pith. sign in

arxiv: 2605.23059 · v1 · pith:ZPIHM7GJnew · submitted 2026-05-21 · 💻 cs.CR

BYOT-CPS: A Hybrid Cyber-Physical Systems Testbed for IoT Security Assessment and Platform Evaluation

Yan Lin Aung , Nelson Che Neba This is my paper

Pith reviewed 2026-05-25 05:22 UTC · model grok-4.3

classification 💻 cs.CR
keywords IoT securityhybrid testbedcyber-physical systemsGNS3security experimentationpenetration testingMirai attack
0
0 comments X

The pith

BYOT-CPS links real IoT devices to virtual GNS3 networks to enable realistic security experiments without full physical labs.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

IoT security research faces a gap where simulations lack real device behaviors and physical testbeds are expensive and hard to replicate. The paper introduces BYOT-CPS as a hybrid system that connects actual smart devices to emulated network zones built on GNS3. It defines six requirements for an effective testbed—fidelity to hardware, support for varied devices, scalability, reproducibility, extensibility, and independence from vendors—and shows a prototype using bulbs, plugs, switches, and cameras alongside virtual attack and monitoring areas. Demonstrations include penetration testing, traffic monitoring, and a Mirai-style denial-of-service attack. A sympathetic reader would see this as a way to make controlled, repeatable IoT security work more accessible across institutions.

Core claim

The paper presents BYOT-CPS, a hybrid cyber-physical testbed that integrates real IoT devices with virtualised network infrastructure on GNS3 to support security experimentation while preserving authentic device behaviour. It defines six requirements (fidelity, heterogeneity, scalability, reproducibility, extensibility, and independence) and uses a prototype deployment with smart bulbs, plugs, switches, and IP cameras connected to virtual enterprise, server, attack, and monitoring zones to demonstrate hybrid connectivity, penetration testing workflows, a Mirai-style attack, traffic monitoring, and controlled device manipulation. The evidence is framed as feasibility validation rather than a

What carries the argument

The hybrid connectivity layer that joins physical IoT devices to GNS3 virtual networks, allowing real firmware and hardware responses to interact with controlled virtual attack and monitoring environments.

If this is right

  • Security experiments such as penetration testing and denial-of-service attacks become reproducible with authentic device responses.
  • Vendor-neutral evaluation of commercial IoT security platforms can occur inside a controlled hybrid environment.
  • Smaller research groups gain access to realistic IoT testing without assembling costly dedicated physical laboratories.
  • Experiments can scale by adding more virtual infrastructure while keeping a small number of real devices for fidelity.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach could lower the cost barrier for educational institutions to run IoT security courses with hands-on device interaction.
  • Extending the testbed to include additional device categories would test the heterogeneity requirement more broadly.
  • Direct comparisons between BYOT-CPS results and pure physical testbeds could measure any fidelity gaps introduced by the virtual network layer.

Load-bearing premise

The limited prototype deployment with specific devices and GNS3 sufficiently validates the six requirements for broader use in security experimentation.

What would settle it

An experiment showing that swapping the physical devices or reconfiguring the virtual zones produces inconsistent attack outcomes or device responses compared to the reported prototype.

Figures

Figures reproduced from arXiv: 2605.23059 by Nelson Che Neba, Yan Lin Aung.

Figure 1
Figure 1. Figure 1: Layered architecture of the BYOT-CPS framework. [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Reference topology of the BYOT-CPS testbed. [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Mirai-style denial-of-service scenario in BYOT-CPS [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
read the original abstract

Internet of Things (IoT) security research continues to face a methodological gap between scalable virtual experimentation and realistic device behaviour. While pure simulation and emulation platforms provide control, repeatability, and scale, they do not fully reproduce firmware-specific behaviours, hardware characteristics, and vendor implementation weaknesses that frequently determine real-world exploitability. Conversely, physicalonly testbeds provide realism but are costly to assemble, difficult to reconfigure, and hard to replicate across institutions. This paper presents Build Your Own Cyber-Physical Systems Testbed (BYOT-CPS), a hybrid cyber-physical testbed that connects real IoT devices to virtualised network infrastructure built on GNS3. BYOT-CPS is designed to support security experimentation, education, and independent evaluation of commercial IoT security platforms within a controlled environment that preserves authentic device behaviour. Six requirements for such a testbed are defined: fidelity, heterogeneity, scalability, reproducibility, extensibility, and independence. A prototype deployment integrating smart bulbs, smart plugs, switches, and IP cameras with virtual enterprise, server, attack, and monitoring zones is used to demonstrate hybrid connectivity, penetration testing workflows, a Mirai-style denial-of-service attack, traffic monitoring, and controlled device manipulation. The evidence presented constitutes a feasibility validation of the framework rather than a largescale comparative benchmark. Within that scope, BYOT-CPS offers a practical middle ground between emulation-only research environments and costly physical laboratories while positioning vendor-neutral platform evaluation as a forward-looking design objective.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The paper presents BYOT-CPS, a hybrid cyber-physical testbed that connects real IoT devices (smart bulbs, plugs, switches, IP cameras) to virtualized network infrastructure via GNS3. It defines six requirements (fidelity, heterogeneity, scalability, reproducibility, extensibility, independence) for IoT security testbeds and uses a prototype deployment with enterprise, server, attack, and monitoring zones to demonstrate hybrid connectivity, penetration testing, a Mirai-style DoS attack, traffic monitoring, and device manipulation. The central claim is scoped as a feasibility demonstration rather than large-scale validation or comparative benchmarks.

Significance. If the feasibility demonstration holds, BYOT-CPS would offer a practical, lower-cost middle ground between emulation-only platforms and physical laboratories for IoT security experimentation and vendor-neutral platform evaluation, while preserving authentic device behaviors. The work is a concrete system construction with working prototype examples of connectivity and attacks; this construction approach is a strength, though the absence of quantitative benchmarks or cross-institution replication limits broader claims.

minor comments (2)
  1. [Prototype deployment section] The prototype description (real devices + GNS3) illustrates the six requirements but does not include explicit metrics or tests showing how scalability and reproducibility are achieved beyond the small deployment; a table or subsection mapping each requirement to concrete prototype features would strengthen the feasibility claim.
  2. [Abstract and Introduction] The abstract states the evidence is a 'feasibility validation' rather than large-scale benchmark; this scoping is appropriate but could be reinforced in the introduction and conclusion to prevent readers from overgeneralizing the single-deployment results.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their constructive summary and positive assessment of BYOT-CPS as a practical hybrid testbed. We appreciate the recommendation for minor revision and the recognition that the work constitutes a feasibility demonstration rather than large-scale validation.

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper describes the construction and prototype demonstration of a hybrid IoT testbed (BYOT-CPS) using real devices connected to GNS3 virtual networks. It defines six requirements (fidelity, heterogeneity, scalability, reproducibility, extensibility, independence) and illustrates them via a small-scale setup with smart bulbs, plugs, cameras, and attack scenarios. No mathematical derivations, equations, fitted parameters, predictions, or uniqueness theorems appear in the text. The central claim is explicitly scoped as a feasibility demonstration rather than generalizability or benchmark validation, with no self-citation chains or ansatzes that reduce the contribution to its own inputs. The work is self-contained as an engineering artifact with independent content.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No free parameters, axioms, or invented entities are introduced; the paper describes an engineering construction relying on existing tools (GNS3) and standard IoT devices without postulating new entities or fitting parameters.

pith-pipeline@v0.9.0 · 5801 in / 1109 out tokens · 18248 ms · 2026-05-25T05:22:39.973149+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

25 extracted references · 25 canonical work pages

  1. [1]

    S. Sinha. State of IoT 2025: Number of connected IoT devices growing 14% to 21.1 billion globally. [Online]. Available: https: //iot-analytics.com/number-connected-iot-devices/

    work page 2025

  2. [2]

    IoT connected devices worldwide 2025–2034,

    Statista, “IoT connected devices worldwide 2025–2034,” https://www. statista.com/statistics/1183457/iot-connected-devices-worldwide/, 2026

    work page arXiv 2025

  3. [3]

    Understanding the mirai botnet,

    M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y . Zhou, “Understanding the mirai botnet,” inProceedings of the 26th USENIX Conference on Security Symposium, ser. SEC’17. USA: USE...

    work page 2017

  4. [4]

    Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices,

    F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, “Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices,”IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8182–8201, 2019

    work page 2019

  5. [5]

    Cross- level sensor network simulation with cooja,

    F. Osterlind, A. Dunkels, J. Eriksson, N. Finne, and T. V oigt, “Cross- level sensor network simulation with cooja,” inProceedings. 2006 31st IEEE Conference on Local Computer Networks, 2006, pp. 641–648

    work page 2006

  6. [6]

    G. F. Riley and T. R. Henderson,The ns-3 Network Simulator. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 15–34

    work page 2010

  7. [7]

    An overview of the OMNeT++ simulation environment,

    A. Varga and R. Hornig, “An overview of the OMNeT++ simulation environment,” ser. Simutools ’08, Brussels, BEL, 2008

    work page 2008

  8. [8]

    CORE: A real-time network emulator,

    J. Ahrenholz, C. Danilov, T. R. Henderson, and J. H. Kim, “CORE: A real-time network emulator,” inMILCOM 2008 - 2008 IEEE Military Communications Conference, 2008, pp. 1–7

    work page 2008

  9. [9]

    A network in a laptop: rapid prototyping for software-defined networks,

    B. Lantz, B. Heller, and N. McKeown, “A network in a laptop: rapid prototyping for software-defined networks,” inProceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, ser. Hotnets-IX. New York, NY , USA: Association for Computing Machinery, 2010

    work page 2010

  10. [10]

    Gotham Testbed: A Reproducible IoT Testbed for Security Ex- periments and Dataset Generation,

    X. Saez-de Camara, J. L. Flores, C. Arellano, A. Urbieta, and U. Zu- rutuza, “Gotham Testbed: A Reproducible IoT Testbed for Security Ex- periments and Dataset Generation,”IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 01, pp. 186–203, Jan. 2024

    work page 2024

  11. [11]

    EPIC: A testbed for scientifically rigorous cyber-physical security experimentation,

    C. Siaterlis, B. Genge, and M. Hohenadel, “EPIC: A testbed for scientifically rigorous cyber-physical security experimentation,”IEEE Transactions on Emerging Topics in Computing, vol. 1, no. 2, pp. 319– 330, 2013

    work page 2013

  12. [12]

    Validating and restoring defense in depth using attack graphs,

    R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham, “Validating and restoring defense in depth using attack graphs,” inMILCOM 2006 - 2006 IEEE Military Communications conference, 2006, pp. 1–10

    work page 2006

  13. [13]

    The internet of things for health care: A comprehensive survey,

    S. M. R. Islam, D. Kwak, M. H. Kabir, M. Hossain, and K.-S. Kwak, “The internet of things for health care: A comprehensive survey,”IEEE Access, vol. 3, pp. 678–708, 2015

    work page 2015

  14. [14]

    Gns3 documentation,

    GNS3 Technologies, “Gns3 documentation,” https://docs.gns3.com/, 2026

    work page 2026

  15. [15]

    EVE-NG: The emulated virtual environment for network, security and devops professionals,

    EVE-NG Ltd, “EVE-NG: The emulated virtual environment for network, security and devops professionals,” https://www.eve-ng.net/, 2026

    work page 2026

  16. [16]

    Hybrid iot cyber range,

    K. E. Balto, M. M. Yamin, A. Shalaginov, and B. Katt, “Hybrid iot cyber range,”Sensors, vol. 23, no. 6, 2023

    work page 2023

  17. [17]

    Container-based intrusion detection systems for the internet of things,

    M. M. H. Onik, C.-S. Yang, M. A. Razzaque, and M. A. Serhani, “Container-based intrusion detection systems for the internet of things,” Sensors, vol. 19, no. 23, p. 5277, 2019

    work page 2019

  18. [18]

    Mqttset, a new dataset for machine learning techniques on mqtt,

    I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso, “Mqttset, a new dataset for machine learning techniques on mqtt,” Sensors, vol. 20, no. 22, 2020

    work page 2020

  19. [19]

    Gothx: a generator of customiz- able, legitimate and malicious iot network traffic,

    M. Poisson, R. Carnier, and K. Fukuda, “Gothx: a generator of customiz- able, legitimate and malicious iot network traffic,” inProceedings of the 17th Cyber Security Experimentation and Test Workshop, ser. CSET ’24, New York, NY , USA, 2024, p. 65–73

    work page 2024

  20. [20]

    Emulytics — Cyber at Sandia,

    Sandia National Laboratories, “Emulytics — Cyber at Sandia,” https: //www.sandia.gov/emulytics/, 2026

    work page 2026

  21. [21]

    Internet of things (iot): Research, simulators, and testbeds,

    M. Chernyshev, Z. Baig, O. Bello, and S. Zeadally, “Internet of things (iot): Research, simulators, and testbeds,”IEEE Internet of Things Journal, vol. 5, no. 3, pp. 1637–1647, 2018

    work page 2018

  22. [22]

    Security, privacy and trust in internet of things: The road ahead,

    S. Sicari, A. Rizzardi, L. Grieco, and A. Coen-Porisini, “Security, privacy and trust in internet of things: The road ahead,”Computer Networks, vol. 76, pp. 146–164, 2015

    work page 2015

  23. [23]

    A survey on iot security: Vulnerability detection and protection,

    Z. Wei, Q. Wei, Y . Geng, and Y . Yang, “A survey on iot security: Vulnerability detection and protection,” inProceedings of the 2024 Inter- national Conference on Artificial Intelligence of Things and Computing, ser. AITC ’24. New York, NY , USA: Association for Computing Machinery, 2025, p. 1–8

    work page 2024

  24. [24]

    DDoS in the IoT: Mirai and Other Botnets,

    C. Kolias, G. Kambourakis, A. Stavrou, and J. V oas, “DDoS in the IoT: Mirai and Other Botnets,”Computer, vol. 50, no. 7, pp. 80–84, 2017

    work page 2017

  25. [25]

    Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset,

    N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset,”Future Generation Computer Systems, vol. 100, pp. 779–796, 2019

    work page 2019