Device security is one of the major challenges for successful implementation of Internet of Things and fog computing environment in current IT space. Researchers and Information Technology (IT) organizations have explored many solutions to protect systems from unauthenticated device attacks (known as outside device attacks). Fog computing uses network devices (e.g. router, switch and hub) for latency-aware processing of collected data using IoT. Then, identification of malicious edge device is one of the critical activities in data security of fog computing environment. Preventing attacks from malicious edge devices in fog computing environment is more difficult because they have certain granted privileges to use and process the data. In this paper, proposed cybersecurity framework uses three technologies which are Markov model, Intrusion Detection System (IDS) and Virtual Honeypot Device (VHD) to identify malicious edge device in fog computing environment. A two-stage hidden Markov model is used to effectively categorize edge devices in four different levels. VHD is designed to store and maintain log repository of all identified malicious devices which assists the system to defend itself from any unknown attacks in the future. Proposed cybersecurity framework is tested with real attacks in virtual environment created using OpenStack and Microsoft Azure. Results indicated that proposed cybersecurity framework is successful in identifying the malicious device as well as reducing the false IDS alarm rate.