Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoTShow others and affiliations
2024 (English)In: 2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, IEEE, 2024, p. 82-89Conference paper, Published paper (Refereed)
Abstract [en]
Cyber Threat Intelligence (CTI) development has largely overlooked the IoT - network-connected devices like sensors. These devices' heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations.
Place, publisher, year, edition, pages
IEEE, 2024. p. 82-89
Keywords [en]
Cyber Threat Intelligence, STIX, TAXII, Internet of Things, Indicator of Compromise, MISP
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-69172DOI: 10.1109/CSR61664.2024.10679511ISI: 001327167900013Scopus ID: 2-s2.0-85206142400ISBN: 979-8-3503-7536-7 (print)OAI: oai:DiVA.org:mdh-69172DiVA, id: diva2:1914666
Conference
4th IEEE Annual International Conference on Cyber Security and Resilience (IEEE CSR), SEP 02-04, 2024, London, ENGLAND
2024-11-202024-11-202025-10-10Bibliographically approved