PPIDS: A Pyramid-Like Printer Intrusion Detection System Based on ATT&CK Framework

1Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Nowadays, network printers have become one of the essential devices for daily work, and are getting more and more attention from attackers. Traditional intrusion detection system may not apply quite well to network printers since it can’t detect growing multi-step complex attacks for network printers. To detect and prevent such attacks, we design a network printer attackers’ behavioral model and knowledge base named TTPE based on ATT&CK framework. Then we propose an attack detection system named PPIDS which is based on TTPE to detect and analyze network attacks against network printers. For experiments, we capture 38 network traffic packets from 4 typical scenarios. In our experiments, PPIDS achieves false-positive rate of 0%, false-negative rate of 14.29%. Experiment result shows that our method performs superior to traditional intrusion detection systems on identifying complex network attacks against network printers.

Cite

CITATION STYLE

APA

He, H., Yu, L., Cai, W., Wang, X., Gong, X., Wang, H., & Liu, C. (2020). PPIDS: A Pyramid-Like Printer Intrusion Detection System Based on ATT&CK Framework. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12020 LNCS, pp. 277–290). Springer. https://doi.org/10.1007/978-3-030-42921-8_16

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free