Preprint
POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment
ArXiv.org
Cornell University
10/02/2025
DOI: 10.48550/arxiv.2510.01552
Abstract
The rapid expansion of the cyber threat landscape, with over 11,000 new vulnerabilities reported in 2024 alone, has intensified the need for effective threat prioritization. Existing approaches, from rule-based systems to machine learning models, struggle with scalability, distribution shift, and context-independent scoring, often mis-ranking threats in dynamic exploitation environments. In this work, we present POLAR, an LLM-based framework that automates cyber threat prioritization across four sequential stages: Triage, Static Analysis, Exploitation Analysis, and Mitigation Recommendation. POLAR leverages LLM reasoning to transform unstructured threat intelligence into structured severity metrics, forecast exploitation likelihood using temporal narratives, and generate prioritized mitigation strategies. Through extensive evaluations, we highlight that POLAR not only improves prioritization accuracy for various cyber threats in the wild but also provides instructive outputs that assist analyst decision-making, which bridges the gap between automated threat hunting and real-world security practices.
Details
- Title: Subtitle
- POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment
- Creators
- Luoxi Tang - Binghamton UniversityYuqiao Meng - Binghamton UniversityAnkita Patra - Binghamton UniversityWeicheng Ma - Oakland UniversityMuchao Ye - University of IowaZhaohan Xi - Binghamton University
- Resource Type
- Preprint
- Publication Details
- ArXiv.org
- DOI
- 10.48550/arxiv.2510.01552
- ISSN
- 2331-8422
- Publisher
- Cornell University; Ithaca, New York
- Language
- English
- Date posted
- 10/02/2025
- Academic Unit
- Computer Science
- Record Identifier
- 9984969107802771
Metrics
16 Record Views