Pin-Yu Chen (陳品諭)

Research Staff Member, IBM Research AI; MIT-IBM Watson AI Lab; RPI-IBM AIRC

IBM Thomas J. Watson Research Center, NY, USA

Link to my Twitter Google scholar profile CV Academic activities Bio

Contact: at (primary reviewer account) , pin-yu.chen at

- I am a Research Staff Member of Trusted AI Group & PI of MIT-IBM Watson AI Lab, IBM Thomas J. Watson Research Center. I am also the Chief Scientist of RPI-IBM AI Research Collaboration. My recent research focus has been on adversarial machine learning and robustness of neural networks, and more broadly, making machine learning trustworthy. Here is my <bio>.

My research works are implemented in IBM Adversarial Robustness Toolbox, AI Explainability 360, and Watson Openscale

- I am open to collaboration with highly motivated researchers!

- I received my Ph.D. degree in electrical engineering and computer science and M.A. degree in Statistics from the University of Michigan Ann Arbor in 2016, under the supervision of Prof. Alfred Hero.

- Workshop organizer (selected):

[KDD 2019, 2020] Adversarial Learning Methods for Machine Learning and Data Mining

- Tutorial presenter (selected):

[ECCV 2020] Adversarial Robustness of Deep Learning Models: Attack, Defense, Verification, and Beyond
[CVPR 2020] Zeroth Order Optimization: Theory and Applications to Deep Learning
[ICASSP 2020] Adversarial Robustness of Deep Learning Models: Attack, Defense and Verification
[KDD 2019] Recent Progress in Zeroth Order Optimization and Its Applications to Adversarial Robustness in Data Mining and Machine Learning

- Editorial board: PLOS ONE, IEEE J-IOT (Guest), KSII-TIIS (area editor)

- Featured conference reviewers:


- Featured journal reviewers:


Featured Talks

Funded Research Projects

  1. IBM PI of the Department of Energy project "A Robust Event Diagnostics Platform: Integrating Tensor Analytics and Machine Learning into Real-time Grid Monitoring" [2019 - present]
  2. RPI-IBM AI Research Collaboration (AIRC): PI of ongoing RPI-IBM research projects [2019 - present]
  3. MIT-IBM Watson AI Lab: PI of ongoing MIT-IBM research projects. Two of them are featured <here> and <here> and <MIT Quest for Intelligence Research> and <MIT_News> [2018 - present]
  4. UIUC-IBM Center for Cognitive Computing System Research (C3SR) [2019 - present]

Research Interests

  • Machine Learning: adversarial machine learning and robustness, online and distributed learning, unsupervised and semi-supervised learning
  • Cyber Security: AI for security, attack and defense models, action recommendations for network resilience, malware propagation models
  • Graph Learning and Network Data Analytics: spectral graph theory and algorithms, graph signal processing, community detection, graph clustering, event propagation and control in networks, complex network

Selected Awards and Honors

  • NeurIPS Best Reviewer Award (2017) <Link>
  • Best Paper Finalist, ACM Workshop on Artificial Intelligence and Security (2017)
  • Outstanding Performance Award at Pacific Northwest National Laboratory (2015)
  • Univ. Michigan Rackham International Student Fellowship (Chia-Lun Lo Fellowship) (2013-2014) <Link>
  • EE:Systems Fellowship, University of Michigan, Ann Arbor (2012-2013)
  • Best Master Thesis Award of Graduate Institute of Communications Engineering, National Taiwan Univ. (2011)
  • Second Best Master Thesis Award of Chinese Institute of Electrical Engineering (2011)
  • IEEE GLOBECOM GOLD Best Paper Award (2010) <Link>
  • Ranked 1st Place (Full Scores) in Taiwan National College Entrance Exam (2005)

Selected Publications

I. Adversarial Machine Learning and Robustness of Neural Networks

-Attack & Defense

  1. Proper Network Interpretability Helps Adversarial Robustness in Classification,” ICML 2020
    • Akhilan Boopathy, Sijia Liu, Gaoyuan Zhang, Cynthia Liu, Pin-Yu Chen, Shiyu Chang, and Luca Daniel
  2. Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness,” ICLR 2020
  3. DBA: Distributed Backdoor Attacks against Federated Learning,” ICLR 2020
    • Chulin Xie, Keli Huang, Pin-Yu Chen, and Bo Li
  4. Sign-OPT: A Query-Efficient Hard-label Adversarial Attack,” ICLR 2020
    • Minhao Cheng*, Simranjit Singh*, Patrick H. Chen, Pin-Yu Chen, Sijia Liu, and Cho-Jui Hsieh (*equal contribution)
    • <Sign-OPT_IBM>
  5. Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples,” AAAI 2020
  6. Towards Query-Efficient Black-Box Adversary with Zeroth-Order Natural Gradient Descent,” AAAI 2020
    • Pu Zhao, Pin-Yu Chen, Siyue Wang, and Xue Lin
    • <ZO_NGD_code>
  7. On the Design of Black-box Adversarial Examples by Leveraging Gradient-free Optimization and Operator Splitting Method,” ICCV 2019
    • Pu Zhao, Sijia Liu, Pin-Yu Chen, Nghia Hoang, Kaidi Xu, Bhavya Kailkhura, and Xue Lin
    • <ZO_ADMM_code>
  8. Protecting Neural Networks with Hierarchical Random Switching: Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses,” IJCAI 2019
  9. Topology Attack and Defense for Graph Neural Networks: An Optimization Perspective,” IJCAI 2019
    • Kaidi Xu*, Hongge Chen*, Sijia Liu, Pin-Yu Chen, Tsui-Wei Weng, Mingyi Hong, and Xue Lin (*equal contribution)
    • <IBM_Research_Blog_GNN_HRS>
  10. Discrete Adversarial Attacks and Submodular Optimization with Applications to Text Classification,” SysML 2019
  11. Query-Efficient Hard-label Black-box Attack: An Optimization-based Approach,” ICLR 2019
    • Minhao Cheng, Thong Le, Pin-Yu Chen, Jinfeng Yi, Huan Zhang, and Cho-Jui Hsieh
    • <Code>
  12. Structured Adversarial Attack: Towards General Implementation and Better Interpretability,” ICLR 2019
    • Kaidi Xu* Sijia Liu*, Pu Zhao, Pin-Yu Chen, Huan Zhang, Quanfu Fan, Deniz Erdogmus, Yanzhi Wang, Xue Lin (*equal contribution)
    • <StrAttack_code>
  13. Characterizing Audio Adversarial Examples Using Temporal Dependency,” ICLR 2019
  14. AutoZOOM: Autoencoder-based Zeroth Order Optimization Method for Attacking Black-box Neural Networks,” AAAI 2019 (oral presentation)
  15. Is Ordered Weighted $\ell_1$ Regularized Regression Robust to Adversarial Perturbation? A Case Study on OSCAR,” IEEE GlobalSIP 2018
    • Pin-Yu Chen*, Bhanukiran Vinzamuri*, and Sijia Liu (*equal contribution)
    • <poster>
  16. Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning,” ACL 2018
    • Hongge Chen*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, and Cho-Jui Hsieh (*equal contribution)
    • <ShowAndFool_code> <poster>
  17. EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples,” AAAI 2018
  18. ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models,” ACM CCS Workshop on AI-Security, 2017

-Robustness Evaluation & Verification

  1. Towards Verifying Robustness of Neural Networks Against A Family of Semantic Perturbations,” CVPR 2020 (oral presentation)
    • Jeet Mohapatra, Tsui-Wei (Lily) Weng, Pin-Yu Chen, Sijia Liu, and Luca Daniel
  2. Towards Certificated Model Robustness Against Weight Perturbations,” AAAI 2020
    • Tsui-Wei Weng*, Pu Zhao*, Sijia Liu, Pin-Yu Chen, Xue Lin, and Luca Daniel (*equal contribution)
    • <code> <poster>
  3. PROVEN: Certifying Robustness of Neural Networks with a Probabilistic Approach,” ICML 2019
    • Tsui-Wei Weng, Pin-Yu Chen, Lam M. Nguyen, Mark S. Squillante, Ivan Oseledets, Akhilan Boopathy, and Luca Daniel
    • <PROVEN_code> <slides>
  4. CNN-Cert: An Efficient Framework for Certifying Robustness of Convolutional Neural Networks,” AAAI 2019 (oral presentation)
  5. Efficient Neural Network Robustness Certification with General Activation Functions,” NeurIPS 2018
    • Huan Zhang*, Tsui-Wei Weng*, Pin-Yu Chen, Cho-Jui Hsieh, and Luca Daniel (*equal contribution)
    • <CROWN_code>
  6. Is Robustness the Cost of Accuracy? A Comprehensive Study on the Robustness of 18 Deep Image Classification Models,” ECCV 2018
    • Dong Su*, Huan Zhang*, Hongge Chen, Jinfeng Yi, Pin-Yu Chen, and Yupeng Gao (*equal contribution)
    • <code> <slides>
  7. Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach,” ICLR 2018

-Applications to Other Domains

  1. Transfer Learning without Knowing: Reprogramming Black-box Machine Learning Models with Scarce Data and Limited Resources,” ICML 2020
    • Yun-Yun Tsai, Pin-Yu Chen, and Tsung-Yi Ho

II. Cyber Security & Network Resilience

  1. Traffic-aware Patching for Cyber Security in Mobile IoT,” IEEE Communications Magazine, 2017
  2. Decapitation via Digital Epidemics: A Bio-Inspired Transmissive Attack,” IEEE Communications Magazine, 2016
    • Pin-Yu Chen, C.-C. Lin, S.-M. Cheng, C.-Y. Huang, and H.-C. Hsiao
  3. Multi-Centrality Graph Spectral Decompositions and Their Application to Cyber Intrusion Detection,” IEEE ICASSP, 2016
  4. Action Recommendation for Cyber Resilience,” ACM CCS Workshop, 2015
    • S. Choudhury, Pin-Yu Chen, L. Rodriguez, D. Curtis, P. Nordquist, I. Ray, K. Oler, and P. Nordquist,
    • <PNNL research highlight>
  5. Sequential Defense against Random and Intentional Attacks in Complex Networks”, Physical Review E, 2015
    • Pin-Yu Chen and S.-M. Cheng
  6. Assessing and Safeguarding Network Resilience to Centrality Attacks,” IEEE Communications Magazine, 2014
  7. Information Fusion to Defend Intentional Attack in Internet of Things,” IEEE Internet of Things Journal, 2014
    • Pin-Yu Chen, S.-M. Cheng, and K.-C. Chen
  8. Smart Attacks in Smart Grid Communication Networks,” IEEE Communications Magazine, 2012

III. Graph Learning and Network Data Analytics

  1. Fast Learning of Graph Neural Networks with Guaranteed Generalizability: One-hidden-layer Case,” ICML 2020
    • Shuai Zhang, Meng Wang, Sijia Liu, Pin-Yu Chen, and Jinjun Xiong,
  2. hpGAT: High-order Proximity Informed Graph Attention Network,” IEEE Access, 2019
    • Zhining Liu, Weiyi Liu, Pin-Yu Chen, Chenyi Zhuang, and Chengyun Song,
  3. Fast Incremental von Neumann Graph Entropy Computation: Theory, Algorithm, and Applications,” ICML 2019 (long oral presentation)
  4. Neural-Brane: Neural Bayesian Personalized Ranking for Attributed Network Embedding,” Data Science and Engineering & ASONAM, 2019
  5. Learning Graph Topological Features via GAN,” IEEE Access, 2019
    • Weiyi Liu, Hal Cooper, Min-Hwan Oh, Pin-Yu Chen, Sailung Yeung, Fucai Yu, Toyotaro Suzumura, Guangmin Hu
  6. Scalable Spectral Clustering Using Random Binning Features,” ACM KDD, 2018 (oral presentation)
  7. Phase Transitions and a Model Order Selection Criterion for Spectral Graph Clustering,” IEEE Transactions on Signal Processing, 2018
  8. On the Supermodularity of Active Graph-based Semi-Supervised Learning with Stieltjes Matrix Regularization,” IEEE ICASSP, 2018
    • Pin-Yu Chen* and Dennis Wei* (*equal contribution)
    • <poster>
  9. Revisiting Spectral Graph Clustering with Generative Community Models,” IEEE ICDM, 2017
  10. Multilayer Spectral Graph Clustering via Convex Layer Aggregation: Theory and Algorithms,” IEEE Transactions on Signal and Information Processing over Networks, 2017
    • Pin-Yu Chen and A. O. Hero
    • (awarded IEEE GlobalSIP Student Travel Grant) <slides> <MIMOSA_code>
  11. Bias-Variance Tradeoff of Graph Laplacian Regularizer,” IEEE Signal Processing Letters, 2017
    • Pin-Yu Chen and S. Liu
  12. Incremental Eigenpair Computation for Graph Laplacian Matrices: Theory and Applications,” Social Network Analysis and Mining, 2018
    • Pin-Yu Chen, B. Zhang, and M. Hasan
    • <slides> <poster> <video> (awarded ACM KDD Student Travel Award)
  13. When Crowdsourcing Meets Mobile Sensing: A Social Network Perspective,” IEEE Communications Magazine, 2015
    • Pin-Yu Chen, S.-M. Cheng, P.-S. Ting, C.-W. Lien, and F.-J Chu
  14. Deep Community Detection,” IEEE Transactions on Signal Processing, 2015
  15. Phase Transitions in Spectral Community Detection,” IEEE Transactions on Signal Processing, 2015
    • Pin-Yu Chen and A. O. Hero
  16. Universal Phase Transition in Community Detectability under a Stochastic Block Model,” Physical Review E, 2015
    • Pin-Yu Chen and A. O. Hero
  17. Local Fiedler Vector Centrality for Detection of Deep and Overlapping Communities in Networks,” IEEE ICASSP, 2014

IV. Event Propagation Models in Networks

  1. Identifying Influential Links for Event Propagation on Twitter: A Network of Networks Approach,” IEEE Transactions on Signal and Information Processing over Networks, 2018
    • Pin-Yu Chen, Chun-Chen Tu, Paishun Ting, Ya-Yun Luo, Danai Koutra, and Alfred Hero
  2. Analysis of Data Dissemination and Control in Social Internet of Vehicles,” IEEE Internet of Things Journal, 2018
    • Pin-Yu Chen, Shin-Ming Cheng and Meng-Hsuan Sung
  3. Analysis of Information Delivery Dynamics in Cognitive Sensor Networks Using Epidemic Models,” IEEE Internet of Things Journal, 2017
    • Pin-Yu Chen, S.-M. Cheng, and H.-Y. Hsu
  4. Optimal Control of Epidemic Information Dissemination over Networks,” IEEE Transactions on Cybernetics, 2014
    • Pin-Yu Chen, S.-M. Cheng, and K.-C. Chen
  5. On Modeling Malware Propagation in Generalized Social Networks,” IEEE Communications Letters, 2011
    • S.-M. Cheng, W. C. Ao, Pin-Yu Chen, and K.-C. Chen
  6. Information Epidemics in Complex Networks with Opportunistic Links and Dynamic Topology," IEEE GLOBECOM, 2010

V. Optimization for Machine Learning and Signal Processing

  1. A Primer on Zeroth-Order Optimization in Signal Processing and Machine Learning,” IEEE Signal Processing Magazine, 2020
    • Sijia Liu, Pin-Yu Chen, Bhavya Kailkhura, Gaoyuan Zhang, Alfred Hero, and Pramod K. Varshney
  2. SignSGD via Zeroth-Order Oracle,” ICLR 2019
    • Sijia Liu, Pin-Yu Chen, Xiangyi Chen, and Mingyi Hung
  3. Zeroth-Order Stochastic Variance Reduction for Nonconvex Optimization,” NeurIPS 2018
    • Sijia Liu, Bhavya Kailkhura, Pin-Yu Chen, Pai-Shun Ting, Shiyu Chang, and Lisa Amini
    • <poster>
  4. Accelerated Distributed Dual Averaging over Evolving Networks of Growing Connectivity,” IEEE Transactions on Signal Processing, 2018
    • Sijia Liu, Pin-Yu Chen, and Alfred Hero
  5. Zeroth-Order Online Alternating Direction Method of Multipliers: Convergence Analysis and Applications,” AISTATS 2018
    • Sijia Liu, Jie Chen, Pin-Yu Chen, and Alfred Hero
    • <poster>

VI. Interpretability, Explainability, Fairness and Causality for Machine Learning Models

  1. When Causal Intervention Meets Adversarial Perturbation and Image Masking for Deep Neural Networks,” IEEE ICIP 2019
    • Chao-Han Huck Yang*, Yi-Chieh Liu*, Pin-Yu Chen, Xiaoli Ma, Yi-Chang James Tsai (*equal contribution)
    • <Code>
  2. Explanations based on the Missing: Towards Contrastive Explanations with Pertinent Negatives,” NeurIPS 2018
  3. An Information-Theoretic Perspective on the Relationship Between Fairness and Accuracy,” ICML 2020
    • Sanghamitra Dutta, Dennis Wei, Hazar Yueksel, Pin-Yu Chen, Sijia Liu, and Kush R. Varshney


U.S. Patents

[PA1] System and Methods for Automated Detection, Reasoning, and Recommendations for Resilient Cyber Systems

[PA2] Graph Similarity Analytics

[PA3] Contrastive explanations for interpreting deep neural networks

[PA4] Model Agnostic Contrastive Explanations for Structured Data

Technical Reports

[T10] Rise Ooi, Chao-Han Huck Yang, Pin-Yu Chen, Vìctor Eguìluz, Narsis Kiani, Hector Zenil, David Gomez-Cabrero, Jesper Tegnèr, “Controllability, Multiplexing, and Transfer Learning in Networks using Evolutionary Learning

[T9] Sijia Liu, Pin-Yu Chen, Alfred Hero, and Indika Rajapakse, “Dynamic Network Analysis of the 4D Nucleome

[T8] Sheng-Chun Kao*, Chao-Han Huck Yang*, Pin-Yu Chen, Xiaoli Ma, and Tushar Krishna, “Reinforcement Learning based Interconnection Routing for Adaptive Traffic Optimization,” poster paper at IEEE/ACM International Symposium on Networks-on-Chip (NOCS), 2019 (*equal contribution)

[T7] Chia-Yi Hsu, Pin-Yu Chen, and Chia-Mu Yu, “Characterizing Adversarial Subspaces by Mutual Information,” poster paper at AsiaCCS, 2019

[T6] Pin-Yu Chen, Sutanay Choudhury, Luke Rodriguez, Alfred O. Hero, and Indrajit Ray, “Enterprise Cyber Resiliency Against Lateral Movement: A Graph Theoretic Approach,” technical report for a book chapter in “Industrial Control Systems Security and Resiliency: Practice and Theory,” Springer, 2019

[T5] Sijia Liu and Pin-Yu Chen, “Zeroth-Order Optimization and Its Application to Adversarial Machine Learning,” IEEE Intelligent Informatics BULLETIN (invited paper)

[T4] Hongge Chen, Huan Zhang, Pin-Yu Chen, Jinfeng Yi, Cho-Jui Hsieh, “Show-and-Fool: Crafting Adversarial Examples for Neural Image Captioning

[T3] Yash Sharma and Pin-Yu Chen, “Bypassing Feature Squeezing by Increasing Adversary Strength

[T2] Zhuolin Yang, Bo Li, Pin-Yu Chen, Dawn Song, “Towards Mitigating Audio Adversarial Perturbations

[T1] Pin-Yu Chen, Meng-Hsuan Sung, and Shin-Ming Cheng, “Buffer Occupancy and Delivery Reliability Tradeoffs for Epidemic Routing


  • Pacific Northwest National Laboratory (PNNL) - Data Science PhD Intern
    • action recommendations for real-time service degradation attacks
    • user segmentation and host hardening against lateral movement attacks

Fun and Proud Fact: My Erdos number is 4 (through two distinct paths)!!

  1. Me -> Alfred Hero -> Wayne Stark -> Robert McEliece -> Paul Erdos
  2. Me -> Pai-Shun Ting -> John. P. Hayes -> Frank Harary -> Paul Erdos