Xiaokui Shu

Dr. Xiaokui Shu is a Senior Research Scientist at IBM Research and the Technical Steering Committee Chair of Open Cybersecurity Alliance. He studies the future of cyber defense as discussed in his interview with ACM (The Pursuit of Speed in Cybersecurity) and invited talk at ACSAC (Unleashing Cyber Reasoning). Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering novel cyber defense mechanisms to IBM and the community. He is a founder of project Kestrel, aiming to speed up cyber threat hunting and advanced persistent threat (APT) discovery with systematic knowledge composition and reuse.

Kestrel Blue Team Lab | Black Hat 2022 Session Recording

From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu is an active speaker at major security conferences such as RSA, BlackHat, and SANS. He serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA, and he is the Technical Editor for the book Cyber Threat Hunting.

Research interests: big data security, graph analytics, threat hunting, foundation models, graph neural networks, purple team.

News:

• Paper accepted at IEEE S&P 2024: Understanding and Bridging the Gap Between Unsupervised Network Representation Learning and Security Analytics
• Paper accepted at RAID 2023: EdgeTorrent: Real-time Temporal Graph Representations for Intrusion Detection
• Tech blog published: Kestrel Data Retrieval Explained
• Paper published at ACSAC 2022: RAPID: Real-Time Alert Investigation with Context-aware Prioritization for Efficient Threat Discovery
• Black Hat USA 2022: Streamlining and Automating Threat Hunting With Kestrel
• Introducing Kestrel cloud sandbox: Try Kestrel in a Cloud Sandbox
• Kestrel demo and discussion at Cybersecurity Automation Workshop 2022
• Interview on Kestrel at SC eSummit on Threat Hunting & Offense Security
• Talk at IBM Digital Developer Conference: Cloud Security: Kestrel Threat Hunting Language
• Live APT hunting demo at Infosec Jupyterthon 2021: Reason Cyber Campaigns With Kestrel
• BHEU'21: An Open Stack for Threat Hunting in Hybrid Cloud With Connected Observability
• Talk at SANS Security Summit: Compose Your Hunts With Reusable Knowledge and Share
• Kestrel enabled systematic threat hunting experience in IBM Cloud Pak for Security
• Research blog published: The thrill of cyber threat hunting with Kestrel Threat Hunting Language
• RSA Conference 2021: The Game of Cyber Threat Hunting: The Return of the Fun
• Interview with ACM about the future of cyber defense: The Pursuit of Speed in Cybersecurity
• Talk at ACSAC '20: DARPA Transparent Computing Threat Hunting Retrospective
• Paper published at IEEE Big Data 2020: Towards an Open Format for Scalable System Telemetry
• Paper published at DSN 2020: Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic
• Webinar at IEEE Signal Processing Society: Fast Detection of Transformed Data Leaks
• Paper published at ACM CCS 2018: Threat Intelligence Computing
• Book published: Anomaly Detection as a Service: Challenges, Advances, and Opportunities