Abstract
Nowadays, network printers have become one of the essential devices for daily work, and are getting more and more attention from attackers. Traditional intrusion detection system may not apply quite well to network printers since it can’t detect growing multi-step complex attacks for network printers. To detect and prevent such attacks, we design a network printer attackers’ behavioral model and knowledge base named TTPE based on ATT&CK framework. Then we propose an attack detection system named PPIDS which is based on TTPE to detect and analyze network attacks against network printers. For experiments, we capture 38 network traffic packets from 4 typical scenarios. In our experiments, PPIDS achieves false-positive rate of 0%, false-negative rate of 14.29%. Experiment result shows that our method performs superior to traditional intrusion detection systems on identifying complex network attacks against network printers.
Author supplied keywords
Cite
CITATION STYLE
He, H., Yu, L., Cai, W., Wang, X., Gong, X., Wang, H., & Liu, C. (2020). PPIDS: A Pyramid-Like Printer Intrusion Detection System Based on ATT&CK Framework. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12020 LNCS, pp. 277–290). Springer. https://doi.org/10.1007/978-3-030-42921-8_16
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
