Xiaokui Shu  Xiaokui Shu photo         

contact information

Research Staff Member
T. J. Watson Research Center, Yorktown Heights, NY USA


Professional Associations

Professional Associations:  ACM

more information

More information:  LinkedIn  |  GitHub  |  Google Scholar


Dr. Xiaokui Shu is a Research Staff Member at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance (OCA). He studies the future of cyber defense as discussed in his interview with ACM: The Pursuit of Speed in Cybersecurity. Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering novel cyber defense mechanisms and paradigms to IBM Security and the community.

Dr. Shu is a founder of project Kestrel, aiming to speed up cyber threat hunting and advanced persistent threat (APT) discovery with systematic knowledge composition and reuse.

Try Kestrel in a Cloud Sandbox

From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu speaks at major security conferences including RSA, SANS, BlackHat, and ACSAC, and he serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA.

Research interests: big data security, graph analytics, threat hunting, explainable AI, anomaly detection, graph neural networks, behavior analysis, purple team.