Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (4): 354-361.doi: 10.11896/jsjkx.210300008

• Information Security • Previous Articles     Next Articles

MLSTM:A Password Guessing Method Based on Multiple Sequence Length LSTM

CHANG Geng1, ZHAO Lan2, CHEN Wen1   

  1. 1 School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China;
    2 Southwest China Research Institute of Electronic Equipment, Chengdu 610036, China
  • Received:2021-03-01 Revised:2021-07-19 Published:2022-04-01
  • About author:CHANG Geng,born in 1998,postgra-duate.His main research interests include password security and deep lear-ning.CHEN Wen,born in 1983,Ph.D,asso-ciate professor,master supervisor,is a member of China Computer Federation.His main research interests include network security and data mining.
  • Supported by:
    This work was supported by the National Key R&D Program of China(2019QY0800) and National Natural Science Foundation of China(61872255).

PDF (PC)

636

Abstract: Password is one of the most important methods of user authentication.Using effective password guessing methods to improve the hit rate of password attacks is the main approach to study password security.In recent years, researchers have proposed to use long short-term memory (LSTM) neural network to guess password and have demonstrated it is superior to traditional password guessing models, such as Markov model and PCFG(probabilistic context free text) model.However, the traditional LSTM model has the problem that it is hard to select the length of the sequence and cannot learn the relationship between different length sequences.This paper collects large-scale password sets and analyzes the user's password construction behaviors and the preference for passwords setting, and finds that the user's personal information has important influences on the password settings.Then a multiple sequence lengths of LSTM password guessing model MLSTM(Multi-LSTM) is proposed and the personal information is applied to trawling guessing.Experimental results demonstrate that compared with PCFG, the cracking rate is increased by 68.2% at most.While compared with traditional LSTM and 3th-order Markov, the hit rates are increased by 7.6%~42.1% and 23.6%~65.2% respectively.

Key words: Neural network, Password analysis, Password guessing, Password security, User information

CLC Number: 

  • TP309
[1] BIDDLE R,CHIASSON S,VAN OORSCHOT P C.Graphical passwords:Learning from the first twelve years[J].ACM Computing Surveys (CSUR),2012,44(4):19.
[2] VAN DER PUTTE T,KEUNING J.Biometrical fingerprintrecognition:don’t get your fingers burned[C]//Smart Card Research and Advanced Applications.Boston:Springer,2000:289-303.
[3] ZHAO W,CHELLAPPA R,PHILLIPS P J,et al.Face recognition:A literature survey[J].ACM Computing Surveys,2003,35(4):399-458.
[4] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.Passwords and the Evolution of Imperfect Authentication[J].Communications of the ACM,2015,58(7):78-87.
[5] WANG P,WANG D,HUANG X.Advances in password security[J].Computer Research and Development,2016,53(10):2173-2188.
[6] BONNEAU J,HERLEY C,VAN OORSCHOT P C,et al.The quest to replace passwords:A framework for comparative evaluation of web authentication schemes[C]//2012 IEEE Sympo-sium on Security and Privacy.2012:553-567.
[7] Hashcat[OL].https://hashcat.net/oclhashcat/.
[8] PESLYAK A.John the Ripper[OL].http://www.openwall.com/ john/.
[9] NARAYANAN A,SHMATIKOV V.Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security(CCS2005).Alexandria,VA,USA:ACM,2005:7-11.
[10] WEIR M,AGGARWAL S,DE MEDEIROS B,et al.Password cracking using probabilistic context-free grammars[C]//2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405.
[11] MELICHER W,UR B,SEGRETI S M,et al.Fast,lean,and accurate:Modeling password guessability using neural networks[C]//Proceedings of USENIX Security.2016.
[12] HITAJ B,GASTI P,ATENIESE G,et al.Passgan:A deep learning approach for password guessing[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2019:217-237.
[13] MA J,YANG W,LUO M,et al.A study of probabilistic password models[C]//2014 IEEE Symposium on Security and Privacy.IEEE,2014:689-704.
[14] WANG D,ZHANG Z,WANG P,et al.Targeted Online Password Guessing:An Underestimated Threat[C]//ACM CCS.2016.
[15] DELL’AMICO M,MICHIARDI P,ROUDIER Y.MeasuringPassword Strength:An Empirical Analysis[J].arXiv:0907.3402,2009.
[16] LI Z,HAN W,XU W.A Large-Scale Empirical Analysis of Chinese Web Passwords[C]//Usenix Conference on Security Symposium.USENIX Association,2014.
[17] VERAS R,COLLINS C,THORPE J.On the Semantic Patterns of Passwords and their Security Impact[C]//Network & Distributed System Security Symposium.2014.
[18] HOUSHMAND S,AGGARWAL S,FLOOD R.Next GenPCFG Password Cracking[J].IEEE Transactions on Information Forensics & Security,2017,10(8):1776-1791.
[19] LI Y,WANG H,SUN K.A study of personal information in human-chosen passwords and its security implications.
[C]//IEEE Conference on Computer Communications(INFOCOM 2016). Communications(INFOCOM 2016).IEEE,2016.
[20] HRANICKÝ R, LIŠTIAK F, MIKUŠ D,et al.On practical aspects of PCFG password cracking[C]//IFIP Annual Conference on Data and Applications Security and Privacy.Cham:Springer,2019:43-60.
[21] SUTSKEVER I,MARTENS J,HINTON G E.Generating Text with Recurrent Neural Networks[C]//International Conference on Machine Learning.DBLP,2016.
[22] GRAVE A.Generating sequences with recurrent neural net-works[J].arXiv:1308.0850,2013.
[23] SUNDERMEYER M,SCHLÜTER R,NEY H.LSTM Neural Networks for Language Modeling[C]//Interspeech.2012.
[24] MIRZA M, OSINDERO S.Conditional generative adversarial nets[J].arXiv:1411.1784,2014.
[25] NAM S,JEON S,KIM H,et al.Recurrent GANs PasswordCracker For IoT Password Security Enhancement[J].Sensors,2020,20(11):3106.
[26] XIA Z Y,YI P,LIU Y Y,et al.GENPass:A Multi-Source Deep Learning Model for Password Guessing[J].IEEE Transactions on Multimedia,2019,22(5):1323-1332.
[27] WANG D,CHENG H,WANG P,et al.Zipf’s Law in Passwords[J].IEEE Transactions on Information Forensics and Security,2017,12(11):2776-2791.
[28] 12306[OL].http://www.12306.com/.
[29] 7k7k[OL].http://www.7k7k.com/.
[30] 178[OL].http://www.178.com/.
[31] csdn[OL].http://www.csdn.net/.
[32] https://github.com/wainshine/Chinese-Names-Corpus.
[33] The Sixth National Census [EB/OL].(2012-02-28).http://www.stats.gov.cn/ztjc/zdtjgz/zgrkpc/dlcrkpc/.
[34] gmail[OL].http://gmail.google.com.
[35] yahoo[OL].http://www.yahoo.com.
[36] XIE Z J,ZHANG M,LI Z H, et al.Analysis of Large-scale Real User Password Data Based on Cracking Algorithms[J].Computer Science,2020,47(11):48-54.
[37] LI B,ZHOU Q L,SI X M,et al.Optimized Implementation of Office Password Recovery Based on FPGA Cluster[J].Compu-ter Science,2020,47(11):32-41.
[1] ZHOU Fang-quan, CHENG Wei-qing. Sequence Recommendation Based on Global Enhanced Graph Neural Network [J]. Computer Science, 2022, 49(9): 55-63.
[2] ZHOU Le-yuan, ZHANG Jian-hua, YUAN Tian-tian, CHEN Sheng-yong. Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion [J]. Computer Science, 2022, 49(9): 155-161.
[3] NING Han-yang, MA Miao, YANG Bo, LIU Shi-chang. Research Progress and Analysis on Intelligent Cryptology [J]. Computer Science, 2022, 49(9): 288-296.
[4] HAO Zhi-rong, CHEN Long, HUANG Jia-cheng. Class Discriminative Universal Adversarial Attack for Text Classification [J]. Computer Science, 2022, 49(8): 323-329.
[5] WANG Run-an, ZOU Zhao-nian. Query Performance Prediction Based on Physical Operation-level Models [J]. Computer Science, 2022, 49(8): 49-55.
[6] CHEN Yong-quan, JIANG Ying. Analysis Method of APP User Behavior Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(8): 78-85.
[7] ZHU Cheng-zhang, HUANG Jia-er, XIAO Ya-long, WANG Han, ZOU Bei-ji. Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism [J]. Computer Science, 2022, 49(8): 113-119.
[8] YAN Jia-dan, JIA Cai-yan. Text Classification Method Based on Information Fusion of Dual-graph Neural Network [J]. Computer Science, 2022, 49(8): 230-236.
[9] QI Xiu-xiu, WANG Jia-hao, LI Wen-xiong, ZHOU Fan. Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning [J]. Computer Science, 2022, 49(7): 18-24.
[10] YANG Bing-xin, GUO Yan-rong, HAO Shi-jie, Hong Ri-chang. Application of Graph Neural Network Based on Data Augmentation and Model Ensemble in Depression Recognition [J]. Computer Science, 2022, 49(7): 57-63.
[11] ZHANG Ying-tao, ZHANG Jie, ZHANG Rui, ZHANG Wen-qiang. Photorealistic Style Transfer Guided by Global Information [J]. Computer Science, 2022, 49(7): 100-105.
[12] DAI Zhao-xia, LI Jin-xin, ZHANG Xiang-dong, XU Xu, MEI Lin, ZHANG Liang. Super-resolution Reconstruction of MRI Based on DNGAN [J]. Computer Science, 2022, 49(7): 113-119.
[13] LIU Yue-hong, NIU Shao-hua, SHEN Xian-hao. Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network [J]. Computer Science, 2022, 49(7): 127-131.
[14] XU Ming-ke, ZHANG Fan. Head Fusion:A Method to Improve Accuracy and Robustness of Speech Emotion Recognition [J]. Computer Science, 2022, 49(7): 132-141.
[15] PENG Shuang, WU Jiang-jiang, CHEN Hao, DU Chun, LI Jun. Satellite Onboard Observation Task Planning Based on Attention Neural Network [J]. Computer Science, 2022, 49(7): 242-247.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.