nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Password Guessing Based on Semantic Analysis and Neural Networks

verfasst von : Yong Fang, Kai Liu, Fan Jing, Zheng Zuo

Erschienen in: Trusted Computing and Information Security

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Passwords remain the dominant method in data encryption and identity authentication, but they are vulnerable to guessing attack. Most users incline to choose meaningful words to make up passwords. Lots of these words are human-memorable. In this paper, we propose a hierarchical semantic model that combines LSTM with semantic analysis to implement password guessing. With our model, the potential probability relationship between words can be mined. After training the model with 4.5 million passwords from leaked Chinese passwords, we generate lots of passwords guesses ordered by probability. 0.5 million passwords are reserved for model testing. In addition, we also pick up CSDN passwords, the Rockyou passwords, and Facebook passwords as model-testing sets. Each dataset contains 0.5 million passwords. LSTM-based model, PCFG, and Markov-based model are selected for comparison. Experiments show that our model has a higher coverage rate than the other models of the reserved dataset and CSDN dataset. Besides, our model can hit more passwords for the Rockyou dataset and Facebook dataset than PCFG.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Network Risk Assessment Method Based on Asset Correlation Graph

Nächstes Kapitel An Approach of Implementing SW-TPM in Real-Time Operating System

Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. Mag. 10(1), 28–36 (2012)CrossRef

Kelley, P., et al.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (2012)

Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRef

Leaked password lists and dictionaries. http://thepasswordproject.com/leaked_password_lists_and_dictionaries

Weir, M., Aggarwal, S., Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 30th IEEE Symposium on Security and Privacy (2009)

Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10, 1776–1791 (2015)CrossRef

Wheeler, DL.: zxcvbn: low-budget password strength estimation. In: USENIX Security Symposium, pp. 157–173 (2016)

Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security - CCS 2005 (2005)

Castelluccia, C., Dürmuth, M., Perito D.: Adaptive password-strength meters from Markov models. In: NDSS 2012 (2012)

10.

Dürmuth, M., Angelstorf, F., Castelluccia, C., Perito, D., Chaabane, A.: OMEN: faster password guessing using an ordered Markov enumerator. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 119–132. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_10CrossRef

11.

John the Ripper password cracker. http://www.openwall.com/john/

12.

Hashcat. https://hashcat.net

13.

Jozefowicz, R., Zaremba, W., Sutskever I.: An empirical exploration of recurrent network architectures. In: International Conference on Machine Learning, pp. 2342–2350 (2015)

14.

Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: USENIX Security Symposium, pp. 175–191 (2016)

15.

RockYou. http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2

16.

Hitaj, B., Gasti, P., Ateniese, G., Perez-Cruz, F.: PassGAN: a deep learning approach for password guessing. arXiv preprint arXiv:1709.00440 (2017)

17.

Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)

18.

Schweitzer, D., Boleng, J., Hughes, C., Murphy, L.: Visualizing keyboard pattern passwords. In: 2009 6th International Workshop on Visualization for Cyber Security (2009)

19.

Understanding LSTM Networks. https://colah.github.io/posts/2015-08-Understanding-LSTMs/

20.

Xu, L., et al.: Password guessing based on LSTM recurrent neural networks. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) (2017)

21.

de Castro, L., Hunter, L., Stephanie, L., Cristina, M.: Modeling password guessing with neural networks

22.

Softmax. http://ufldl.stanford.edu/wiki/index.php/Softmax_Regressiony

Titel: Password Guessing Based on Semantic Analysis and Neural Networks
verfasst von: Yong Fang
Kai Liu
Fan Jing
Zheng Zuo
Verlag: Springer Singapore
Buch: Trusted Computing and Information Security
Print ISBN: 978-981-13-5912-5

Electronic ISBN: 978-981-13-5913-2

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-981-13-5913-2_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"