I will join University of Maryland as an Assistant Professor of Computer Science, in MC2 (the Maryland Cybersecurity Center), starting in Fall 2023. I work in the intersection of AI and security. I am interested in using AI to solve security problems, such as detecting malware, vulnerability, attacks and fraud. I am also interested in improving the robustness of these machine learning models.

I am a postdoc at University of California, Berkeley, working with David Wagner. Previously, I was a postdoc at Columbia University with Suman Jana. I received the PhD in Computer Science from Georgia Institute of Technology, advised by Wenke Lee and Manos Antonakakis. I received the BS degree in Information Security from Fudan University, Shanghai, China. During my time as an undergrad, I was an exchange student in University of California, Santa Barbara.

Contact: 1z [at] berkeley [dot] edu; yzchen [at] umd [dot] edu; Google scholar

News

  • I am co-chairing the 6th Deep Learning Security and Privacy workshop on May 25, 2023, co-located with IEEE S&P.
  • I am looking for PhD students. If you are interested in working with me, please fill out the questionnaire, and send me an email.
  • November 2022: Gave a talk at Android Security Seminar at Google Mountain View.
  • November 2022: Received ACM CCS Best Reviewer Award.
  • October 2022: Received Google ASPIRE Award.

  • Publications

    Conferences

    • Part-Based Models Improve Adversarial Robustness. [ preprint ]
      Chawin Sitawarin, Kornrapat Pongmala, Yizheng Chen, Nicholas Carlini, and David Wagner.
      In the Eleventh International Conference on Learning Representations (ICLR 2023)

    • Learning Security Classifiers with Verified Global Robustness Properties. [ pdf | code | errata ]
      Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, and David Wagner.
      In proceedings of the 28th ACM Conference on Computer and Communications Security (CCS 2021)
      * Best Paper Award Runner-Up

    • Cost-Aware Robust Tree Ensembles for Security Applications. [ pdf | code | appendix ]
      Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, and Suman Jana.
      In proceedings of the 30th USENIX Security Symposium (USENIX Security 2021)
      Blog post: Robust Trees for Security (4 min read).

    • On Training Robust PDF Malware Classifiers. [ pdf | code ]
      Yizheng Chen, Shiqi Wang, Dongdong She, and Suman Jana.
      In proceedings of the 29th USENIX Security Symposium (USENIX Security 2020)
      Blog post: Monotonic malware classifiers (5 min read), Gmail's malicious document classifier can still be trivially evaded (3 min read), How XGBoost enforces global monotonicity (2 min read).

    • Neutaint: Efficient Dynamic Taint Analysis with Neural Networks. [ pdf ]
      Dongdong She, Yizheng Chen, Abhishek Shah, Baishakhi Ray, and Suman Jana.
      In proceedings of the 41st IEEE Symposium on Security and Privacy (S&P/Oakland 2020)

    • Practical Attacks Against Graph-based Clustering. [ pdf ]
      Yizheng Chen, Yacin Nadji, Athanasios Kountouras, Fabian Monrose, Roberto Perdisci, Manos Antonakakis, and Nikolaos Vasiloglou.
      In proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017)
      * Top 10 Finalist of the CSAW'17 Applied Research Competition

    • Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. [ pdf ]
      Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, and Manos Antonakakis.
      In proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017)
      News: Domain Name Wire, Georgia Tech, EurekAlert!, ZDNet, Domain Pulse, World Trademark Review, GIGALAW
      Visualization: Combosquatting Clusters

    • Measuring Network Reputation in the Ad-Bidding Process. [ pdf ]
      Yizheng Chen, Yacin Nadji, Rosa Romero-Gómez, Manos Antonakakis, and David Dagon.
      In proceedings of the 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017)

    • Enabling Network Security Through Active DNS Datasets. [ pdf | data ]
      Athanasios Kountouras, Panagiotis Kintis, Chaz Lever, Yizheng Chen, Yacin Nadji, David Dagon, Manos Antonakakis, and Rodney Joffe.
      In proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016)
      Dataset Contribution: Active DNS Dataset

    • Financial Lower Bounds of Online Advertising Abuse. [ pdf | TDSS-TDL4 Domains ]
      Yizheng Chen, Panagiotis Kintis, Manos Antonakakis, Yacin Nadji, David Dagon, Wenke Lee, and Michael Farrell.
      In proceedings of the 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2016)

    • On the Feasibility of Large-Scale Infections of iOS Devices. [ pdf ]
      Tielei Wang, Yeongjin Jang, Yizheng Chen, Pak-Ho Chung, Billy Lau, and Wenke Lee.
      In proceedings of the 23rd USENIX Security Symposium (USENIX Security 2014)
      News: The Register, Wired, Toms Guide, ComputerWorld, PCWorld

    • DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic. [ pdf ]
      Yizheng Chen, Manos Antonakakis, Roberto Perdisci, Yacin Nadji, David Dagon, and Wenke Lee.
      In proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014)

    Preprints

    • MixTrain: Scalable Training of Verifiably Robust Neural Networks. [ pdf ]
      Shiqi Wang, Yizheng Chen, Ahmed Abdou, and Suman Jana.

    Workshops

    • SEAT: Similarity Encoder by Adversarial Training for Detecting Model Extraction Attack Queries. [ pdf ]
      Zhanyuan Zhang, Yizheng Chen, and David Wagner.
      In proceedings of the 14th ACM Workshop on Artificial Intelligence and Security (AISec 2021).

    • Enhancing Gradient-based Attacks with Symbolic Intervals. [ pdf | code ]
      Shiqi Wang, Yizheng Chen, Ahmed Abdou, and Suman Jana.
      In ICML Workshop on Security and Privacy of Machine Learning, Long Beach, CA, June, 2019.
      Oral Presentation. Interval attacks appear on MadryLab MNIST Challenge Leaderboard.

    • FeatNet: Large-scale Fraud Device Detection by Network Representation Learning with Rich Features. [ pdf ]
      Chao Xu, Zhentan Feng, Yizheng Chen, Minghua Wang, and Tao Wei.
      In proceedings of the 11th ACM Workshop on Artificial Intelligence and Security (AISec 2018).