Briot: Behavior rule specification-based misbehavior detection for IoT-embedded cyber-physical systems

Vishal Sharma, Ilsun You*, Kangbin Yim, Ing Ray Chen, Jin Hee Cho

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

26 Citations (Scopus)
69 Downloads (Pure)


The identification of vulnerabilities in a mission-critical system is one of the challenges faced by a Cyber-Physical System (CPS). The incorporation of embedded Internet of Things (IoT) devices makes it tedious to identify vulnerability and difficult to control the service-interruptions and manage the operations losses. Rule-based mechanisms have been considered as a solution in the past. However, rule-based solutions operate on the goodwill of the generated rules and perform assumption-based detection. Such a solution often is far from the actual realization of IoT runtime performance and can be fooled by zero-day attacks. Thus, this paper takes this issue as a motivation and proposes better lightweight behavior rule specification-based misbehavior detection for IoT-embedded cyber-physical systems (BRIoT). The key concept of our approach is to model a system with which misbehavior of an IoT device manifested as a result of attacks exploiting the vulnerability exposed may be detected through automatic model checking and formal verification, regardless of whether the attack is known or unknown. Automatic model checking and formal verification are achieved through a 2-layer Fuzzy-based Hierarchical Context-Aware Aspect-Oriented Petri Net (HCAPN) model, while effective misbehavior detection to avoid false alarms is achieved through a Barycentric-coordinated based center of mass calculation method. The proposed approach is verified by an unmanned aerial vehicle (UAV) embedded in a UAV system. The feasibility of the proposed model is demonstrated with high reliability, low operational cost, low false-positives, low false-negatives, and high true positives in comparison with existing rule-based solutions.

Original languageEnglish
Article number8715740
Pages (from-to)1-25
Number of pages25
JournalIEEE Access
Early online date15 May 2019
Publication statusEarly online date - 15 May 2019
Externally publishedYes


  • Behavior rules
  • Cyber-physical systems
  • IoT
  • Specification-based intrusion detection
  • Zero-day attacks

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)


Dive into the research topics of 'Briot: Behavior rule specification-based misbehavior detection for IoT-embedded cyber-physical systems'. Together they form a unique fingerprint.

Cite this