Proceedings of the International Conference on Intelligent Systems for a Sustainable Future (ISSF 2026)

<Previous Article In Volume
Next Article In Volume>

Analyzing Cyber Threat Reports To Find ATT & CK Patterns Using LLMs

Authors
G. Dileep Kumar1, *, K. Sathwik1, D. Sudha1
1Department of Computer Science and Engineering, Sathyabama Institute of Science and Technology, Chennai, India
*Corresponding author. Email: Dileepkumargedela5@gmail.com
Corresponding Author
G. Dileep Kumar
Available Online 16 June 2026.
DOI
10.2991/978-94-6239-693-7_96How to use a DOI?
Keywords
Attack Mapping; Cyber threat Intelligence; FastAPI; LLMs; MITRE ATT&CK; Threat Reports
Abstract

Cyber threat reports are widely used in security investigations to understand how attacks are executed and how systems are compromised. These reports usually contain detailed descriptions of attacker behavior, but the information is presented in narrative form rather than structured according to standard security frameworks. As a result, mapping such reports to the MITRE ATT&CK framework requires manual effort from analysts.

This paper presents a system that assists in analyzing cyber threat reports by automatically identifying relevant MITRE ATT&CK techniques. The proposed system processes textual reports, extracts meaningful sentences, and compares them with predefined technique descriptions using contextual similarity measures. Instead of depending only on direct keyword matches, the system evaluates semantic similarity between report content and ATT&CK technique definitions. Identified techniques are grouped under their respective tactics and assigned risk scores based on frequency and confidence levels.

The system is implemented using a Python-based backend for processing and a web-based dashboard for visualization. Experimental evaluation shows that contextual comparison improves identification of indirectly described attack techniques. The proposed approach aims to support analysts by organizing unstructured threat intelligence into structured and interpretable outputs aligned with the MITRE ATT&CK framework.

Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the International Conference on Intelligent Systems for a Sustainable Future (ISSF 2026)
Series
Atlantis Highlights in Intelligent Systems
Publication Date
16 June 2026
ISBN
978-94-6239-693-7
ISSN
2589-4919
DOI
10.2991/978-94-6239-693-7_96How to use a DOI?
Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - G. Dileep Kumar
AU  - K. Sathwik
AU  - D. Sudha
PY  - 2026
DA  - 2026/06/16
TI  - Analyzing Cyber Threat Reports To Find ATT & CK Patterns Using LLMs
BT  - Proceedings of the International Conference on Intelligent Systems for a Sustainable Future (ISSF 2026)
PB  - Atlantis Press
SP  - 993
EP  - 1000
SN  - 2589-4919
UR  - https://doi.org/10.2991/978-94-6239-693-7_96
DO  - 10.2991/978-94-6239-693-7_96
ID  - Kumar2026
ER  -