PIDS: A Behavioral Framework for Analysis and Detection of Network Printer Attacks

Asaf Hecht, Adi Sagi, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Nowadays, every organization might be attacked through its network printers. The malicious exploitation of printing protocols is a dangerous and underestimated threat against every printer today. This article presents PIDS (Printers' IDS), an intrusion detection system for detecting attacks on printing protocols. PIDS continuously captures various features and events obtained from traffic produced by printing protocols in order to detect attacks. As part of this research, we conducted thousands of automatic and manual printing protocol attacks on various printers and recorded thousands of the printers' benign network sessions. Then we applied various supervised machine learning algorithms to classify the collected data as normal (benign) or abnormal (malicious). We evaluated several detection algorithms in order to obtain the best detection results for malicious protocol traffic of printers. Our empirical results suggest that the proposed framework is effective in detecting printing protocol attacks, providing an accuracy of 99.9 with negligible false-positive rate.

Original languageAmerican English
Title of host publicationMALWARE 2018 - Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software
Pages87-94
Number of pages8
ISBN (Electronic)9781728101538
DOIs
StatePublished - 2 Jul 2018
Event13th International Conference on Malicious and Unwanted Software, MALWARE 2018 - Nantucket, United States
Duration: 22 Oct 201824 Oct 2018

Publication series

NameMALWARE 2018 - Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software

Conference

Conference13th International Conference on Malicious and Unwanted Software, MALWARE 2018
Country/TerritoryUnited States
CityNantucket
Period22/10/1824/10/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'PIDS: A Behavioral Framework for Analysis and Detection of Network Printer Attacks'. Together they form a unique fingerprint.

Cite this