BRIoT: Behavior Rune Specification-Based Misbehavior Detection for IoT-Embedded Cyber-Physical Systems


TR Number



Journal Title

Journal ISSN

Volume Title




The identification of vulnerabilities in a mission-critical system is one of the challenges faced by a cyber-physical system (CPS). The incorporation of embedded Internet of Things (IoT) devices makes it tedious to identify vulnerability and difficult to control the service-interruptions and manage the operations losses. Rule-based mechanisms have been considered as a solution in the past. However, rule-based solutions operate on the goodwill of the generated rules and perform assumption-based detection. Such a solution often is far from the actual realization of the IoT runtime performance and can be fooled by zero-day attacks. Thus, this paper takes this issue as motivation and proposes better lightweight behavior rule specification-based misbehavior detection for the IoT-embedded cyber-physical systems (BRIoT). The key concept of our approach is to model a system with which misbehavior of an IoT device manifested as a result of attacks exploiting the vulnerability exposed may be detected through automatic model checking and formal verification, regardless of whether the attack is known or unknown. Automatic model checking and formal verification are achieved through a 2-layer Fuzzy-based hierarchical context-aware aspect-oriented Petri net (HCAPN) model, while effective misbehavior detection to avoid false alarms is achieved through a Barycentric-coordinated-based center of mass calculation method. The proposed approach is verified by an unmanned aerial vehicle (UAV) embedded in a UAV system. The feasibility of the proposed model is demonstrated with high reliability, low operational cost, low false-positives, low false-negatives, and high true positives in comparison with existing rule-based solutions.



Behavior rules, cyber-physical systems, IoT, specification-based intrusion detection, zero-day attacks