About

Hsinchun Chen is a Regents' Professor of Management Information Systems at the University of Arizona and holds the Thomas R. Brown Chair in Management and Technology. He earned his BS from National Chiao-Tong University in Taiwan, an MBA from SUNY Buffalo, and MS and Ph.D. degrees from New York University. Dr. Chen is a Fellow of ACM, IEEE, AAAS, and AIS, and has received numerous awards including the IEEE Computer Society Technical Achievement Award, the INFORMS Design Science Award, and the IEEE Big Data Security Pioneer Award. He has graduated 36 Ph.D. students, with several receiving prestigious awards, and has served as lead Program Director at NSF for the Smart and Connected Health Program. As an author and editor, he has contributed to over 20 books and published more than 320 SCI journal articles and 220 conference papers covering artificial intelligence, digital libraries, data/text/web mining, business intelligence, security informatics, and health informatics. Dr. Chen is the Director of the Artificial Intelligence Lab at the University of Arizona, which has received over $60 million in research funding from various agencies. He has served as editor-in-chief and senior editor for major ACM, IEEE, and MIS journals, and has been a conference chair for key events in digital library, information systems, security, and health informatics. An accomplished entrepreneur, his COPLINK/i2 system for security analytics was commercialized and later acquired by IBM, becoming a leading government analytics product used in law enforcement and intelligence agencies worldwide. Dr. Chen has also served as an advisor to federal research programs and as a scientific counselor for major national libraries and research institutions. He has held visiting positions at Tsinghua University and National Taiwan University, and is internationally recognized for his research in health analytics and security informatics, including projects like SilverLink and AZSecure. Currently, he directs the UA AZSecure Cybersecurity Program and leads AI4BI at TSMC, focusing on AI applications in business intelligence for semiconductors and high-performance computing.

Research topics

• Computer Science
• Sociology
• Data science
• Computer Security
• Social Science
• Machine Learning
• Natural Language Processing
• Artificial Intelligence
• Engineering management
• Management science
• Knowledge management
• Cognitive psychology
• Engineering
• Business
• Medicine
• Human–computer interaction
• Process management
• Operations management
• Systems engineering
• Psychology

Selected publications

• Defending Deep Learning-Based Raw Malware Detectors Against Adversarial Attacks: A Sequence Modeling Approach

  Journal of Management Information Systems · 2025-10-02

  articleSenior author
  PublisherDOI

• Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD. Preface

  Fraunhofer-Publica (Fraunhofer-Gesellschaft) · 2025-05-23

  articleOpen access1st authorCorresponding

  Computer supported communication and infrastructure are integral parts of modern economy. Their security is of incredible importance to a wide variety of practical domains ranging from Internet service providers to the banking industry and e-commerce, from corporate networks to the intelligence community. The CSI-KDD workshop focuses on novel knowledge discovery methods addressing CyberSecurity and intelligence issues as well as innovative applications demonstrating the effectiveness of data mining in solving real-world security problems. The challenge for novel methods originates from the emergence of new types of contents and protocols, and only an integrated view on all modes promises optimal results. Innovative applications are essential as IT-communication as well as computer-supported technical and social infrastructure have an extremely complex structure and require a comprehensive approach to prevent criminal activities.

  PublisherDOI

• Learning Contextualized Action Representations in Sequential Decision Making for Adversarial Malware Optimization

  IEEE Transactions on Dependable and Secure Computing · 2024-10-09 · 3 citations

  articleSenior author

  Deep learning (DL)-based malware detectors have shown promise in swiftly detecting unseen malware without expensive dynamic malware behavior analysis. These detectors have been shown to be susceptible to adversarial malware variants generated from meticulously modifying known malware to mislead detectors into recognizing them as benign. Being able to automatically generate optimized functional adversarial malware variants by defenders is crucial to effective cyber defense and staying ahead of the adversary. Current adversarial malware example generation methods often assume threat models with any of the following four restrictions: (1) requiring access to insider knowledge about malware detectors, (2) an unlimited size of adversarial modifications, (3) an unlimited number of queries to malware detector, and (4) relying on dynamic analysis of malware behavior in a sandbox. Drawing on Actor-Critic Reinforcement Learning (RL), we propose a novel closed-box binary manipulation method for adversarial malware optimization, named Actor-Critic with Contextualized Action Representations (AC-CAR), to generate malware variants without these restrictions. AC-CAR leverages two novel components, a contextualized policy and a neural language model-based RL-augmented top-<inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> sampling method. Unlike current methods, AC-CAR can utilize tens of thousands of actions to augment malware executables for evading DL-based malware detectors. AC-CAR yields an approximately 2-fold performance increase over the current methods on average, while decreasing the payload size to 20 times smaller than leading methods. We show that using the malware variants generated by AC-CAR in an adversarial re-training procedure improves malware detector’ robustness against adversarial variants by 29.65% on average.

  PublisherDOI

• Examining the Effect of Personalized PII Exposure Alerts on Individuals’ Privacy Protection Motivation

  2024-05-20 · 1 citations

  articleSenior author

  Personally Identifiable Information (PII) leakage can lead to identity theft, financial loss, reputation damage, and anxiety. However, individuals remain largely unaware of their PII exposure on the Internet, and whether providing individuals with information about the extent of their PII exposure can trigger privacy protection actions requires further investigation. In this pilot study, grounded by Protection Motivation Theory (PMT), we examine whether receiving privacy alerts in the form of threat and countermeasure information will trigger senior citizens to engage in protective behaviors. We also examine whether providing personalized information moderates the relationship between information and individuals’ perceptions. We contribute to the literature by shedding light on the determinants and barriers to adopting privacy protection behaviors.

  PublisherDOI

• Improving Threat Mitigation Through a Cybersecurity Risk Management Framework: A Computational Design Science Approach

  Journal of Management Information Systems · 2024-01-02 · 30 citations

  articleOpen access

  Cyberattacks have been increasing in volume and intensity, necessitating proactive measures. Cybersecurity risk management frameworks are deployed to provide actionable intelligence to mitigate potential threats by analyzing the available cybersecurity data. Existing frameworks, such as MITRE ATT&CK, provide timely mitigation strategies against attacker capabilities yet do not account for hacker data when developing cyber threat intelligence. Therefore, we developed a novel information technology artifact, ATT&CK-Link, which incorporates a novel transformer and multi-teacher knowledge distillation design, to link hacker threats to this broadly used framework. Here, we illustrated how hospital systems can use this framework to proactively protect their cyberinfrastructure against hacker threats. Our ATT&CK-Link framework has practical implications for cybersecurity professionals, who can implement our framework to generate strategic, operational, and tactical cyber threat intelligence. ATT&CK-Link also contributes to the information systems knowledge base by providing design principles to pursue targeted cybersecurity analytics, risk management, and broader text analytics research through simultaneous multi-modal (e.g., text and code) distillation and classification.

  PublisherOA PDFDOI

• Enhancing Vulnerability Prioritization in Cloud Computing Using Multi-View Representation Learning

  Journal of Management Information Systems · 2024-07-02 · 6 citations

  article
  PublisherDOI

• RADAR: A Framework for Developing Adversarially Robust Cyber Defense AI Agents with Deep Reinforcement Learning

  MIS Quarterly · 2024-09-11 · 2 citations

  articleSenior author

  Artificial intelligence (AI) is being widely adopted in modern cyber defense to weave automation and scalability into the operational fabric of cybersecurity firms. Today, AI aids in crucial cyber defense tasks such as malware and intrusion detection to keep information technology (IT) infrastructure secure. Despite their value, cyber defense AI agents can be vulnerable to adversarial attacks. In these attacks, the adversary deliberately manipulates a malicious input by taking a sequence of actions so that a targeted cyber defense AI agent fails to correctly determine its maliciousness. Consequently, the robustness of cyber defense AI agents has raised deep concerns in modern cyber defense. Drawing on the computational design science paradigm, we couple robust optimization and reinforcement learning theories to develop a novel framework, called reinforcement learning-based adversarial attack robustness (RADAR), to increase the robustness of cyber defense AI agents against adversarial attacks. To demonstrate practical utility, we instantiate RADAR for malware attacks—the primary cause of financial loss in cyber attacks. We rigorously evaluate the performance of RADAR as a situated IT artifact against state-of-the-art machine learning and deep learning-based benchmark methods. Incorporating RADAR in three renowned malware detectors shows an adversarial robustness increase of up to seven times, on average. We conclude by discussing contributions to information system research as well as implications for cyber defense stakeholders.

  PublisherDOI

• Evading Deep Learning-Based Malware Detectors via Obfuscation: A Deep Reinforcement Learning Approach

  2023-12-04

  articleSenior author

  Adversarial Malware Generation (AMG), the generation of adversarial malware variants to strengthen Deep Learning (DL)-based malware detectors has emerged as a crucial tool in the development of proactive cyberdefense. However, the majority of extant works offer subtle perturbations or additions to executable files and do not explore full-file obfuscation. In this study, we show that an open-source encryption tool coupled with a Reinforcement Learning (RL) framework can successfully obfuscate malware to evade state-of-the-art malware detection engines and outperform techniques that use advanced modification methods. Our results show that the proposed method improves the evasion rate from 27%-49% compared to widely-used state-of-the-art reinforcement learning-based methods.

  PublisherDOI

• Evading Deep Learning-Based Malware Detectors via Obfuscation: A Deep Reinforcement Learning Approach

  2023-12-01 · 6 citations

  articleSenior author

  Adversarial Malware Generation (AMG), the generation of adversarial malware variants to strengthen Deep Learning (DL)-based malware detectors has emerged as a crucial tool in the development of proactive cyberdefense. However, the majority of extant works offer subtle perturbations or additions to executable files and do not explore full-file obfuscation. In this study, we show that an open-source encryption tool coupled with a Reinforcement Learning (RL) framework can successfully obfuscate malware to evade state-of-the-art malware detection engines and outperform techniques that use advanced modification methods. Our results show that the proposed method improves the evasion rate from 27%-49% compared to widely-used state-of-the-art reinforcement learning-based methods.

  PublisherDOI

• Multi-view Representation Learning from Malware to Defend Against Adversarial Variants

  2022 IEEE International Conference on Data Mining Workshops (ICDMW) · 2022-11-01 · 1 citations

  articleSenior author

  Deep learning-based adversarial malware detectors have yielded promising results in detecting never-before-seen malware executables without relying on expensive dynamic behavior analysis and sandbox. Despite their abilities, these detectors have been shown to be vulnerable to adversarial malware variants - meticulously modified, functionality-preserving versions of original malware executables generated by machine learning. Due to the nature of these adversarial modifications, these adversarial methods often use a single view of malware executables (i.e., the binary/hexadecimal view) to generate adversarial malware variants. This provides an opportunity for the defenders (i.e., malware detectors) to detect the adversarial variants by utilizing more than one view of a malware file (e.g., source code view in addition to the binary view). The rationale behind this idea is that while the adversary focuses on the binary view, certain characteristics of the malware file in the source code view remain untouched which leads to the detection of the adversarial malware variants. To capitalize on this opportunity, we propose Adversarially Robust Multiview Malware Defense (ARMD), a novel multi-view learning framework to improve the robustness of DL-based malware detectors against adversarial variants. Our experiments on three renowned open-source deep learning-based malware detectors across six common malware categories show that ARMD is able to improve the adversarial robustness by up to seven times on these malware detectors.

  PublisherDOI

Recent grants

• EAGER: Long-term View on Nanotechnology R&D as Reflected in Scientific Papers, Patents, and NSF Awards

  NSF · $280k · 2010–2014

• EAGER: SaTC-EDU: Artificial Intelligence and Cybersecurity Research and Education at Scale

  NSF · $298k · 2020–2024

• Cybersecurity Big Data and Analytics Sharing Platform

  NSF · $180k · 2017–2022

• CRI: CRD - Developing a Dark Web Collection and Infrastructure for Computational and Social Sciences

  NSF · $500k · 2007–2012

• NIH Grant R33LM007299

  NIH · $1.3M · 2006

Frequent coauthors

• Daniel Zeng

  Chinese Academy of Sciences

  77 shared

• Michael Chau

  42 shared

• Zan Huang

  Zhongnan Hospital of Wuhan University

  34 shared

• Yilu Zhou

  Fordham University

  23 shared

• Christopher C. Yang

  23 shared

• Jialun Qin

  University of Massachusetts Lowell

  22 shared

• Bruce R. Schatz

  University of Illinois Urbana-Champaign

  22 shared

• Catherine Larson

  Cleveland Clinic

  21 shared

Labs

• Artificial Intelligence Lab at The University of ArizonaPI

Awards & honors

• NCTU Distinguished Alumnus Award (2005)
• IEEE Computer Society Technical Achievement Award (2006)
• INFORMS Design Science Award (2008 and 2023)
• AIS Impact Award (2020)
• IEEE Big Data Security Pioneer Award