ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs

Yannick  Krijnen; Stefano Simonetto; Ronan Oostveen; Peter Bosch; Willem Jonker

doi:10.1145/3733800.3763265

ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs

Yannick Krijnen
, Stefano Simonetto
, Ronan Oostveen
, Peter Bosch
, Willem Jonker

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Downloads (Pure)

Abstract

Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it.
While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical,
end-to-end integration of both static and dynamic mappings across the threat intelligence landscape.
To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.

Original language	English
Title of host publication	2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis
Editors	Kwok-Yan Lam, Xiaoning Liu, Derui Wang, Ruoxi Sun, Bo Li, Wenyuan Xu, Jieshan Chen, Jason Xue, Shuo Wang, Guangdong Bai, Xingliang Yuan
Place of Publication	New York
Publisher	Association for Computing Machinery (ACM)
Pages	58-67
Number of pages	10
ISBN (Electronic)	979-8-4007-1896-0
DOIs	https://doi.org/10.1145/3733800.3763265
Publication status	Published - Dec 2025
Event	2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025 - Taipei, Taiwan Duration: 13 Oct 2025 → 13 Oct 2025 Conference number: 2

Workshop

Workshop	2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025
Abbreviated title	LAMPS 2025
Country/Territory	Taiwan
City	Taipei
Period	13/10/25 → 13/10/25

Keywords

misconfiguration
mapping
CVE
CWE
CAPEC
ATT&CK
MITRE

Access to Document

10.1145/3733800.3763265Licence: CC BY

Conference paperFinal published version, 1.23 MBLicence: CC BY

Cite this

Krijnen, Y., Simonetto, S., Oostveen, R., Bosch, P., & Jonker, W. (2025). ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs. In K.-Y. Lam, X. Liu, D. Wang, R. Sun, B. Li, W. Xu, J. Chen, J. Xue, S. Wang, G. Bai, & X. Yuan (Eds.), 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis (pp. 58-67). Association for Computing Machinery (ACM). https://doi.org/10.1145/3733800.3763265

Krijnen, Yannick ; Simonetto, Stefano ; Oostveen, Ronan et al. / ThreatCompass : A Tool For Identifying and Mapping Security Issues to TTPs. 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis. editor / Kwok-Yan Lam ; Xiaoning Liu ; Derui Wang ; Ruoxi Sun ; Bo Li ; Wenyuan Xu ; Jieshan Chen ; Jason Xue ; Shuo Wang ; Guangdong Bai ; Xingliang Yuan. New York : Association for Computing Machinery (ACM), 2025. pp. 58-67

@inproceedings{89e9280c92d54e8090236874ef75870c,

title = "ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs",

abstract = "Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it. While frameworks like MITRE ATT\&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical, end-to-end integration of both static and dynamic mappings across the threat intelligence landscape. To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.",

keywords = "misconfiguration, mapping, CVE, CWE, CAPEC, ATT\&CK, MITRE",

author = "Yannick Krijnen and Stefano Simonetto and Ronan Oostveen and Peter Bosch and Willem Jonker",

note = "{\textcopyright} 2025 Copyright held by the owner/author(s).; 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025, LAMPS 2025 ; Conference date: 13-10-2025 Through 13-10-2025",

year = "2025",

month = dec,

doi = "10.1145/3733800.3763265",

language = "English",

pages = "58--67",

editor = "Kwok-Yan Lam and Xiaoning Liu and Derui Wang and Ruoxi Sun and Bo Li and Wenyuan Xu and Jieshan Chen and Jason Xue and Shuo Wang and Guangdong Bai and Xingliang Yuan",

booktitle = "2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

}

Krijnen, Y, Simonetto, S, Oostveen, R, Bosch, P & Jonker, W 2025, ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs. in K-Y Lam, X Liu, D Wang, R Sun, B Li, W Xu, J Chen, J Xue, S Wang, G Bai & X Yuan (eds), 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis. Association for Computing Machinery (ACM), New York, pp. 58-67, 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025, Taipei, Taiwan, 13/10/25. https://doi.org/10.1145/3733800.3763265

ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs. / Krijnen, Yannick; Simonetto, Stefano; Oostveen, Ronan et al.
2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis. ed. / Kwok-Yan Lam; Xiaoning Liu; Derui Wang; Ruoxi Sun; Bo Li; Wenyuan Xu; Jieshan Chen; Jason Xue; Shuo Wang; Guangdong Bai; Xingliang Yuan. New York: Association for Computing Machinery (ACM), 2025. p. 58-67.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ThreatCompass

T2 - 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis, LAMPS 2025

AU - Krijnen, Yannick

AU - Simonetto, Stefano

AU - Oostveen, Ronan

AU - Bosch, Peter

AU - Jonker, Willem

N1 - Conference code: 2

PY - 2025/12

Y1 - 2025/12

N2 - Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it. While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical, end-to-end integration of both static and dynamic mappings across the threat intelligence landscape. To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.

AB - Understanding the potential impact of a vulnerability requires more than simply identifying the issue; it involves determining what an adversary could realistically achieve by exploiting it. While frameworks like MITRE ATT&CK formalize adversary tactics, techniques, and procedures (TTPs), connecting concrete security issues to actionable TTPs remains limited. Existing approaches offer only partial solutions: some rely exclusively on static relations, while others are restricted to isolated mappings between frameworks (e.g., CVE → CWE). However, none provide a practical, end-to-end integration of both static and dynamic mappings across the threat intelligence landscape. To address this gap, we introduce ThreatCompass: the first open-source system that automatically identifies security issues, maps them to relevant TTPs using a combination of static knowledge and machine learning techniques, and visualizes the resulting attack graph to support security analysts in actionable decision-making.

KW - misconfiguration

KW - mapping

KW - CVE

KW - CWE

KW - CAPEC

KW - ATT&CK

KW - MITRE

UR - https://www.scopus.com/pages/publications/105024907482

U2 - 10.1145/3733800.3763265

DO - 10.1145/3733800.3763265

M3 - Conference contribution

SP - 58

EP - 67

BT - 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis

A2 - Lam, Kwok-Yan

A2 - Liu, Xiaoning

A2 - Wang, Derui

A2 - Sun, Ruoxi

A2 - Li, Bo

A2 - Xu, Wenyuan

A2 - Chen, Jieshan

A2 - Xue, Jason

A2 - Wang, Shuo

A2 - Bai, Guangdong

A2 - Yuan, Xingliang

PB - Association for Computing Machinery (ACM)

CY - New York

Y2 - 13 October 2025 through 13 October 2025

ER -

Krijnen Y, Simonetto S, Oostveen R, Bosch P, Jonker W. ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs. In Lam KY, Liu X, Wang D, Sun R, Li B, Xu W, Chen J, Xue J, Wang S, Bai G, Yuan X, editors, 2nd ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis. New York: Association for Computing Machinery (ACM). 2025. p. 58-67 Epub 2025 Oct 13. doi: 10.1145/3733800.3763265

ThreatCompass: A Tool For Identifying and Mapping Security Issues to TTPs

Abstract

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Cite this