Mengli Zhang
ABSTRACT
Identity authentication is an important line of defense for network security, and passwords are still the mainstream of identity authentication. Password attacking is an important means of password security research. Probabilistic context-free grammar (PCFG) is the most effective password structure partitioning method at present. The string generation method based on neural network has powerful generalization ability. They effectively characterize the passwords on the substructure level and the character level respectively. In this paper, based on the merits of the above two models, we propose a password attacking method based on structure partition and bidirectional long short-term memory (BiLSTM) recurrent neural network, which is denoted as SPRNN model. Firstly, passwords are divided into abstract substructures. Then substrings of characters, digits and symbols in substructures are generated by using BiLSTM model to take account of the accuracy and generalization ability of the model. Finally, the method is verified by experiment on six real Chinese and English password datasets. The results show that in the context of a fixed number of guessing trials, the SPRNN model breaks the password 25% -30% more than Narayanan's method, about 10% than Weir et al.'s method password between the cross datasets.
- Wang Ping, Wang Ding, Huang Xin-Yi. 2016. Advances in Password Security. Computer Research and Development, 53(10): 2173--2188.Google Scholar
- Chen T Y, Lee C C, Hwang M S, et al. 2013. Towards secure and efficient user authentication scheme using smart card for multi-server environments. Journal of Supercomputing, 66(2):1008--1032. Google ScholarDigital Library
- Stajano F, Oorschot P C V, Herley C, et al. The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In proceedings of the 33th IEEE Symposium on Security and Privacy(San Francisco, USA, 2012), 553--567. Google ScholarDigital Library
- Bonneau J, Herley C, Oorschot P C V, et al. 2015. Passwords and the evolution of imperfect authentication. Communications of the ACM, 58(7):78--87. Google ScholarDigital Library
- Oechslin P. 2003. Making a Faster Cryptanalytic Ttime-Memory Trade-Off. Lecture Notes in Computer Science, 2729(4):617--630.Google ScholarCross Ref
- Narayanan A, Shmatikov V. Fast dictionary attacks on passwords using time-space trade off. In proceedings of the 12th ACM conference on Computer and communications security(Alexander, USA, 2005), 364--372. Google ScholarDigital Library
- Weir M, Aggarwal S, Medeiros B D, et al. Password cracking using probabilistic context-free grammars. In proceedings of the 30th IEEE Symposium on Security and Privacy( Washington, USA, 2009), 391--405. Google ScholarDigital Library
- Houshmand S, Aggarwal S, Flood R. 2017. Next Gen PCFG Password Cracking. IEEE Transactions on Information Forensics & Security, 10(8):1776--1791.Google ScholarDigital Library
- Wang D, Zhang Z J, Wang P, et al. Targeted online password guessing: an underestimated threat. In proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security(Vienna, Austria, 2016), 1242--1254. Google ScholarDigital Library
- Melicher W, Ur B, Segreti S.M, et al. Fast, Lean, and accurate: modeling password guessability using neural networks. In proceedings of USENIX Security Symposium(Austin, TX, USA, 2016), 175--191. Google ScholarDigital Library
- Hitaj B, Gasti P, Ateniese G. (2017). Passgan: a deep learning approach for password guessing. arXiv preprint arXiv:1709.00440.Google Scholar
Index Terms
- A Password Cracking Method Based On Structure Partition and BiLSTM Recurrent Neural Network
Recommendations
A new type of recurrent neural network for handwritten character recognition
ICDAR '95: Proceedings of the Third International Conference on Document Analysis and Recognition (Volume 1) - Volume 1The authors propose a new type of recurrent neural network for handwritten character recognition. The proposed recurrent neural network differs from Jordan and Elman recurrent neural networks in view of functions and architectures because it was ...
A new type of recurrent neural network for handwritten character recognition
ICDAR '95: Proceedings of the Third International Conference on Document Analysis and Recognition (Volume 1) - Volume 1The authors propose a new type of recurrent neural network for handwritten character recognition. The proposed recurrent neural network differs from Jordan and Elman recurrent neural networks in view of functions and architectures because it was ...
A stable online self-constructing recurrent neural network
ISNN'11: Proceedings of the 8th international conference on Advances in neural networks - Volume Part IIIA new online self-constructing recurrent neural network (SCRNN) model is proposed, of which the network structure could adjust according to the specific problem in real time. If the approximation performance of SCRNN is insufficient, SCRNN can create ...
Comments