.com

I am a Research Assistant Professor@Nanyang Technological University and working in the research group of Prof. Liu Yang. I am focusing on mobile security, AI security, open-source security, and software development and testing. I received my Ph.D. degree in ECNU, Shanghai, China (2014-2019), under the superivsion of Prof. Lihua Xu (NYU Shanghai). I had been a Research Fellow (2019-2020) and Research Assistant (2016-2019) at NTU. I received an ACM SIGSOFT Distinguished Paper Award at ICSE 2018. I will join College of Intelligence and Computing (School of Cyber Security), Tianjin University (天津大学) as a tenured associate professor (长聘副教授特聘研究员).

 Mobile Security:
Android/iOS app vulnerability and privacy: AUSERA (ICSE 2020, ESEC/FSE 2018), SiOS (USENIX Security 2020), Third-party library (ASE 2020), HPDroid (ISSRE 2020)
Android malware: MobiTive (TIFS 2020), XMal (TOSEM 2020), GUI-Squatting Attack (TDSC 2019), FakeApp (ICSE 2019), SeqDroid (ICECCS 2020), MobiDroid (ICECCS 2019), Begonia (CCS 2016), StormDroid (AsiaCCS 2016)
 AI Security (Adversarial attack and defense):
Speaker recognition system: FakeBob (Oakland 2021)
Android malware: KuafuDet (COSE 2017)
Web phishing: Pelican
 Software Development and Testing:
Intelligent development: ATOM (TSE 2020), CORE (SANER 2020)
Android app development: StoryDroid (ICSE 2019)
Android app testing: DroidDefects (TSE 2020), APEChecker (ASE 2018), Exlocator (ICSE 2018)
DL testing: DL frameworks and platforms (ASE 2019), DL apps
 Open-source Security
Dependency analysis: Security vulnerabilities in NPM ecosystem


News

  November 2020: Our paper "ATOM: Commit Message Generation Based on Abstract Syntax Tree and Hybrid Ranking" accepted by TSE 2020!

  September 2020: Our two papers accepted by TIFS 2020 and TOSEM 2020: "A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices" (MobiTive) and "Why an Android App is Classified as Malware? Towards Malware Classification Interpretation" (XMal)!

  August 2020: Our three papers accepted by ASE 2020, ISSRE 2020, and ICECCS 2020: automated third-party library detection, GDPR compliance violations in Android apps (HPDroid), and sequence-based Android malware detection (SeqDroid)!

  July 2020: Our paper "Why My App Crashes? Understanding and Benchmarking Framework-specific Exceptions of Android apps" accepted by TSE 2020!

  April 2020: Our paper "Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems" accepted by Oakland 2021!

  March 2020: Our paper "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications" accepted by USENIX Security 2020!

  December 2019: Our paper "An Empirical Assessment of Security Risks of Global Android Banking Apps" accepted by ICSE 2020!


Publications [Google Scholar] [DBLP]
# means co-first author, * refers to corresponding author.

[2021]

 (Oakland 2021, CCF-A) Guangke Chen, Sen Chen#, Lingling Fan, Xiaoning Du, Fu Song, and Yang Liu, "Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems". In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2021.
[Highlights] [Source code] [Website] [Press]
 Our attack is demonstrated to be effective on the commercial system Talentedsoft, transferable and practical on the open-set identification task of Microsoft Azure even when playing over the air in the physical world.

[2020]

 (ICSE 2020, CCF-A) Sen Chen, Lingling Fan, Guozhu Meng, Ting Su, Minhui Xue, Yinxing Xue, Yang Liu, and Lihua Xu, "An Empirical Assessment of Security Risks of Global Android Banking Apps", In Proceedings of the 42nd International Conference on Software Engineering, Seoul, South Korea, 2020. (129/617 = 20.9%)
[Highlights] [Website]
 Until now, 21 banks such as HSBC (UK and China) and OCBC (Singapore) have confirmed 126 vulnerabilities, 52 vulnerabilities have been patched.
 Ausera will soon provide an automated security risk assessment for Android apps as a business online service, as well as the vulnerable third-party library assessment and native code vulnerability assessment.

 (TSE 2020, CCF-A) Shangqing Liu, Cuiyun Gao, Sen Chen, Lun Yiu Nie, and Yang Liu, "ATOM: Commit Message Generation Based on Abstract Syntax Tree and Hybrid Ranking", IEEE Transactions on Software Engineering. (impact factor: 6.112)

 (TIFS 2020, CCF-A) Ruitao Feng, Sen Chen*, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, and Yang Liu, "A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices", IEEE Transactions on Information Forensics and Security. (impact factor: 6.211)
[Highlights] [Website]
 MobiTive is a mobile device-end solution as a pre-installed and run-time solution by leveraging deep learning.

 (TOSEM 2020, CCF-A) Bozhi Wu, Sen Chen*, Cuiyun Gao, Lingling Fan, Yang Liu, Weiping Wen, and Michael R. Lyu, "Why an Android App is Classified as Malware? Towards Malware Classification Interpretation", ACM Transactions on Software Engineering and Methodology.
[Highlights] [Website] [Source code]
 Focusing on Android malware interpretability.
 XMal interprets the malicious behaviors of Android malware by leveraging a customised attention mechanism with multi-layer perceptron (MLP).

 (USENIX Security 2020, CCF-A) Zhushou Tang, Ke Tang, Minhui Xue, Yuan Tian, Sen Chen, Muhammad Ikram, Tielei Wang, and Haojin Zhu, "iOS, Your OS, Everybody's OS: Vetting and Analyzing Network Services of iOS Applications", In Proceedings of the 29th USENIX Security Symposium, Boston, MA, USA, 2020. (158/972 = 16.3%)
[Highlights] [Website]
 We have disclosed identified network service vulnerabilities in iOS apps and received acknowledgements from vendors, such as Google for Waze and Tencent for Now and QQBrowser.

 (TSE 2020, CCF-A) Ting Su, Lingling Fan, Sen Chen, Yang Liu, Lihua Xu, Geguang Pu, and Zhendong Su, "Why My App Crashes? Understanding and Benchmarking Framework-specific Exceptions of Android apps", IEEE Transactions on Software Engineering. (impact factor: 6.112)
[Highlights]
 DroidDefects, the first comprehensive and largest benchmark of Android app exception bugs, which contains 33 reproducible exceptions (test cases, stack traces, faulty/fixed app versions, bug types, etc.) and 3,696 ground-truth exceptions.

 (ASE 2020, CCF-A) Xian Zhan, Lingling Fan, Tianming Liu, Sen Chen, Li Li, Haoyu Wang, Yifei Xu, Xiapu Luo, and Yang Liu, "Automated Third-party Library Detection for Android Applications: Are We There Yet?", In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, Melbourne, Australia, 2020. (93/414 = 22.5%)

 (ISSRE 2020, CCF-B) Ming Fan, Le Yu, Sen Chen, Hao Zhou, Xiapu Luo, Shuyue Li, Yang Liu, Jun Liu, and Ting Liu, "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps", In Proceedings of the 31st IEEE International Symposium on Software Reliability Engineering, Coimbra, Portugal, 2020. (33/148 = 22.3%)

 (ICECCS 2020, Core rank A) Ruitao Feng, Jing Qiang Lim, Sen Chen, Shang-Wei Lin, and Yang Liu, "SeqMobile: An Efficient Sequence-Based Malware Detection System Using RNN on Mobile Devices", In Proceedings of the 25th International Conference on Engineering of Complex Computer Systems, Singapore, Singapore, 2020. (19/76 = 25%)

 (SANER 2020, CCF-B) Jing Kai Siow, Cuiyun Gao, Lingling Fan, Sen Chen, and Yang Liu, "CORE: Automating Review Recommendation for Code Changes", In Proceedings of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering, London, Ontario, Canada, 2020. (44/199 = 21.1%)
[Highlights] [Website]

[2019]

 (TDSC 2019, CCF-A) Sen Chen, Lingling Fan, Chunyang Chen, Minhui Xue, Yang Liu, and Lihua Xu, "GUI-Squatting Attack: Automated Generation of Android Phishing Apps", Transactions on Dependable and Secure Computing. (impact factor: 6.404) (CCF-A)
[Highlights] [Website]

 (ICSE 2019, CCF-A) Sen Chen, Lingling Fan, Chunyang Chen, Ting Su, Wenhe Li, Yang Liu, and Lihua Xu, "StoryDroid: Automated Generation of Storyboard for Android Apps", In Proceedings of the 41st International Conference on Software Engineering, Montréal, QC, Canada, 2019. (109/529 = 20.6%)
[Highlights] [Website]
 StoryDroid automatelly generates the storyboards of Android apps and provides rich features (e.g., Activity transition graph with UI pages, GUI components, logic code, and layout code) for app review and competitive analysis.

 (ICSE 2019, CCF-A) Chongbin Tang, Sen Chen#, Lingling Fan, Lihua Xu, Yang Liu, Zhushou Tang and Liang Dou. "A Large-Scale Empirical Study on Industrial Fake Apps", In Proceedings of the 41st ACM/IEEE International Conference on Software Engineering, Software-Engineering-in-Practice Track (SEIP), Montréal, QC, Canada, 2019.

 (ASE 2019, CCF-A) Qianyu Guo, Sen Chen*, Xiaofei Xie, Lei Ma, Qiang Hu, Hongtao Liu, Yang Liu, Jianjun Zhao, and Xiaohong Li, "An Empirical Study towards Characterizing Deep Learning Development and Deployment across Different Frameworks and Platforms", In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, San Diego, California, United States, 2019. (93/445 = 20.9%)
[Highlights] [Website]
 The found compatibility bugs have been confirmed by the TensorFlow.js development team.

 (ICECCS 2019, Core rank A) Ruitao Feng, Sen Chen*, Xiaofei Xie, Lei Ma, Guozhu Meng, Yang Liu, and Shangwei-Lin, "MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform", In Proceedings of the 24th International Conference on Engineering of Complex Computer Systems, Hong Kong, China, 2019. (21/88 = 23.9%)

 (SANER 2019, CCF-B) Sen Chen, Lingling Fan, Ting Su, Lei Ma, Yang Liu and Lihua Xu. "Automated Cross-Platform GUI Code Generation for Mobile Apps", In Proceedings of the 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering, AI4Mobile, Hangzhou, China, 2019.

 (SANER 2019, CCF-B) Sen Chen, Minhui Xue, Lingling Fan, Lei Ma, Yang Liu and Lihua Xu. "How Can We Craft Large-Scale Mobile Malware? An Automated Poisoning Attack", In Proceedings of the 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering, AI4Mobile, Hangzhou, China, 2019.

[2018]

 (ESEC/FSE 2018, CCF-A) Sen Chen, Ting Su, Lingling Fan, Guozhu Meng, Minhui Xue, Yang Liu, and Lihua Xu, "Are Mobile Banking Apps Secure? What Can be Improved?", In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Lake Buena Vista, Florida, United States, 2018.

 (ASE 2018, CCF-A) Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu and Geguang Pu, "Efficiently Manifesting Asynchronous Programming Errors in Android Apps", In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering, Montpellier, France, 2018. (69/346 = 19.9%)

 (Secure SE 2018) Lei Ma, Felix Juefei-Xu, Minhui Xue, Qiang Hu, Sen Chen, Bo Li, Yang Liu, Jianjun Zhao, Jianxiong Yin and Simon See, "Secure Deep Learning Engineering: A Software Quality Assurance Perspective".

 (NASAC 2018) Sen Chen, Guozhu Meng, Ting Su, Lingling Fan, Minhui Xue, Yinxing Xue, Yang Liu, and Lihua Xu, "AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps".
[Highlights] 
 We won a Prototype Research Tool Award 3rd Place in NASAC 2018 (National Software Application Conference) held by CCF.

 (ICSE 2018, CCF-A) Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu and Zhendong Su, "Large-Scale Analysis of Framework-Specific Exceptions in Android Apps", In Proceedings of the 40th International Conference on Software Engineering, Gothenburg, Sweden, 2018. (105/502 = 20.9%)
[Highlights] [Dataset of Android Exceptions] [Statistics of Dataset Access] [Award] [Press]
 ACM SIGSOFT Distinguished Paper Award

[2017]

 (Computers & Security 2017, CCF-B) Sen Chen, Minhui Xue, Lingling Fan, Shuang Hao, Lihua Xu, Haojin Zhu, and Bo Li, "Automated Poisoning Attacks and Defenses in Malware Detection System: An Adversarial Machine Learning Approach", In Proceedings of the Elsevier Computers & Security, 2017.
[Highlights]  [Dataset of Android Malware]

[2016]

 (ASIACCS 2016, CCF-C) Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, and Haojin Zhu, "StormDroid: A Streaminglized Machine Learning-Based System for Detecting Android Malware", In Proceedings of the ACM Asia Conference on Computer and Communications Security, Xi'an, China, 2016. (73/350 = 20.8%)
[Highlights]  [Statistics of Dataset Access]

 (APSEC 2016, CCF-C) Lingling Fan, Sen Chen, Lihua Xu, Zongyuan Yang, Huibiao Zhu, Model-Based Continuous Verification, In Proceedings of the IEEE ASIA-Pacific Software Engineering Conference, Hamilton, New Zealand, 2016. (acceptance rate: 19.7%)

 (MobiCom 2016, CCF-A) Sen Chen, Minhui Xue, Lihua Xu, "Towards Adversarial Detection of Mobile Malware", In Proceedings of the Annual International Conference on Mobile Computing and Networking, New York, USA, 2016. (CCF-A)

 (CCS 2016, CCF-A) Lingling Fan, Minhui Xue, Sen Chen, Lihua Xu, Haojin Zhu, "Accuracy vs. Time Cost: Detecting Android Malware through Pareto Ensemble Pruning", In Proceedings of the ACM Conference on Computer and Communications Security, Vienna, Austria, 2016. (CCF-A)


Services

-Chairs
Early Research Achievements (ERA) Co-Chair of the 26th Asia-Pacific Software Engineering Conference (APSEC 2020)
Proceedings Chair of the 26th Asia-Pacific Software Engineering Conference (APSEC 2020)
Financial Chair of the 12nd Asia-Pacific Symposium on Internetware (Internetware 2020)

-Reviewers and PC members
Reviewer of the Journal of IEEE Transactions on Information Forensics and Security (TIFS 2018 - 2020)
Reviewer of the Journal of IEEE Transactions on Dependable and Secure Computing (TDSC 2019, 2020)
Reviewer of the Journal of IEEE Transactions on Software Engineering (TSE 2020)
Reviewer of the Journal of Computers & Security (COSE 2019, 2020)
Reviewer of the Journal of Automated Software Engineering (ASEJ 2019, 2020)
Reviewer of the Journal of Systems and Software (JSS 2020)
Reviewer of the ACM Transactions of Cyber-Physical Systems (TCPS 2020)
Reviewer of the Springer Cybersecurity (Cybersecurity 2020)
Reviewer of the IEEE Access (IEEE Access 2020)

PC member of the Student Research Competition (ASE 2020)
PC member of the 25th International Conference on Engineering of Complex Computer Systems (ICECCS 2020)
PC member of the 1st IEEE International Workshop on Artificial Intelligence for Mobile (AI4Mobile 2019)

-Co-Reviewers
ISSTA 2018, 2019, ASE 2018, 2019, 2020, USENIX Security 2018, 2019, CCS 2018, 2019, Oakland 2018, 2019, ESEC/FSE 2019, ICSE 2021