Xiaokui Shu  Xiaokui Shu photo         

contact information

Research Staff Member
T. J. Watson Research Center, Yorktown Heights, NY USA


Professional Associations

Professional Associations:  ACM

more information

More information:  LinkedIn  |  GitHub  |  Google Scholar


Xiaokui Shu is a Research Staff Member at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance. Dr. Shu leads the cyber reasoning initiative at IBM Research including projects Kestrel, τ-calculus, and GNN-based graph reasoning. He is an advocate of open security and believes knowledge composition, reuse, and sharing is the key to reactive and proactive security with zero trust, as he explained in his interview with ACM: The Pursuit of Speed in Cybersecurity and his ACSAC talk: DARPA Transparent Computing Threat Hunting Retrospective.

From creating penetration tests in college to inventing the Threat Intelligence Computing paradigm and leading the design of the MARPLE platform in the DARPA Transparent Computing program, Dr. Shu has been studying different stages of modern threats, their stealthy aspects shared with benign activities, and their overall lifecycles and intents. He won the first prize in Virginia Tech Inaugural Cyber Security Summit Competition in 2011; Communications of the ACM featured his anomaly detection approach in 2016; the IEEE Signal Processing Society identified his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlighted his vision on composable graph-based cyber reasoning in the ACM press release. In 2021, with the open sourcing of Kestrel and talks at RSA Conference, SANS Threat Hunting Summit, and Black Hat Europe, Dr. Shu is working with researchers, engineers, and security professionals to advance cybersecurity in theory and in reality.

Research interests: cyber reasoning, knowledge discovery, explainable AI, programming language, anomaly detection, data leak detection, user behavior analytics, program analysis.