With the proliferation of digitization and its usage in critical sectors, it is necessary to include information about the occurrence and assessment of cyber threats in an organization's threat mitigation strategy. This Cyber Threat Intelligence (CTI) is becoming increasingly important, or rather necessary, for critical national and industrial infrastructures. Current CTI solutions are rather federated and unsuitable for sharing threat information from low-power IoT devices. This paper presents a taxonomy and analysis of the CTI frameworks and CTI exchange platforms available today. It proposes a new CTI architecture relying on the MISP Threat Intelligence Sharing Platform customized and focusing on IoT environment. The paper also introduces a tailored version of STIX (which we call tinySTIX), one of the most prominent standards adopted for CTI data modeling, optimized for low-power IoT devices using the new lightweight encoding and cryptography solutions. The proposed CTI architecture will be very beneficial for securing IoT networks, especially the ones working in harsh and adversarial environments.

翻译：随着数字化进程的普及及其在关键领域的应用，将网络威胁的发生与评估信息纳入组织的威胁缓解策略已变得至关重要。这种网络威胁情报对于国家和工业关键基础设施而言正变得日益重要，甚至不可或缺。当前的CTI解决方案多为联邦式架构，不适用于共享来自低功耗物联网设备的威胁信息。本文对现有的CTI框架与CTI交换平台进行了分类学梳理与分析，提出了一种基于定制化MISP威胁情报共享平台、专注于物联网环境的新型CTI架构。论文还引入了STIX标准的定制版本（我们称之为tinySTIX）——该标准是CTI数据建模领域最主流的规范之一，通过采用新型轻量级编码与加密解决方案，实现了对低功耗物联网设备的优化适配。所提出的CTI架构将极大助力物联网网络安全防护，尤其适用于在恶劣及对抗性环境中运行的物联网网络。