Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT

Karlsson, August; Hoglund, Rikard; Wang, Han; Iacovazzi, Alfonso; Raza, Shahid

Simple search

Advanced search

Statistics

Change search

Cite ExportLink to record

Permanent link

https://urn.kb.se/resolve?urn=urn:nbn:se:ri:diva-76025

Direct link

https://ri.diva-portal.org/smash/record.jsf?pid=diva2:1909961

Cite

Citation style

apa
ieee
modern-language-association-8th-edition
vancouver
Other style

More styles

Language

de-DE
en-GB
en-US
fi-FI
nn-NO
nn-NB
sv-SE
Other locale

More languages

Output format

html
text
asciidoc
rtf

Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT

Karlsson, August

RISE Research Institutes of Sweden.

Hoglund, Rikard

RISE Research Institutes of Sweden, Digital Systems, Data Science. Uppsala University, Sweden.ORCID iD: 0000-0002-9437-5764

Wang, Han

RISE Research Institutes of Sweden, Digital Systems, Data Science.ORCID iD: 0000-0002-2772-4661

Iacovazzi, Alfonso

RISE Research Institutes of Sweden, Digital Systems, Data Science.ORCID iD: 0000-0001-6116-164X

Show others and affiliations

2024 (English)Conference paper, Published paper (Refereed)

Abstract [en]

Cyber Threat Intelligence (CTI) development has largely overlooked the IoT- network-connected devices like sensors. These devices’ heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations.

Place, publisher, year, edition, pages

Institute of Electrical and Electronics Engineers Inc. , 2024. p. 82-89

Keywords [en]

Cyber threat intelligence; Cyber threats; Device heterogeneities; Indicator of compromize; Intelligence sharing; Inter-net of thing; MISP; Resourceconstrained devices; STIX; TAXII; Cyber attacks

National Category

Computer Sciences

Identifiers

URN: urn:nbn:se:ri:diva-76025DOI: 10.1109/CSR61664.2024.10679511Scopus ID: 2-s2.0-85206142400ISBN: 9798350375367 (electronic)OAI: oai:DiVA.org:ri-76025DiVA, id: diva2:1909961

Conference

2024 IEEE International Conference on Cyber Security and Resilience (CSR)

Funder

Swedish Foundation for Strategic Research, aSSIsTEU, Horizon 2020, 830927

Note

This work was supported in part by the Swedish Foundation for Strategic Research (SSF) project aSSIsT, and in part by the H2020 project CONCORDIA (Grant agreement 830927).

Available from: 2024-11-01 Created: 2024-11-01 Last updated: 2025-09-23Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Hoglund, Rikard Wang, Han Iacovazzi, Alfonso Raza, Shahid

Search in DiVA

doi

isbn

urn-nbn

Total: 286 hits