计算机科学 ›› 2022, Vol. 49 ›› Issue (4): 354-361.doi: 10.11896/jsjkx.210300008
常庚1, 赵岚2, 陈文1
CHANG Geng1, ZHAO Lan2, CHEN Wen1
摘要: 当前,口令仍然是重要的用户身份认证方式,使用有效的口令猜测方法来提高口令攻击的命中率是研究口令安全的主要方法之一。近年来,研究人员提出使用神经网络LSTM来实现口令猜测,并证实其命中率优于传统的PCFG口令猜测模型等。然而,传统LSTM模型存在序列长度选择困难的问题,无法学习到不同长度序列之间的关系。文中收集了大规模口令集合,通过对用户口令构造行为以及用户设置口令的偏好进行分析发现,用户个人信息对口令设置有重要影响。接着提出了多序列长度LSTM的口令猜测方法MLSTM(Multi-LSTM),同时将个人信息应用到漫步口令猜测,以进一步提高猜测命中率。实验结果表明,与PCFG相比,MLSTM的命中率最多提升了68.2%,与传统LSTM和三阶马尔可夫相比,MLSTM命中率的增加范围分别是7.6%~42.1%和23.6%~65.2%。
中图分类号:
[1] BIDDLE R,CHIASSON S,VAN OORSCHOT P C.Graphical passwords:Learning from the first twelve years[J].ACM Computing Surveys (CSUR),2012,44(4):19. [2] VAN DER PUTTE T,KEUNING J.Biometrical fingerprintrecognition:don’t get your fingers burned[C]//Smart Card Research and Advanced Applications.Boston:Springer,2000:289-303. [3] ZHAO W,CHELLAPPA R,PHILLIPS P J,et al.Face recognition:A literature survey[J].ACM Computing Surveys,2003,35(4):399-458. [4] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.Passwords and the Evolution of Imperfect Authentication[J].Communications of the ACM,2015,58(7):78-87. [5] WANG P,WANG D,HUANG X.Advances in password security[J].Computer Research and Development,2016,53(10):2173-2188. [6] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.The quest to replace passwords:A framework for comparative evaluation of web authentication schemes[C]//2012 IEEE Sympo-sium on Security and Privacy.2012:553-567. [7] Hashcat[OL].https://hashcat.net/oclhashcat/. [8] PESLYAK A.John the Ripper[OL].http://www.openwall.com/ john/. [9] NARAYANAN A,SHMATIKOV V.Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security(CCS2005).Alexandria,VA,USA:ACM,2005:7-11. [10] WEIR M,AGGARWAL S,DE MEDEIROS B,et al.Password cracking using probabilistic context-free grammars[C]//2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405. [11] MELICHER W,UR B,SEGRETI S M,et al.Fast,lean,and accurate:Modeling password guessability using neural networks[C]//Proceedings of USENIX Security.2016. [12] HITAJ B,GASTI P,ATENIESE G,et al.Passgan:A deep learning approach for password guessing[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2019:217-237. [13] MA J,YANG W,LUO M,et al.A study of probabilistic password models[C]//2014 IEEE Symposium on Security and Privacy.IEEE,2014:689-704. [14] WANG D,ZHANG Z,WANG P,et al.Targeted Online Password Guessing:An Underestimated Threat[C]//ACM CCS.2016. [15] DELL’AMICO M,MICHIARDI P,ROUDIER Y.MeasuringPassword Strength:An Empirical Analysis[J].arXiv:0907.3402,2009. [16] LI Z,HAN W,XU W.A Large-Scale Empirical Analysis of Chinese Web Passwords[C]//Usenix Conference on Security Symposium.USENIX Association,2014. [17] VERAS R,COLLINS C,THORPE J.On the Semantic Patterns of Passwords and their Security Impact[C]//Network & Distributed System Security Symposium.2014. [18] HOUSHMAND S,AGGARWAL S,FLOOD R.Next GenPCFG Password Cracking[J].IEEE Transactions on Information Forensics & Security,2017,10(8):1776-1791. [19] LI Y,WANG H,SUN K.A study of personal information in human-chosen passwords and its security implications. [C]//IEEE Conference on Computer Communications(INFOCOM 2016). Communications(INFOCOM 2016).IEEE,2016. [20] HRANICKÝ R, LIŠTIAK F, MIKUŠ D,et al.On practical aspects of PCFG password cracking[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2019:43-60. [21] SUTSKEVER I,MARTENS J,HINTON G E.Generating Text with Recurrent Neural Networks[C]//International Conference on Machine Learning.DBLP,2016. [22] GRAVE A.Generating sequences with recurrent neural net-works[J].arXiv:1308.0850,2013. [23] SUNDERMEYER M,SCHLÜTER R,NEY H.LSTM Neural Networks for Language Modeling[C]//Interspeech.2012. [24] MIRZA M, OSINDERO S.Conditional generative adversarial nets[J].arXiv:1411.1784,2014. [25] NAM S,JEON S,KIM H,et al.Recurrent GANs PasswordCracker For IoT Password Security Enhancement[J].Sensors,2020,20(11):3106. [26] XIA Z Y,YI P,LIU Y Y,et al.GENPass:A Multi-Source Deep Learning Model for Password Guessing[J].IEEE Transactions on Multimedia,2019,22(5):1323-1332. [27] WANG D,CHENG H,WANG P,et al.Zipf’s Law in Passwords[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2776-2791. [28] 12306[OL].http://www.12306.com/. [29] 7k7k[OL].http://www.7k7k.com/. [30] 178[OL].http://www.178.com/. [31] csdn[OL].http://www.csdn.net/. [32] https://github.com/wainshine/Chinese-Names-Corpus. [33] The Sixth National Census [EB/OL].(2012-02-28).http://www.stats.gov.cn/ztjc/zdtjgz/zgrkpc/dlcrkpc/. [34] gmail[OL].http://gmail.google.com. [35] yahoo[OL].http://www.yahoo.com. [36] XIE Z J,ZHANG M,LI Z H, et al.Analysis of Large-scale Real User Password Data Based on Cracking Algorithms[J].Computer Science,2020,47(11):48-54. [37] LI B,ZHOU Q L,SI X M,et al.Optimized Implementation of Office Password Recovery Based on FPGA Cluster[J].Compu-ter Science,2020,47(11):32-41. |
[1] | 宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053 |
[2] | 周芳泉, 成卫青. 基于全局增强图神经网络的序列推荐 Sequence Recommendation Based on Global Enhanced Graph Neural Network 计算机科学, 2022, 49(9): 55-63. https://doi.org/10.11896/jsjkx.210700085 |
[3] | 周乐员, 张剑华, 袁甜甜, 陈胜勇. 多层注意力机制融合的序列到序列中国连续手语识别和翻译 Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion 计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026 |
[4] | 李宗民, 张玉鹏, 刘玉杰, 李华. 基于可变形图卷积的点云表征学习 Deformable Graph Convolutional Networks Based Point Cloud Representation Learning 计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023 |
[5] | 郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077 |
[6] | 王润安, 邹兆年. 基于物理操作级模型的查询执行时间预测方法 Query Performance Prediction Based on Physical Operation-level Models 计算机科学, 2022, 49(8): 49-55. https://doi.org/10.11896/jsjkx.210700074 |
[7] | 陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121 |
[8] | 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥. 基于注意力机制的医学影像深度哈希检索算法 Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism 计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153 |
[9] | 檀莹莹, 王俊丽, 张超波. 基于图卷积神经网络的文本分类方法研究综述 Review of Text Classification Methods Based on Graph Convolutional Network 计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064 |
[10] | 闫佳丹, 贾彩燕. 基于双图神经网络信息融合的文本分类方法 Text Classification Method Based on Information Fusion of Dual-graph Neural Network 计算机科学, 2022, 49(8): 230-236. https://doi.org/10.11896/jsjkx.210600042 |
[11] | 金方焱, 王秀利. 融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取 Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM 计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190 |
[12] | 彭双, 伍江江, 陈浩, 杜春, 李军. 基于注意力神经网络的对地观测卫星星上自主任务规划方法 Satellite Onboard Observation Task Planning Based on Attention Neural Network 计算机科学, 2022, 49(7): 242-247. https://doi.org/10.11896/jsjkx.210500093 |
[13] | 费星瑞, 谢逸. 基于HMM-NN的用户点击流识别 Click Streams Recognition for Web Users Based on HMM-NN 计算机科学, 2022, 49(7): 340-349. https://doi.org/10.11896/jsjkx.210600127 |
[14] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[15] | 齐秀秀, 王佳昊, 李文雄, 周帆. 基于概率元学习的矩阵补全预测融合算法 Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning 计算机科学, 2022, 49(7): 18-24. https://doi.org/10.11896/jsjkx.210600126 |
|