Xiaokui Shu

Dr. Xiaokui Shu is a Senior Research Scientist at IBM Research and the Chair of Technical Steering Committee at Open Cybersecurity Alliance. He is inventing the future of cyber defense as interviewed with ACM (The Pursuit of Speed in Cybersecurity) and talked at ACSAC (Unleashing Cyber Reasoning). Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering AI-enabled cyber defense solutions to IBM and the community. He is the co-founder of project Kestrel, building composable and reusable cyber threat hunts for unleashed productivity and fun.

Kestrel Blue Team Lab | Black Hat 2022 Session Recording

From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu is an active speaker at major security conferences such as RSA, BlackHat, and SANS. He serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA, and he is the Technical Editor for the book Cyber Threat Hunting.

Research interests: big data security, graph analytics, threat management, foundation models, graph neural networks, purple team.

News:

• Paper accepted at IEEE S&P 2024: Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security Analytics
• Generally availability: OpenC2 Actuator Profile for Threat Hunting
• Tech blog published: Kestrel Data Retrieval Explained
• Black Hat USA 2022: Streamlining and Automating Threat Hunting With Kestrel
• Introducing Kestrel cloud sandbox: Try Kestrel in a Cloud Sandbox
• Kestrel demo and discussion at Cybersecurity Automation Workshop 2022
• Interview on Kestrel at SC eSummit on Threat Hunting & Offense Security
• Talk at IBM Digital Developer Conference: Cloud Security: Kestrel Threat Hunting Language
• Live APT hunting demo at Infosec Jupyterthon 2021: Reason Cyber Campaigns With Kestrel
• BHEU'21: An Open Stack for Threat Hunting in Hybrid Cloud With Connected Observability
• Talk at SANS Security Summit: Compose Your Hunts With Reusable Knowledge and Share
• Kestrel enabled systematic threat hunting experience in IBM Cloud Pak for Security
• Research blog published: The thrill of cyber threat hunting with Kestrel Threat Hunting Language
• RSA Conference 2021: The Game of Cyber Threat Hunting: The Return of the Fun
• Interview with ACM about the future of cyber defense: The Pursuit of Speed in Cybersecurity
• Talk at ACSAC '20: DARPA Transparent Computing Threat Hunting Retrospective
• Webinar at IEEE Signal Processing Society: Fast Detection of Transformed Data Leaks
• Book published: Anomaly Detection as a Service: Challenges, Advances, and Opportunities