• Daniel Dickson- IoT device identification and security
• Joshua Greer- Smart Home IoT device fingerprinting and vulnerability identification
• Alex Smith- Assessing suspicion in social engineering
• Jorge Alberto Dominguez- Identity Theft

• Guadalupe Angeles - hacker community and social engineering tools
• Nolan Arnold - Darknet markets, threat intelligence-driven computer network defense, hacker assets, cyber forensics.
• Christopher Harrell - security informatics, vulnerability assessment and penetration testing
• Rachael Dunn - cyber threat intelligence, DarkNet Marketplaces and cryptocurrencies
• Robert Schweitzer - researching hacker forums to identify key threat actors
• John Voss - Internet of Things, vulnerability analysis and network security

• Emma McMahon - large-scale vulnerability assessments and cyber-physical systems
• Mathew Soares - privacy
• Ryan Williams - the Dark Web, network security and vulnerability assessment

Gormican, Emmet: "Identification of Open-Source Software Vulnerabilities in Industrial Internet of Things Devices", 2022

Hall, David: "Assessing the Vulnerabilities of Blockchain-Based Solidity Smart Contracts", 2022.

Pesce, Michael: "Explaining PII Attribute Inference Risk for Social Media Users: An Interpretive Model Agnostic Approach", 2022.

Otto, Kaeli: "Disrupting Ransomware Actors on the Bitcoin Blockchain: A Graph Embedding Approach", 2022

Rudnick, Payton: "Affect Analysis of Large-Scale Conspiracy Theorist Communities on Fringe Online Social Networks’", 2022.

Vahedi, Tala: "Exploring and Mapping Exploitable Code on Paste Sites to the MITRE ATT&CK Framework for Proactive Cyber Threat Intelligence’", 2022.

D'vertola, Matthew: "Identifying Vulnerable Code Clones Between Stack Overflow and GitHub: A Deep Learning Approach", 2021

Sajid, Izhar: "Analyzing the Global Exposure and Vulnerabilities of Smart Cameras: A Multi-View Representation Learning Approach", 2021.

Ahmad-Post, Zara: "Russian Computational Propaganda: Message Dissemination to U.S. Mainstream Media", 2021.

Greer, Gabrila: "Optimizing Parental Trust in Artificial Intelligence for Detecting Cyberpredators", 2021.

Lazarine, Benjamin: "Detecting and Grouping Vulnerable GitHub Repositories in Scientific Cyberinfrastructure", 2021

Dominguez, Jorge: "Constructing the Story of Identity Theft with Topic Models and Latent Semantic Analysis", 2020.

Harrell, Chris: "Developing Behavioral Analytics: Case Studies of Advanced Persistent Threat Malware", 2019.

Dunn, Rachael: "Assessing Suspicion in Social Engineering: Designing A Captive Portal Approach", 2019.

Adams, Troy : "Avatar Image Role in Trust in an Intelligent Cybersecurity Assistant", 2019.

Arnold, Nolan: "Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool", 2019.

Angeles, Guadalupe: "In-Depth Packet Analysis to Detect NTP Attacks & Vulnerable Clients in NTP Server Network Traffic", 2019.

Schweitzer, Robert: "Network Intrusion Detection of Smart Home Devices Using Artificial Neural Networks", 2019.

Voss, John: "Identifying Hidden IoT Device Behaviors and Vulnerabilities Through Long-Term Network Traffic Capture", 2019.

McMahon, Emma, "Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical System (CPS) Resiliency", 2018. Dr. Mark Patton.

Cyber-Physical Systems (CPSs) are engineered systems seamlessly integrating computational intelligence and physical components. CPS advances offer numerous benefits to domains such as health, transportation, smart homes and manufacturing. Despite these advances, the overall cybersecurity posture of CPS devices remains unclear. In this paper, we provide knowledge on how to improve CPS resiliency by evaluating and comparing the accuracy, suitability, and scalability of two popular vulnerability assessment tools, Nessus and OpenVAS. Accuracy and suitability are evaluated with a diverse sample of pre-defined vulnerabilities in Industrial Control Systems (ICS), smart cars, smart home devices, and a smart water system. Scalability is evaluated using a large-scale vulnerability assessment of 1,000 Internet accessible CPS devices found on Shodan, the search engine for the Internet of Things (IoT). Assessment results indicate several CPS devices from major vendors suffer from critical vulnerabilities such as unsupported operating systems, OpenSSH vulnerabilities allowing unauthorized information disclosure, and PHP vulnerabilities susceptible to denial of service attacks.

Soares, Matthew, "A Comparison of Privacy Practices Across Industries", 2018. Dr. Mark Patton.

A majority of U.S. consumers are concerned about their online privacy. The U.S. Consumer Privacy Index 2016 found that 92% of U.S. consumers have concerns over online privacy (Trust. N.C.S. Alliance, 2016). There is current research that have analyzed the privacy policies of different companies such as Bhatia et. al and Cranor et. al (Bhatia & Breaux, 2017), (Cranor et al., 2013). However, to the best of my knowledge, no studies have analyzed the privacy policies of companies from different industries and compared the analyses of privacy policies by two coders. Therefore, this research focuses on analyzing and comparing the privacy practices of ten companies and five social media services from three different industries: Financials, Retail, and Social Media. The results from this analysis show that there are similarities and differences in the privacy practices both within and across the three industries as well as between the analyses conducted by the two coders.

Williams, Ryan, "Incremental Hacker Asset Collection and Classification for Proactive Cyber Threat Intelligence", 2018. Dr. Mark Patton.

Cyber-threats consistently prove a significant threat to organizational security and consumer privacy. Security breaches cost companies billions of dollars a year and compromise the personal information of millions of individuals. These cyber-attacks are conducted in a variety of methods including the use of malicious tools. Cyber Threat Intelligence (CTI) aims to learn from and combat these attacks, but current CTI efforts rely heavily on internal data that leads to reactive mitigation efforts. Hacker forums, where users can share malicious tools, provide a source of external intelligence that can be utilized in proactively defending against possible threats. This research proposes an incremental hacker forum crawler for the collection and classification of file attachments shared in hacker forums. Specifically, a web crawler has been developed to incrementally collect new attachments posted in hacker forums. Once an attachment is found, a state-of-the-art recurrent neural network classifies it into a number of possible exploit types. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.

Afarin, Cyrus, “Does Shodan Keep Up With The Times?" 2017. Dr. Mark Patton.
Through security visualizations, Shodan data can be utilized to understand SCADA and ICS devices for any given IP range. The relationship between ports and IP addresses can be displayed in a manner to obtain valuable information and to understand Shodan as a tool. An analysis of Shodan data will be performed over a specified period for a specific region. These efforts are framed to accurately identify SCADA/ICS devices for said region and understand Shodan’s consistency over the evaluated time frame.

Barreras, Calvin, “Automating the Identification of Internet Resources for Healthcare Organizations using Shodan,” 2017. Dr. Mark Patton.

El, Malaka, “Benchmarking Vulnerability Scanners: An Experiment on SCADA Devices and Scientific Instruments,” 2017. Dr. Hsinchun Chen.
Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite (Burp), in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.

Ercolani, Vincent, “A Survey of Shodan Data,” 2017. Dr. Mark Patton.

Grisham, John, “Identifying Mobile Malware and Key Threat Actors in Online Hacker Forums for Proactive Cyber Threat Intelligence,” 2017. Dr. Hsinchun Chen.
Cyber-attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, the usage of a state-of-the-art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. The identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

Ireson, Ashley, “A Typology Based on Self-Identity & Explanatory Factors of Cybercriminal Behavior,” 2017. Dr. Sue Brown and Dr. Jesse Bockstedt.
Cybercrime is a top national security threat, higher than terrorism, espionage, and weapons of mass destruction (Mickelberg 2014), but more research is necessary to further understand and define it. This study developed a theoretical model and survey instrument in an attempt to close some of the gaps in knowledge by discovering types of skilled technologists based on self-identity. Additional factors, attributes known to be correlated with cybercriminal propensity, were included to further differentiate these types. We expected to find groupings of individuals that have been described in previous literature, but with our innovative approach, the discovery of new types of technologists was possible. Following a clustering analysis, our respondents were grouped into four different types. We preliminarily named and defined each group: heroes, eccentrics, hacking professionals and conservatives. A multinomial logistical regression was performed to provide additional explanatory factors for each type. Future research is suggested.

Rohrmann, Rodney, “Large Scale Anonymous Port Scanning,” 2017. Dr. Mark Patton.
As computers become faster and more efficient, the ability to port scan large portions of the IPv4 range increases. Organizations such as the University of Michigan and Shodan have both created tools and open sourced their scan results, allowing researchers to use scan data to map and understand the IPv4 range. Though such sources exist, there are benefits of running scans internally to collect data. When sourcing port scans internally, there is a risk of the source scanning a target that may retaliate maliciously. The practice of openly scanning ports, and allowing sites which are scanned to request an opt-out of future scans, is not always effective. Some individuals and organizations will attempt to retaliate if they detect a scan through malicious activities. To combat these retaliatory actions, I have developed a methodology to run port scans through Tor, which anonymizes the scans and mitigates the risk of retaliation. When scanning new portions of the IPv4 range, anonymous port scanning has been successfully achieved and is currently in use. The goal of this research project was to identify a combination of anonymization methods and port scanning tools that successfully hide the source’s IP address while providing an accurate port scan of the target. Further efforts were placed on the scalability and accuracy of such scanning methods when used on a large portion of the IPv4 range. The research proved to be successful and I now have a tool that can be used to scan any port/IP combination in the IPv4 range while remaining anonymous. As scalability was a concern of the project, significant efforts were put into decreasing throughput time. This was achieved and I reduced the scan time of the test bed from an average of 10 hours down to an average of 5 minutes.

Dolan, Stephen, “Image-Based Password Usability Study,” 2016. Dr. Jesse Bockstedt and Dr. Matthew Hashim.
Online authentication methods have long been considered insecure and vulnerable to theft and attack. Previous research has identified password creation habits, semantics in passwords and the effects of password creation policies on user behavior. Additionally, studies have measured password strength using cracking algorithms and developed adaptive password-strength models. However, little work has been done to identify a method of online user authentication that differs from traditionally accepted passwords. In this research, we develop a new way to create a password, using images instead of ASCII characters. We also gather data from multiple password creation interfaces to analyze the usability of image-based passwords.

Jicha, Arthur, “SCADA Honeypots – An In-depth Analysis of Conpot,” 2016. Dr. Hsinchun Chen.
SCADA honeypots are key tools in determining not only threats which pertain to SCADA devices in the wild, but also as an early detection mechanism of potential malicious tampering within a SCADA device network. An analysis of one such SCADA honeypot, Conpot, will be conducted to determine its viability as an effective SCADA emulating device. A long term analysis is conducted and a simple scoring mechanism is leveraged to evaluate Conpot.

Jicha, Ryan, “Identifying Devices Across the IPv4 Address Space,” 2016. Dr. Mark Patton.
Many devices today are internet-enabled. This results in more threat vectors in the IPv4 space. In order to determine the scale of vulnerabilities being introduced to the internet, a new methodology of scanning must be implemented to allow the entire internet to be scanned for types of devices. Currently, network scans can be connection-oriented, where the connections to ports are tracked, or connectionless, where packets are sent as fast as possible while a separate process listens for server responses. Connection-oriented scanners result in more accurate scanning while connectionless scanners are magnitudes faster. At the University of Arizona, SCADA devices have been identified based on their banners by using Shodan. Shodan is an online search engine of monthly scan results that are conducted by the sites owner, John Matherly. Not every port is scanned by Shodan; therefore there is a lack of information for identifying all device types based on their port information. In the past, security tools have been combined to improve the accuracy of service scanning, but there are no mentions of combining tools to improve the speed of scans across the entire IPv4 range. The goal of this research was to create a framework to allow scanning of the entire IPv4 range based on port profiles for device types. This was done by using a connectionless scanner to determine if ports relating to a port profile. The results from the framework were an improvement of speed from several hours to just three minutes for scanning a device and completing a detailed service scan. After testing the framework on a controlled network, several SCADA devices were found and confirmed to be SCADA using the framework.

Kaufer, Ian, “Human Exploits in Cybersecurity: A Social Engineering Study,” 2016. Dr. Jesse Bockstedt and Dr. Matthew Hashim
Social engineering is an information security threat that continues to plague organizations today. As much as organizations can invest in technical security products and services to protect their networks, the human element in security is weak. Social engineers are malicious attackers who exploit the vulnerabilities in human behavior to gain access or retrieve information. In the realm of information security research, there is quite a lot of research on technical security products and services. However, there have been no direct, field experiments to test the factors that make social engineering more or less successful in a physical, non-technical environment. The purpose of this report is to discuss the details going into our social engineering experiment, the Institutional Review Board (IRB) process, literature review, experiment and design, hypotheses, analysis, motivation and discussion for why we conducted this research.

McDermott, Brendan, “Factors enabling Fraud: A Study of Social engineering and Identity Theft,” 2016. Dr. Mark Patton.
In this paper we investigate a number of factors that make people vulnerable to social engineering and identity theft in particular. We do this by conducting a behavioral field experiment on the campus of the University of Arizona in Tucson, Arizona. Between May and December 2015, a group of eight confederates engaged over 600 potential subjects and collected a wealth of personally identifiable information.

Chinn, Ryan, “Botnet Detection: Honeypots and the Internet of Things,” 2015. Dr. Hsinchun Chen.
With the growing trend of Internet-enabled devices and the emergence of the Internet of Things (IoT), cybercrimes such as those carried out by botnets becomes a major issue. Previous research has attempted to estimate botnet population size, locate command and control servers, and utilize network security scanners. However, little work has been done that studies the characteristics of compromised devices belonging to botnets. In this research, we use data from several passive detection techniques including honeypots, VirusTotal, and Shodan to gain insights into these devices.

Forbis, Samantha, “Integration of ZMap with Shodan for Comprehensive Internet of Things Research,” 2015. Dr. Hsinchun Chen.
The perpetuation of devices that populate the Internet of Things (IoT) continues to increase at a furious pace. The state of the security of these devices has not followed suit. This situation is continuously overlooked by manufacturers, to whom the bottom line is most important, and by consumers, to whom convenience and device features are most important. The dual neglect has led to an increasingly dubious state of insecurity amongst all types of Internet-facing devices. From consumer devices to industrial control devices, security and convenience continue to clash. Tools have emerged to locate these highly visible Internet-facing devices and highlight the depth to which the security problem goes. Academic research aims to identify these vulnerable devices to aid in the mitigation and remediation of this issue.

Gross, Eric, “Critical Infrastructure Security: Locating and Securing SCADA Devices on the Internet of Things,” 2015. Dr. Hsinchun Chen.
Placing devices on the Internet of Things (IoT) has become commonplace, where everything from refrigerators to solar panels can be connected to increase the usability and accessibility of different devices. When devices are connected to the Internet of Things they become easily locatable using search tools such as Shodan, an online database of visible internet devices, which may create a potential security concern. Because these devices can control critical infrastructure, such as with Supervisory Control and Data Acquisition (SCADA) devices, these should be located and tested for potential vulnerabilities in an automated fashion. Ensuring the confidentiality, integrity, and availability of these devices can be done through the use of Shodan and custom made vulnerability assessment tools.

Walker, Leon, “Continuous IT System Auditing,” 2015. Dr. Mark Patton.
Continuous auditing systems are designed to provide real-time assurance on the quality and credibility of information. The adoption of continuous auditing systems is typically driven by regulation, industry, and cost. Continuous auditing systems help by reducing the amount of field work involved and reducing the number of repetitive tasks an auditor needs to perform. Even though industry is being driven toward continuous auditing systems, not all systems are integrated within the organization at the same level. Continuous systems offer many benefits and can increase security, decrease inefficiencies and reduce errors. However, the returns from the benefits seem to be tied to the amount of planning and re-engineering an organization is willing to commit to. This survey paper covers the multiple dimensions of continuous auditing systems while filling in weaknesses in previous works, concluding with a discussion on the viability of automating controls.

• S. Samtani, Chinn, R., Chen, H., and Nunamaker, J.F. (under review). "Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence".  Journal of Management Information Systems.
• S. Samtani, S. Yu, H. Zhu, M. Patton, J. Matherly, and H. Chen, (under review). "Identifying SCADA Systems and their Vulnerabilities on the Internet of Things: A Text Mining Approach".  Journal of Management Information Systems.
• S. Samtani, S. Yu, and H. Zhu (under review). "Fear Appeals and Information Security Behaviors: An Empirical Study on Mechanical Turk". Transactions on Replication Research. 
• Danny Thebeau II; Benjamin Reidy; Ricardo Valerdi; Avinash Gudagi; Hemayamini Kurra; Youssif Al-Nashif; Salim Hariri; Frederick Sheldon. “Improving cyber resiliency of cloud application services by applying Software Behavior Encryption (SBE).” Procedia Computer Science, 2014; 28:62-70. DOI: 10.1016/j.procs.2014.03.009

• N. Arnold, M. Ebrahimi, N. Zhang, B. Lazarine, S. Samtani, M. Patton, and H. Chen, “Dark Net Ecosystem Cyber Threat Intelligence Tool,” Proceedings of 2019 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2019), ShenZeng, China, July 2019.
• B. Ampel, M. Patton, and H. Chen, “Performance Modeling of Hyperledger  Sawtooth Blockchain,” Proceedings of 2019 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2019), ShenZeng, China, July 2019.

• C. Harrell, S. Samtani, M. Patton, and H. Chen, “Vulnerability Assessment, Remediation, and Automated Reporting: Case Studies of Higher Education Institutions,” Proceedings of 2018 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2018), Miami, Florida, November 2018.
• M. Ebrahimi, M. Surdeanu, S. Samtani, and H. Chen, “Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach: An Exploratory Study,” Proceedings of 2018 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2018), Miami, Florida, November 2018.
• R. Williams, S. Samtani, M. Patton, and H. Chen, “Incremental Hacker Forum Exploit Collection and Classification for Practical Cyber Threat Intelligence: An Exploratory Study,” Proceedings of 2018 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2018), Miami, Florida, November 2018.
• E. McMahon, M. Patton, H. Chen, and S. Samtani, “Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical Systems Resiliency,” Proceedings of 2018 IEEE International Conference on Intelligence and Security Informatics (IEEE ISI 2018), Miami, Florida, November 2018.

• Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, Mark Patton and Hsinchun Chen, (2017). “Assessing Medical Device Vulnerabilities on the Internet of Things,” ISI 2017 Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, July 2017. 10.1109/ISI.2017.8004903
• Ryan Williams, Emma McMahon, Sagar Samtani, Mark Patton and Hsinchun Chen, (2017). “Identifying Vulnerabilities of Consumer Internet of Things (IoT) Devices: A Scalable Approach,” ISI 2017 Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, July 2017. 10.1109/ISI.2017.8004904
• John Grisham, Sagar Samtani, Mark Patton and Hsinchun Chen, (2017). “Identifying Mobile Malware and Key Threat Actors in Online Hacker Forums for Proactive Cyber Threat Intelligence,” ISI 2017 Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, July 2017. 10.1109/ISI.2017.8004867
• Malaka El, Sagar Samtani, Hsinchun Chen, Mark Patton and Emma McMahone, (2017). “Benchmarking Vulnerability Scanners: An Experiment on SCADA Devices and Scientific Instruments,” ISI 2017 Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, July 2017. 10.1109/ISI.2017.8004879
• Rodney Rohrmann, Vincent Ercolani, Mark Patton, (2017). “Large Scale Port Scanning Through Tor Using Parallel Nmap Scans to Scan Large Portions of the IPv4 Range,” ISI 2017 Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics, Beijing, China, July 2017. 10.1109/ISI.2017.8004906

• V. Ercolani, M. Patton, and H. Chen, “Shodan Visualized,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745467
• J. Grisham, C. Barreras, C. Afarin, M. Patton, and H. Chen, “Identifying Top Listers in Alphabay Using Latent Dirichlet Allocation,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745477
• R. Jicha, M. Patton, and H. Chen, “Identifying Devices across the IPv4 Address Space,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745469
• A. Jicha, M. Patton, and H. Chen, “SCADA Honeypots: An In-depth Analysis of Conpot,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745468
• M. Patton, E. Gross, R. Chinn, S. Forbis, L. Walker, and H. Chen, “Uninvited Connections: A Study of the Vulnerable Devices on the Internet of Things (IoT),” ISI 2014, Proceedings of 2014 IEEE International Conference on Intelligence and Security Informatics, The Netherlands, September 2014. DOI: 10.1109/JISIC.2014.43
• R. Rohrmann, M. Patton, and H. Chen, “Anonymous Port Scanning Performing Network -Reconnaissance Through Tor,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745475
• S. Samtani, and H. Chen, “Using Social Network Analysis to Identify Key Hackers for Keylogging Tools in Hacker Forums,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745500
• S. Samtani, R. Chinn, and H. Chen, “Exploring Hacker Assets in Underground Forums,” ISI 2015, Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, Baltimore, Maryland, May 2015. DOI: 10.1109/ISI.2015.7165935
• S. Samtani, K. Chinn, C. Larson, and H. Chen, “AZSecure Hacker Assets Portal: Cyber Threat Intelligence and Malware Analysis,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745437
• S. Samtani, S. Yu, H. Zhu, M. Patton, and H. Chen, “Identifying SCADA Vulnerabilities Using Passive and Active Vulnerability Assessment Techniques,” ISI 2016, Proceedings of 2016 IEEE International Conference on Intelligence and Security Informatics, Tucson, Arizona, September 2016. DOI: 10.1109/ISI.2016.7745438

• S. Samtani, R. Chinn, and H. Chen, “Exploring Hacker Assets in Underground Forums,” ISI 2015, Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, Baltimore, Maryland, May 2015. DOI: 10.1109/ISI.2015.7165935
• V. Benjamin, W. Li, T. Holt, and H. Chen. "Exploring Threats and Vulnerabilities in Hacker Web: Forums, IRC and Carding Shops". Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, Maryland, May 2015. DOI: 10.1109/ISI.2015.7165944
• V. Benjamin and H. Chen. "Developing Understanding of Hacker Language through the use of Lexical Semantics". Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, Maryland, May 2015. DOI: 10.1109/ISI.2015.7165943

• A. Abbasi, W. Li, V. Benjamin, S. Hu, and H. Chen. "Descriptive Analytics: Examining Expert Hackers in Web Forums". Proceedings of 2014 IEEE Joint International Conference on Intelligence and Security Informatics, JISIC 2014, The Hague, Netherlands, September 2014. DOI: 10.1109/JISIC.2014.18
• V.A. Benjamin and H. Chen, "Time-to-event Modeling for Predicting Hacker Community Participant Trajectory," ISI 2014, Proceedings of 2014 IEEE International Conference on Intelligence and Security Informatics, The Netherlands, September 2014. DOI: 10.1109/JISIC.2014.14
• W. Li and H. Chen. "Identifying Top Sellers In Underground Economy Using Deep Learning-based Sentiment Analysis". Proceedings of 2014 IEEE Joint International Conference on Intelligence and Security Informatics, JISIC 2014, The Hague, Netherlands, September 2014. DOI: 10.1109/JISIC.2014.19
• M. Patton, E. Gross, R. Chinn, S. Forbis, L. Walker, and H. Chen, “Uninvited Connections: A Study of the Vulnerable Devices on the Internet of Things (IoT),” ISI 2014, Proceedings of 2014 IEEE International Conference on Intelligence and Security Informatics, The Netherlands, September 2014. DOI: 10.1109/JISIC.2014.43

• Benjamin, V., Samtani, S., and Chen, H. (2017). "Conducting Large-Scale Analyses of Underground Hacker Communities." Cybercrime through an Interdisciplinary Lens.  Holt, Thomas H..  Routledge.  New York, NY. DOI: 10.4324/9781315618456

• H. Chen, “Intelligence and Security Informatics for International Security: Information Sharing and Data Mining,” Springer, 2006.
• H. Chen, M. Dacier, et al., (Eds.), Proceedings the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, Paris, France, June 2009.
• H. Chen, “Dark Web: Exploring and Mining the Dark Side of the Web,” Springer, 2012.

• A. Abbasi and H. Chen, “A Comparison of Fraud Cues and Classification Methods for Fake Escrow Website Detection,” Information Technology and Management, Volume 10, Number 2, Pages 83-101, 2009.
• A. Abbasi and H. Chen, “A Comparison of Tools for Detecting Fake Websites,” IEEE Computer, Volume 42, Number 10, Pages 78-86, October 2009.
• A. Abbasi and H. Chen, “CyberGate: A System and Design for Text Analysis of Computer Mediated Communications,” MIS Quarterly, Volume 32, Number 4, Pages 811-837, December 2008.
• A. Abbasi and H. Chen, “Writeprints: A Stylometric Approach to Identify-Level Identification and Similarity Detection in Cyberspace,” ACM Transactions on Information Systems, Volume 26, Number 2, Pages 7:1-7:29, 2008.
• A. Abbasi, H. Chen, and A. Salem, “Sentiment Analysis in Multiple Languages: Feature Selection for Opinion Classification in Web Forums,” ACM Transactions on Information Systems, Volume 26, Number 3, Pages 12:1-12:34, 2008.
• A. Abbasi, H. Chen, S. Thoms, and T. J. Fu, “Affect Analysis of Web Forums and Blogs using Correlation Ensembles,” IEEE Transactions on Knowledge and Data Engineering, Volume 20, Number 9, Pages 1168-1180, September 2008.
• W. Chung, H. Chen, W. Chang, and S. Chou, “Fighting Cybercrime: A Review and the Taiwan Experience,” Decision Support Systems, special issue on Intelligence and Security Informatics, Volume 41, Number 3, Pages 669-682, March 2006.
• T. J. Fu, A. Abbasi, and H. Chen, “A Focused Crawler for Dark Web Forums,” Journal of the American Society for Information Science and Technology, Volume 61, Number 6, Pages 1213-1231, 2010.
• S. Raghu and H. Chen, “Cyberinfrastructure for Homeland Security: Advances in Information Sharing, Data Mining, and Collaboration Systems,” Decision Support Systems, Volume 43, Number 4, Pages 1321-1323, 2007.

• A. Abbasi and H. Chen, “Affect Intensity Analysis of Dark Web Forums,” Proceedings of 2007 IEEE Intelligence and Security Informatics, ISI 2007, New Brunswick, NJ, May 2007T.
• V. Benjamin and H. Chen, “Securing Cyberspace: Identifying Key Actors in Hacker Communities,” Proceedings of 2012 IEEE International  Conference on Intelligence and Security Informatics, ISI 2012, Washington, DC, June 2012.
• R. Chang, W. Chung and H. Chen, “An International Perspective on Fighting Cybercrime,” Proceedings of the 1st NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, Tucson, Arizona, June 2003, Lecture Notes in Computer Science (LNCS 2665), Springer-Verlag.
• H. Chen, “Cyber Terrorism in Web 2.0: An Exploratory Study of International Jihadist Groups,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
• H. Chen, “Sentiment and Affect Analysis of Dark Web Forums: Measuring Radicalization on the Internet,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
• H. Chen, M. Dacier, et al., (Eds.), Proceedings the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, Paris, France, June 2009.
• T. Fu and H. Chen, “Analysis of Cyberactivism: A Case Study of Online Free Tibet Activities,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
• T. Fu, A. Abbasi and H. Chen, “Interaction Coherence for Dark Web Forums,” Proceedings of 2007 IEEE Intelligence and Security Informatics, ISI 2007, New Brunswick, NJ, May 2007.
• C. Mielke and H. Chen, “Botnets, and the CyberCriminal Underground,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
• R. Zheng, Y. Qin, Z. Huang, and H. Chen, “Authorship Analysis in Cybercrime Investigation,” Proceedings of the 1st NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, Tucson, Arizona, June 2003, Lecture Notes in Computer Science (LNCS 2665), Springer-Verlag.
• D. Zimbra and H. Chen, “Scalable Sentiment Classification across Multiple Dark Web Forums,” IEEE International Conference on Intelligence and Security Informatics, ISI 2012, Washington, DC, June 2012.