PIDS - A Behavioral Framework for Analysis and Detection of Network Printer Attacks

TL;DR

This paper introduces PIDS, a machine learning-based intrusion detection system designed to identify attacks on network printers by analyzing printing protocol traffic, achieving high accuracy and low false positives.

Contribution

The paper presents a novel framework, PIDS, that effectively detects printer protocol attacks using supervised machine learning with optimized features.

Findings

Achieved 99.9% detection accuracy.

Demonstrated effectiveness across various printers.

Reduced false positive rate to negligible levels.

Abstract

Nowadays, every organization might be attacked through its network printers. The malicious exploitation of printing protocols is a dangerous and underestimated threat against every printer today, as highlighted by recent published researches. This article presents PIDS (Printers' IDS), an intrusion detection system for detecting attacks on printing protocols. PIDS continuously captures various features and events obtained from traffic produced by printing protocols in order to detect attacks. As part of this research we conducted thousands of automatic and manual printing protocol attacks on various printers and recorded thousands of the printers' benign network sessions. Then we applied various supervised machine learning (ML) algorithms to classify the collected data as normal (benign) or abnormal (malicious). We evaluated several detection algorithms, feature selection methods, and the features needed in order to obtain the best detection results for protocol traffic of printers. Our empirical results suggest that the proposed framework is effective in detecting printing protocol attacks, providing an accuracy of 99.9 with negligible fall-positive rate.