1 research outputs found
PIDS - A Behavioral Framework for Analysis and Detection of Network Printer Attacks
Nowadays, every organization might be attacked through its network printers.
The malicious exploitation of printing protocols is a dangerous and
underestimated threat against every printer today, as highlighted by recent
published researches.
This article presents PIDS (Printers' IDS), an intrusion detection system for
detecting attacks on printing protocols. PIDS continuously captures various
features and events obtained from traffic produced by printing protocols in
order to detect attacks. As part of this research we conducted thousands of
automatic and manual printing protocol attacks on various printers and recorded
thousands of the printers' benign network sessions. Then we applied various
supervised machine learning (ML) algorithms to classify the collected data as
normal (benign) or abnormal (malicious). We evaluated several detection
algorithms, feature selection methods, and the features needed in order to
obtain the best detection results for protocol traffic of printers.
Our empirical results suggest that the proposed framework is effective in
detecting printing protocol attacks, providing an accuracy of 99.9 with
negligible fall-positive rate