Xiaokui Shu           

Dr. Xiaokui Shu is a Research Staff Member at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance (OCA). He studies the future of cyber defense as discussed in his interview with ACM: The Pursuit of Speed in Cybersecurity. Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering novel cyber defense mechanisms and paradigms to IBM Security and the community.

Dr. Shu is a founder of project Kestrel, aiming to speed up cyber threat hunting and advanced persistent threat (APT) discovery with systematic knowledge composition and reuse.

Try Kestrel in a Cloud Sandbox

From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu speaks at major security conferences including RSA, SANS, BlackHat, and ACSAC, and he serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA.

Research interests: big data security, graph analytics, threat hunting, explainable AI, anomaly detection, graph neural networks, behavior analysis, purple team.

News:

• [Upcoming] Arsenal session at Black Hat USA 2022: Streamlining and Automating Threat Hunting With Kestrel
• Kestrel demo and discussion at Cybersecurity Automation Workshop 2022
• Interview on Kestrel at SC eSummit on Threat Hunting & Offense Security (free to register/playback)
• Talk at IBM Digital Developer Conference: Cloud Security: Kestrel Threat Hunting Language
• Live APT hunting demo at Infosec Jupyterthon 2021: Reason Cyber Campaigns With Kestrel
• Arsenal session at Black Hat Europe 2021: An Open Stack for Threat Hunting in Hybrid Cloud With Connected Observability
• Talk at SANS Security Summit: Compose Your Hunts With Reusable Knowledge and Share Your Huntbook With the Community
• Kestrel enabled systematic threat hunting experience in IBM Cloud Pak for Security
• Research blog published: The thrill of cyber threat hunting with Kestrel Threat Hunting Language
• Kestrel announced with demo at RSA Conference 2021: The Game of Cyber Threat Hunting: The Return of the Fun
• Interview with ACM about the future of cyber defense: The Pursuit of Speed in Cybersecurity
• Talk at ACSAC '20: Unleashing Cyber Reasoning: DARPA Transparent Computing Threat Hunting Retrospective
• Paper published at IEEE Big Data 2020: Towards an Open Format for Scalable System Telemetry
• Paper published at DSN 2020: Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic
• Webinar at IEEE Signal Processing Society: Fast Detection of Transformed Data Leaks
• Research blog published: Unleashing Cyber Reasoning Potential in The Era of AI Security
• Paper published at ACM CCS 2018: Threat Intelligence Computing
• Research blog published: Threat Intelligence Computing for Efficient Cyber Threat Hunting
• Book published: Anomaly Detection as a Service: Challenges, Advances, and Opportunities