Device Behavioural Blueprint (DB²): A Risk-Aware Framework for Unique Device Behaviour Profiling Using Microarchitectural Variations

This paper introduces DB², a risk-aware behavioural identity framework that derives device identity from CPU–RTC timing deviation and Performance Monitoring Unit (PMU) microarchitectural events, without relying on GPUs, radios, sensors, or dedicated hardware. The method captures oscillator-coupled timing variation and execution behaviour through a structured signal-processing pipeline, producing device-specific behavioural signatures that remain distinguishable across reboots, temperature variation, and core transitions. DB² structures identity assurance into three layers: closed-set identification, calibrated open-set rejection, and stability-aware risk scoring. Evaluation under a strict three-way split with reboot separation for training, calibration, and unseen testing yields a macro-F₁ of 0.957 on unseen reboots. The open-set layer rejects previously unseen devices with a mean true-positive rate of 0.990 at a calibrated event-level false-reject rate of approximately 0.08 under strict leave-one-device-out validation, with operating-point selection performed exclusively on the calibration split. A Dynamic-Aware Identification and Risk (DAIR) mechanism decomposes behavioural stability across temperature, reboot, and core factors to provide interpretable posture monitoring for enrolled devices. Under identity-claim manipulation via spoofing, Sybil, and relabelling scenarios involving cloning, targeted identities exhibit reduced identification consistency and elevated risk, while non-targeted devices remain stable under identical calibration settings. These results show that behavioural fingerprints can be derived from standard CPU, RTC, and PMU-accessible resources on edge devices, enabling device-identity and behavioural-assurance monitoring in IoT and edge environments without specialised hardware.