计算机科学 ›› 2022, Vol. 49 ›› Issue (4): 354-361.doi: 10.11896/jsjkx.210300008

• 信息安全 • 上一篇    下一篇

MLSTM:一种基于多序列长度LSTM的口令猜测方法

常庚1, 赵岚2, 陈文1   

  1. 1 四川大学网络空间安全学院 成都 610065;
    2 西南电子设备研究所 成都 610036
  • 收稿日期:2021-03-01 修回日期:2021-07-19 发布日期:2022-04-01
  • 通讯作者: 陈文(wenchen@scu.edu.cn)
  • 作者简介:(037173001@163.com)
  • 基金资助:
    国家重点研发计划 (2019QY0800); 国家自然科学基金(61872255)

MLSTM:A Password Guessing Method Based on Multiple Sequence Length LSTM

CHANG Geng1, ZHAO Lan2, CHEN Wen1   

  1. 1 School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China;
    2 Southwest China Research Institute of Electronic Equipment, Chengdu 610036, China
  • Received:2021-03-01 Revised:2021-07-19 Published:2022-04-01
  • About author:CHANG Geng,born in 1998,postgra-duate.His main research interests include password security and deep lear-ning.CHEN Wen,born in 1983,Ph.D,asso-ciate professor,master supervisor,is a member of China Computer Federation.His main research interests include network security and data mining.
  • Supported by:
    This work was supported by the National Key R&D Program of China(2019QY0800) and National Natural Science Foundation of China(61872255).

摘要: 当前,口令仍然是重要的用户身份认证方式,使用有效的口令猜测方法来提高口令攻击的命中率是研究口令安全的主要方法之一。近年来,研究人员提出使用神经网络LSTM来实现口令猜测,并证实其命中率优于传统的PCFG口令猜测模型等。然而,传统LSTM模型存在序列长度选择困难的问题,无法学习到不同长度序列之间的关系。文中收集了大规模口令集合,通过对用户口令构造行为以及用户设置口令的偏好进行分析发现,用户个人信息对口令设置有重要影响。接着提出了多序列长度LSTM的口令猜测方法MLSTM(Multi-LSTM),同时将个人信息应用到漫步口令猜测,以进一步提高猜测命中率。实验结果表明,与PCFG相比,MLSTM的命中率最多提升了68.2%,与传统LSTM和三阶马尔可夫相比,MLSTM命中率的增加范围分别是7.6%~42.1%和23.6%~65.2%。

关键词: 口令安全, 口令猜测, 口令分析, 神经网络, 用户信息

Abstract: Password is one of the most important methods of user authentication.Using effective password guessing methods to improve the hit rate of password attacks is the main approach to study password security.In recent years, researchers have proposed to use long short-term memory (LSTM) neural network to guess password and have demonstrated it is superior to traditional password guessing models, such as Markov model and PCFG(probabilistic context free text) model.However, the traditional LSTM model has the problem that it is hard to select the length of the sequence and cannot learn the relationship between different length sequences.This paper collects large-scale password sets and analyzes the user's password construction behaviors and the preference for passwords setting, and finds that the user's personal information has important influences on the password settings.Then a multiple sequence lengths of LSTM password guessing model MLSTM(Multi-LSTM) is proposed and the personal information is applied to trawling guessing.Experimental results demonstrate that compared with PCFG, the cracking rate is increased by 68.2% at most.While compared with traditional LSTM and 3th-order Markov, the hit rates are increased by 7.6%~42.1% and 23.6%~65.2% respectively.

Key words: Neural network, Password analysis, Password guessing, Password security, User information

中图分类号: 

  • TP309
[1] BIDDLE R,CHIASSON S,VAN OORSCHOT P C.Graphical passwords:Learning from the first twelve years[J].ACM Computing Surveys (CSUR),2012,44(4):19.
[2] VAN DER PUTTE T,KEUNING J.Biometrical fingerprintrecognition:don’t get your fingers burned[C]//Smart Card Research and Advanced Applications.Boston:Springer,2000:289-303.
[3] ZHAO W,CHELLAPPA R,PHILLIPS P J,et al.Face recognition:A literature survey[J].ACM Computing Surveys,2003,35(4):399-458.
[4] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.Passwords and the Evolution of Imperfect Authentication[J].Communications of the ACM,2015,58(7):78-87.
[5] WANG P,WANG D,HUANG X.Advances in password security[J].Computer Research and Development,2016,53(10):2173-2188.
[6] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.The quest to replace passwords:A framework for comparative evaluation of web authentication schemes[C]//2012 IEEE Sympo-sium on Security and Privacy.2012:553-567.
[7] Hashcat[OL].https://hashcat.net/oclhashcat/.
[8] PESLYAK A.John the Ripper[OL].http://www.openwall.com/ john/.
[9] NARAYANAN A,SHMATIKOV V.Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security(CCS2005).Alexandria,VA,USA:ACM,2005:7-11.
[10] WEIR M,AGGARWAL S,DE MEDEIROS B,et al.Password cracking using probabilistic context-free grammars[C]//2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405.
[11] MELICHER W,UR B,SEGRETI S M,et al.Fast,lean,and accurate:Modeling password guessability using neural networks[C]//Proceedings of USENIX Security.2016.
[12] HITAJ B,GASTI P,ATENIESE G,et al.Passgan:A deep learning approach for password guessing[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2019:217-237.
[13] MA J,YANG W,LUO M,et al.A study of probabilistic password models[C]//2014 IEEE Symposium on Security and Privacy.IEEE,2014:689-704.
[14] WANG D,ZHANG Z,WANG P,et al.Targeted Online Password Guessing:An Underestimated Threat[C]//ACM CCS.2016.
[15] DELL’AMICO M,MICHIARDI P,ROUDIER Y.MeasuringPassword Strength:An Empirical Analysis[J].arXiv:0907.3402,2009.
[16] LI Z,HAN W,XU W.A Large-Scale Empirical Analysis of Chinese Web Passwords[C]//Usenix Conference on Security Symposium.USENIX Association,2014.
[17] VERAS R,COLLINS C,THORPE J.On the Semantic Patterns of Passwords and their Security Impact[C]//Network & Distributed System Security Symposium.2014.
[18] HOUSHMAND S,AGGARWAL S,FLOOD R.Next GenPCFG Password Cracking[J].IEEE Transactions on Information Forensics & Security,2017,10(8):1776-1791.
[19] LI Y,WANG H,SUN K.A study of personal information in human-chosen passwords and its security implications.
[C]//IEEE Conference on Computer Communications(INFOCOM 2016). Communications(INFOCOM 2016).IEEE,2016.
[20] HRANICKÝ R, LIŠTIAK F, MIKUŠ D,et al.On practical aspects of PCFG password cracking[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2019:43-60.
[21] SUTSKEVER I,MARTENS J,HINTON G E.Generating Text with Recurrent Neural Networks[C]//International Conference on Machine Learning.DBLP,2016.
[22] GRAVE A.Generating sequences with recurrent neural net-works[J].arXiv:1308.0850,2013.
[23] SUNDERMEYER M,SCHLÜTER R,NEY H.LSTM Neural Networks for Language Modeling[C]//Interspeech.2012.
[24] MIRZA M, OSINDERO S.Conditional generative adversarial nets[J].arXiv:1411.1784,2014.
[25] NAM S,JEON S,KIM H,et al.Recurrent GANs PasswordCracker For IoT Password Security Enhancement[J].Sensors,2020,20(11):3106.
[26] XIA Z Y,YI P,LIU Y Y,et al.GENPass:A Multi-Source Deep Learning Model for Password Guessing[J].IEEE Transactions on Multimedia,2019,22(5):1323-1332.
[27] WANG D,CHENG H,WANG P,et al.Zipf’s Law in Passwords[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2776-2791.
[28] 12306[OL].http://www.12306.com/.
[29] 7k7k[OL].http://www.7k7k.com/.
[30] 178[OL].http://www.178.com/.
[31] csdn[OL].http://www.csdn.net/.
[32] https://github.com/wainshine/Chinese-Names-Corpus.
[33] The Sixth National Census [EB/OL].(2012-02-28).http://www.stats.gov.cn/ztjc/zdtjgz/zgrkpc/dlcrkpc/.
[34] gmail[OL].http://gmail.google.com.
[35] yahoo[OL].http://www.yahoo.com.
[36] XIE Z J,ZHANG M,LI Z H, et al.Analysis of Large-scale Real User Password Data Based on Cracking Algorithms[J].Computer Science,2020,47(11):48-54.
[37] LI B,ZHOU Q L,SI X M,et al.Optimized Implementation of Office Password Recovery Based on FPGA Cluster[J].Compu-ter Science,2020,47(11):32-41.
[1] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[2] 周芳泉, 成卫青.
基于全局增强图神经网络的序列推荐
Sequence Recommendation Based on Global Enhanced Graph Neural Network
计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085
[3] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[4] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[5] 郝志荣, 陈龙, 黄嘉成.
面向文本分类的类别区分式通用对抗攻击方法
Class Discriminative Universal Adversarial Attack for Text Classification
计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077
[6] 王润安, 邹兆年.
基于物理操作级模型的查询执行时间预测方法
Query Performance Prediction Based on Physical Operation-level Models
计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074
[7] 陈泳全, 姜瑛.
基于卷积神经网络的APP用户行为分析方法
Analysis Method of APP User Behavior Based on Convolutional Neural Network
计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[8] 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥.
基于注意力机制的医学影像深度哈希检索算法
Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism
计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[9] 檀莹莹, 王俊丽, 张超波.
基于图卷积神经网络的文本分类方法研究综述
Review of Text Classification Methods Based on Graph Convolutional Network
计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
[10] 闫佳丹, 贾彩燕.
基于双图神经网络信息融合的文本分类方法
Text Classification Method Based on Information Fusion of Dual-graph Neural Network
计算机科学, 2022, 49(8): 230-236. https://doi.org/10.11896/jsjkx.210600042
[11] 金方焱, 王秀利.
融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取
Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM
计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190
[12] 彭双, 伍江江, 陈浩, 杜春, 李军.
基于注意力神经网络的对地观测卫星星上自主任务规划方法
Satellite Onboard Observation Task Planning Based on Attention Neural Network
计算机科学, 2022, 49(7): 242-247. https://doi.org/10.11896/jsjkx.210500093
[13] 费星瑞, 谢逸.
基于HMM-NN的用户点击流识别
Click Streams Recognition for Web Users Based on HMM-NN
计算机科学, 2022, 49(7): 340-349. https://doi.org/10.11896/jsjkx.210600127
[14] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[15] 齐秀秀, 王佳昊, 李文雄, 周帆.
基于概率元学习的矩阵补全预测融合算法
Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning
计算机科学, 2022, 49(7): 18-24. https://doi.org/10.11896/jsjkx.210600126
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!