RAPID: Real-Time Alert Investigation with Context-aware Prioritization for Efficient Threat Discovery
- ACSAC 2022
Dr. Xiaokui Shu is a Senior Research Scientist at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance (OCA). He studies the future of cyber defense as discussed in his interview with ACM: The Pursuit of Speed in Cybersecurity. Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering novel cyber defense mechanisms to IBM and the community. He is a founder of project Kestrel, aiming to speed up cyber threat hunting and advanced persistent threat (APT) discovery with systematic knowledge composition and reuse.
Kestrel Blue Team Lab at Black Hat | Session Recording
From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu is an active speaker at major security conferences such as RSA, BlackHat, and SANS. He serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA, and he is the Technical Editor for the book Cyber Threat Hunting.
Research interests: big data security, graph analytics, threat hunting, explainable AI, anomaly detection, graph neural networks, behavior analysis, purple team.