Xiaokui Shu is a Research Staff Member at the IBM T. J. Watson Research Center and a member of the ACM Future of Computing Academy. Starting from designing penetration tests and providing risk assessments at college, Dr. Shu has been researching in cybersecurity to identify, formalize, and develop creative solutions to cutting-edge security and privacy problems. Communications of the ACM featured his anomaly detection approach in 2016; the IEEE Signal Processing Society identified his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlighted his vision on composable graph-based cyber reasoning in 2018. In the past years, Dr. Shu led the technical aspect of the MARPLE team — IBM and our university partners — in the DARPA Transparent Computing program achieving the best detection team four years in a row. Before joining IBM, Dr. Shu received his Ph.D. degree in computer science at Virginia Tech with Outstanding Ph.D. Student Award and obtained his bachelor's degree from the University of Science and Technology of China (USTC) with Guo Moruo Scholarship (prestigious honored graduates).
Dr. Shu led the design and development of Threat Intelligence Computing, a novel cybersecurity reasoning paradigm to perform composable security knowledge codification, sharing, and execution over connected big security data for threat discovery and security reasoning. In his blog Threat Intelligence Computing for Efficient Cyber Threat Hunting, Dr. Shu explained the cyber challenge of speed and agility faced by modern enterprises and shedded light on the new security paradigm with graph computation and agile development. His paper Threat Intelligence Computing with elaborated design and comprehensive evaluation was published at ACM CCS'18 and highlighted in the ACM press release: Leading Cybersecurity Conference Plans Blockbuster Program for 25th Anniversary.
Research interests: cyber reasoning, knowledge discovery, explainable AI, programming language, anomaly detection, data leak detection, user behavior analytics, program analysis.