@inproceedings{shu:2018:tic,
    author = {Shu, Xiaokui and Araujo, Frederico and Schales, Douglas L. and Stoecklin, Marc Ph. and Jang, Jiyong and Huang, Heqing and Rao, Josyula R.},
    title = {Threat Intelligence Computing},
    booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
    month = {October},
    year = {2018},
    pages = {1883--1898},
    numpages = {16},
    publisher = {ACM},
    address = {New York, NY, USA},
    location = {Toronto, Canada},
}

@article{yao:book:2017:adas,
    author = {Yao, Danfeng (Daphne) and Shu, Xiaokui and Cheng, Long and Stolfo, Salvatore J.},
    title = {Anomaly Detection as a Service: Challenges, Advances, and Opportunities},
    journal = {Synthesis Lectures on Information Security, Privacy, and Trust},
    year = {2017},
    volume = {9},
    number = {3},
    pages = {1-173},
    publisher = {Morgan \& Claypool Publishers},
    address = {Williston, VT, USA},
}

@article{shu:tops:2017:lad,
    author = {Shu, Xiaokui and Yao, Danfeng (Daphne) and Ramakrishnan, Naren and Jaeger, Trent},
    title = {Long-Span Program Behavior Modeling and Attack Detection},
    journal = {ACM Transactions on Privacy and Security (TOPS)},
    volume = {20},
    number = {4},
    month = {September},
    year = {2017},
    pages = {12:1--12:28},
    publisher = {ACM},
    address = {New York, NY, USA},
}

@inproceedings{shu:2016:pad,
    author = {Shu, Xiaokui and Yao, Danfeng},
    title = {Program Anomaly Detection: Methodology and Practices},
    booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
    month = {October},
    year = {2016},
    pages = {1853--1854},
    numpages = {2},
    publisher = {ACM},
    address = {New York, NY, USA},
    location = {Vienna, Austria},
}

@inproceedings{shu:edbt:2016:dect,
    author = {Xiaokui Shu and Nikolay Laptev and Danfeng Yao},
    title = {{DECT}: Distributed Evolving Context Tree for Mining Web Behavior Evolution},
    booktitle = {Proceedings of the 19th International Conference on Extending Database Technology (EDBT)},
    month = {March},
    year = {2016},
    pages = {573--579},
    publisher = {OpenProceedings.org},
    address = {Konstanz, Germany},
    location = {Bordeaux, France},
}

@article{shu:tifs:2016:aligndld,
    title = {Fast Detection of Transformed Data Leaks},
    author = {Xiaokui Shu and Jing Zhang and Danfeng Yao and Wu{-}chun Feng},
    journal = {IEEE Transactions on Information Forensics and Security (TIFS)},
    volume = {11},
    number = {3},
    pages = {528--542},
    month = {March},
    year = {2016},
}

@incollection{shu:bookchapter:2016:bigdata,
    author = {Xiaokui Shu and Fang Liu and Danfeng Yao},
    title = {Rapid Screening of Big Data Against Inadvertent Leaks},
    month = {March},
    year =  {2016},
    pages = {193--235},
    editor = {Shui Yu and Song Guo},
    booktitle = {Big Data Concepts, Theories and Applications},
    publisher = {Springer International Publishing},
    address = {Switzerland},
}

@inproceedings{shu:aaai:2016:dect:ea,
    author = {Xiaokui Shu and Nikolay Laptev and Danfeng Yao},
    title = {{DECT}: Distributed Evolving Context Tree for Understanding User Behavior Pattern Evolution},
    booktitle = {Proceedings of the 30th AAAI Conference on Artificial Intelligence (AAAI)},
    month = {February},
    year = {2016},
    pages = {4395--4396},
    publisher = {AAAI Press},
    address = {Palo Alto, CA, USA},
    location = {Phoenix, AZ, USA},
    note = {Extended abstract},
}

@inproceedings{shu:raid:2015:padmodel,
    title = {A Formal Framework for Program Anomaly Detection},
    author = {Xiaokui Shu and Danfeng Yao and Barbara G. Ryder},
    booktitle = {Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)},
    month = {November},
    year = {2015},
    pages = {270--292},
    publisher = {Springer},
    address = {Hamburg, Germany},
    location = {Kyoto, Japan},
}

@inproceedings{shu:ccs:2015:elep,
    title = {Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths},
    author = {Xiaokui Shu and Danfeng Yao and Naren Ramakrishnan},
    booktitle = {Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS)},
    month = {October},
    year = {2015},
    pages = {401--413},
    publisher = {ACM},
    address = {New York, NY, USA},
    location = {Denver, CO, USA},
}

@article{shu:tifs:2015:ppdld,
    title = {Privacy-Preserving Detection of Sensitive Data Exposure},
    author = {Xiaokui Shu and Danfeng Yao and Elisa Bertino},
    journal = {IEEE Transactions on Information Forensics and Security (TIFS)},
    volume = {10},
    number = {5},
    pages = {1092--1103},
    month = {May},
    year = {2015},
}

@inproceedings{shu:bs:2015:aligndld,
    author = {Xiaokui Shu and Jing Zhang and Danfeng Yao and Wu{-}chun Feng},
    title = {Rapid and Parallel Content Screening for Detecting Transformed Data Exposure},
    booktitle = {Proceedings of the Third International Workshop on Security and Privacy in Big Data (BigSecurity)},
    month = {April},
    year = {2015},
    pages = {191--196},
    publisher = {IEEE},
    address = {Washington, DC, USA},
    location = {Hongkong, China},
}

@article{elish:cs:2015:profileandroid,
    title = {Profiling user-trigger dependence for Android malware detection},
    author = {Karim O. Elish and Xiaokui Shu and Danfeng Yao and Barbara G. Ryder and Xuxian Jiang},
    journal = {Computers \& Security},
    volume = {49},
    pages = {255--273},
    month = {March},
    year = {2015},
}

@inproceedings{shu:codaspy:2015:aligndld:ea,
    author = {Xiaokui Shu and Jing Zhang and Danfeng Yao and Wu{-}chun Feng},
    title = {Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing},
    booktitle = {Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY)},
    month = {March},
    year = {2015},
    pages = {147--149},
    publisher = {ACM},
    address = {New York, NY, USA},
    location = {San Antonio, TX, USA},
    note = {Extended abstract},
}

@inproceedings{fang:codaspy:2015:mrdld,
    author = {Fang Liu and Xiaokui Shu and Danfeng Yao and Ali Raza Butt},
    title = {Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with {MapReduce}},
    booktitle = {Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (CODASPY)},
    month = {March},
    year = {2015},
    pages = {195--206},
    publisher = {ACM},
    address = {New York, NY, USA},
    location = {San Antonio, TX, USA},
}

@inproceedings{shu:bs:2013:loganalysis,
    author = {Xiaokui Shu and John Smiy and Danfeng Yao and Heshan Lin},
    title = {Massive Distributed and Parallel Log Analysis For Organizational Security},
    booktitle = {Proceedings of the First International Workshop on Security and Privacy in Big Data (BigSecurity)},
    month = {December},
    year = {2013},
    pages = {194--199},
    publisher = {IEEE},
    address = {Washington, DC, USA},
    location = {Atlanta, GA, USA},
}

@inproceedings{shu:securemomm:2012:ppdld,
    author = {Xiaokui Shu and Danfeng Yao},
    title = {Data Leak Detection as a Service},
    booktitle = {Proceedings of the 8th International Conference on Security and Privacy in Communication Networks (SecureComm)},
    pages = {222--240},
    month = {September},
    year = {2012},
    publisher = {Springer},
    address = {Hamburg, Germany},
    location = {Padua, Italy},
}

@article{stefan:cs:2012:keystroke,
    title = {Robustness of keystroke-dynamics based biometrics against synthetic forgeries},
    author = {Deian Stefan and Xiaokui Shu and Danfeng Yao},
    journal = {Computers \& Security},
    volume = {31},
    number = {1},
    pages = {109--121},
    month = {February},
    year = {2012},
}