Abstract
Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it.
While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical,
end-to-end integration of both static and dynamic mappings across the threat intelligence landscape.
To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.
While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical,
end-to-end integration of both static and dynamic mappings across the threat intelligence landscape.
To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.
| Original language | English |
|---|---|
| Title of host publication | 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis |
| Editors | Kwok-Yan Lam, Xiaoning Liu, Derui Wang, Ruoxi Sun, Bo Li, Wenyuan Xu, Jieshan Chen, Jason Xue, Shuo Wang, Guangdong Bai, Xingliang Yuan |
| Pages | 58-67 |
| Number of pages | 10 |
| ISBN (Electronic) | 979-8-4007-1896-0 |
| DOIs | |
| Publication status | Published - Dec 2025 |
| Event | 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025 - Taipei, Taiwan Duration: 13 Oct 2025 → 13 Oct 2025 Conference number: 2 |
Workshop
| Workshop | 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025 |
|---|---|
| Abbreviated title | LAMPS 2025 |
| Country/Territory | Taiwan |
| City | Taipei |
| Period | 13/10/25 → 13/10/25 |