Kim-Kwang Raymond Choo
2021-2023 Distinguished Visitor


Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). He was also a visiting scholar at INTERPOL Global Complex for Innovation between October 2015 and February 2016 and a visiting Fulbright scholar at Rutgers University School of Criminal Justice and Palo Alto Research Center (formerly Xerox PARC) in 2009.

He serves as the Department Editor of IEEE Transactions on Engineering Management; Associate Editor of IEEE Transactions on Big Data; Associate Editor of IEEE Transactions on Dependable and Secure Computing, etc.

He is included in Web of Science’s Highly Cited Researcher in the field of Cross-Field – 2020, and named the Cybersecurity Educator of the Year – APAC (Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn) in 2016. In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, the Outstanding Associate Editor of 2018 for IEEE Access, the British Computer Society’s 2019 Wilkes Award Runner-up, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, the Fulbright Scholarship in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society’s Wilkes Award in 2008. He has also received best paper awards from the IEEE Consumer Electronics Magazine for 2020, EURASIP Journal on Wireless Communications and Networking (JWCN) in 2019, IEEE TrustCom 2018, and ESORICS 2015; the Korea Information Processing Society’s Journal of Information Processing Systems (JIPS) Survey Paper Award (Gold) 2019; the IEEE Blockchain 2019 Outstanding Paper Award; and Best Student Paper Awards from Inscrypt 2019 and ACISP 2005.

His research has been funded by NASA, National Security Agency, National Science Foundation, CPS Energy, LGS Innovations, MITRE, Texas National Security Network Excellence Fund, Australian Government National Drug Law Enforcement Research Fund, Australian Government Cooperative Research Centre for Data to Decision, Lockheed Martin Australia, auDA Foundation, Government of South Australia, BAE Systems stratsec, Australasian Institute of Judicial Administration Incorporated, Australian Research Council, etc. He is also a Fellow of the Australian Computer Society, an IEEE Senior Member, and Co-Chair of IEEE Multimedia Communications Technical Committee’s Digital Rights Management for Multimedia Interest Group.

University of Texas at San Antonio


DVP term expires December 2023


Internet of Things (IoT) cyber security and threat intelligence: What are the research challenges and opportunities?

Internet of Things (IoT) devices are becoming commonplace in our society, due to their widespread applications (e.g., environmental monitoring, smart cities, healthcare, surveillance, and battlefields such as Internet of Battlefield Things). Such devices are also generally capable of capturing a broad range of information, including digital artifacts that can be used for cyber threat intelligence and inform security mitigation strategy formulation. There are, however, a number of challenges associated with designing IoT cyber security and threat intelligence solutions. In addition to the technical challenges, there are also associated legal and policy challenges that need to be considered in the design and deployment of such solutions in practice.

In this presentation, we will explore the challenges from technical, legal and policy perspectives. For example, how do we use machine/deep learning to facilitate detection of real-time attacks against IoT devices and systems, and how can we automatically identify and collect digital evidence in a forensically sound manner which can be subsequently used for cyber threat intelligence? In the event that the attackers use sophisticated tools to obfuscate their trails, can we design machine/deep learning techniques to unobfuscate and/or identify and exploit vulnerabilities to get access to digital evidence? What are the potential legal implications and challenges? Can we also design explainable AI techniques to facilitate the explanation and inclusion of such digital evidence and cyber threat intelligence in court proceedings or presentations to C-level or boards in organizations? Based on these discussed challenges, we will identify potential opportunities for stakeholders in academia (e.g., students and researchers), industry and government.


Modeling the propagation of negative behaviors through social network analysis

Cyberspace offers a great scope for freedom of expression, enabling constructive discourse and information dissemination. However, it can also be abused and exploited to facilitate social manipulation (e.g., dissemination of propaganda). How misinformation propagates through a social network remains difficult to track. Current social media platforms tend to be hands off allowing misinformation to continue to flow, making it difficult to detect and suppress the spread of misinformation. Given the prevalence of fake accounts and the use of bots, it is challenging to identify individuals who initiate and participate in the dissemination of misinformation, let alone penetrate these misinformation network groups. For retrospective studies, social media users who engage in negative behaviors are often not traceable as the account and all related information vanish quickly from public view once they are exposed or banned. We posit that researchers need to think outside of the box to obtain the data necessary to conduct research in this area.

In this presentation, we explore the utility of different online platforms in modeling the propagation of negative behavior (e.g., social engineering, credential breaches, and game exploits), for example to identify clusters of social groups that endorse and spread such wrong behaviors (e.g., potential criminal networks). We will discuss the findings from one of our ongoing work, where the network characteristics, coupled with the presence of contagion effect on negative behavior and the unique availability of the data on violators, allow us to examine how the negative behaviors spread in popular social platforms. Specifically, based on longitudinal data collected from the users we analyze the evolution of these social groups to identify and predict potential violators, and the pattern of their violations. We anticipate that users who find certain misbehavior morally objectionable will self-select themselves out of the cheater’s social network, leaving us with a closer circle of individuals who are more tolerant to the particular misbehavior. Such behavior and their common characteristics may give us insight on the process of other criminal activities, such as online radicalization, where an individual gradually normalizes and adopts antinormative behaviors.

We will also explain how the findings from this research will enable relevant stakeholder groups to triage open source social media intelligence and prioritize resources to identify individuals and groups who exist within hidden social networks spreading negative behaviors (e.g., illicit activities), based on the results of the toolkits developed in this research.






  • Internet of Things (IoT) cyber security and threat intelligence: What are the research challenges and opportunities?
  • Modeling the propagation of negative behaviors through social network analysis

Read the abstracts for each of these presentations