Abstract

The implementation of data-driven security mechanisms for IoT systems requires the collection and analysis of large amounts of security-related data from various heterogeneous sources and probes. This requires the unification and consolidation of the diverse semantics of these data, based on the use of a common format for representing cyber threat intelligence. However, state-of-the-art formats for modeling and exchanging cybersecurity data are heavy weight and not tailored to IoT systems. Moreover, they do not provide the means for modeling and configuring the IoT security data collection system. This paper introduces a data model for IoT security data collection system, which enables the implementation of data-driven security services for non-trivial IoT systems, such as risk assessment services. The introduced data model provides also the means for configuring data-driven IoT security platforms, including their probes and data collection services. In addition to presenting the main entities of the model and the relationships between them, the paper illustrates the use of the model for the implementation of a risk assessment as a service platform. Overall, the IoT security data model of the paper can serve as a basis for implementing lightweight and configurable data-driven solutions for non-trivial IoT systems.