Xiaokui Shu is a Research Staff Member at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance. Dr. Shu leads the cyber reasoning initiative at IBM Research including projects Kestrel, τ-calculus, and GNN-based graph reasoning. He is an advocate of open security and believes knowledge composition, reuse, and sharing is the key to reactive and proactive security with zero trust, as he explained in his interview with ACM: The Pursuit of Speed in Cybersecurity and his ACSAC talk: DARPA Transparent Computing Threat Hunting Retrospective.
From creating penetration tests in college to inventing the Threat Intelligence Computing paradigm and leading the design of the MARPLE platform in the DARPA Transparent Computing program, Dr. Shu has been studying different stages of modern threats, their stealthy aspects shared with benign activities, and their overall lifecycles and intents. He won the first prize in Virginia Tech Inaugural Cyber Security Summit Competition in 2011; Communications of the ACM featured his anomaly detection approach in 2016; the IEEE Signal Processing Society identified his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlighted his vision on composable graph-based cyber reasoning in the ACM press release. In 2021, with the open sourcing of Kestrel and talks at RSA Conference, SANS Threat Hunting Summit, and Black Hat Europe, Dr. Shu is working with researchers, engineers, and security professionals to advance cybersecurity in theory and in reality.
Research interests: cyber reasoning, knowledge discovery, explainable AI, programming language, anomaly detection, data leak detection, user behavior analytics, program analysis.
- [Upcoming] Interview on Kestrel at SC Media eSummit on Threat Hunting & Offense Security
- Talk at IBM Digital Developer Conference: Cloud Security: Kestrel Threat Hunting Language
- Live APT hunting demo at Infosec Jupyterthon 2021: Reason Cyber Campaigns With Kestrel
- Talk at Black Hat Europe 2021: An Open Stack for Threat Hunting in Hybrid Cloud With Connected Observability
- Talk at SANS Security Summit: Compose Your Hunts With Reusable Knowledge and Share Your Huntbook With the Community
- Kestrel enabled systematic threat hunting experience in IBM Cloud Pak for Security
- Research blog published: The thrill of cyber threat hunting with Kestrel Threat Hunting Language
- Kestrel announced with demo at RSA Conference 2021: The Game of Cyber Threat Hunting: The Return of the Fun
- Interview with ACM about the future of cyber defense: The Pursuit of Speed in Cybersecurity
- Talk at ACSAC '20: Unleashing Cyber Reasoning: DARPA Transparent Computing Threat Hunting Retrospective
- Paper published at IEEE Big Data 2020: Towards an Open Format for Scalable System Telemetry
- Paper published at DSN 2020: Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic
- Webinar at IEEE Signal Processing Society: Fast Detection of Transformed Data Leaks
- Research blog published: Unleashing Cyber Reasoning Potential in The Era of AI Security
- Paper published at ACM CCS 2018: Threat Intelligence Computing
- Research blog published: Threat Intelligence Computing for Efficient Cyber Threat Hunting
- Book published: Anomaly Detection as a Service: Challenges, Advances, and Opportunities