Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (1): 334-341.doi: 10.11896/jsjkx.211100001

• Information Security • Previous Articles     Next Articles

Password Guessing Model Based on Reinforcement Learning

LI Xiaoling1, WU Haotian1, ZHOU Tao1, LU Hui2   

  1. 1 School of Computer Science and Engineering,South China University of Technology,Guangzhou 510006,China
    2 Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou 510006,China
  • Received:2021-11-01 Revised:2022-03-27 Online:2023-01-15 Published:2023-01-09
  • About author:LI Xiaoling,born in 1998,postgra-duate.Her main research interests include deep learning based password guessing and so on.
    WU Haotian,born in 1980,Ph.D,asso-ciate professor.His main research intere-sts include information hiding,privacy preservation,password guessing and blockchain.
  • Supported by:
    R & D Project in Key Areas of Guangdong Province,China(2019B010137004) and Natural Science Foundation of Guangdong Province,China(2021A1515011798).

PDF (PC)

1306

Abstract: Password guessing is an important research direction in password security.Password guessing based on generative adversarial network(GAN) is a new method proposed in recent years,which guides the update of the generator according to evaluation results on passwords generated by the discriminator.Consequently,password guessing sets can be generated with trained GANs.However,the existing GAN-based password guessing models have low efficiency due to inadequate guidance of the discriminator to the generator.To solve this problem,an improved GAN password guessing model AC-Pass based on reinforcement learning Actor-Critic algorithm is proposed.The AC-Pass model guides the update of the generation strategy of the Actor network at each time step through the output rewards of the discriminator and the Critic network,and realizes the reinforce guidance of password sequence generation process.The proposed AC-Pass model is implemented on RockYou,LinkedIn and CSDN data sets and compared with PCFG model and the existing GANs-based password guessing models such as PassGAN and seqGAN.Results on homologous testing sets and heterologous testing sets indicate that password cracking rate of AC-Pass model on the guessing set is higher than that of PassGAN and seqGAN.Moreover,AC-Pass shows better guessing performance than PCFG when the password spatial distribution between the testing set and the training set is significant.In addition,the AC-Pass model has a large password output space.As the size of password guessing set increases,the cracking rate continues to rise.

Key words: Password guessing, Deep learning, Reinforcement learning, Actor-Critic algorithm, Generative adversarial network

CLC Number: 

  • TP309
[1]HAN W L,YUAN L,LI S S,et al.An Efficient Algorithm to Generate Password Sets Based on Samples[J].Chinese Journal of Computers,2017,40(5):1151-1167.
[2]LIU G S,QIU W D,MENG K,et al.Password Vulnerability Assessment and Recovery Based on Ruels Mined from Large-Scale Real Data[J].Chinese Journal of Computers,2016,39(3):454-467.
[3]XIE Z J,ZHANG M,LI Z H,et al.Analysis of Large-scale Real User Password Data Based on Cracking Algorithms[J].Computer Science,2020,47(11):48-54.
[4]WANG D,ZOU Y K,TAO Y,et al.Password Guessing Model Based on Recurrent Neural Networks and Generative Adversa-rial Networks[J].Chinese Journal of Computers,2021,44(8):1519-1534.
[5]YU L,ZHANG W,WANG J,et al.Seqgan:Sequence generative adversarial nets with policy gradient[C]//Proceedings of the AAAI Conference on Artificial Intelligence.2017,31(1),2852-2858.
[6]NARAYANAN A,SHMATIKOV V.Fast dictionary attacks on passwords using time-space tradeoff[C]//Proceedings of the 12th ACM Conference on Computer and communications security.2005:364-372.
[7]WEIR M,AGGARWAL S,DE MEDEIROS B,et al.Password cracking using probabilistic context-free grammars[C]//2009 30th IEEE Symposium on Security and Privacy.IEEE,2009:391-405.
[8]TANSEY W.Improved models for password guessing [EB/OL].https://www.semanticscholar.org/paper/ImprovedMo-dels-for-Password-Guessing-Tansey/3451ac7f102da12e1197c681b77d368ba3b19ac9.
[9]DÜRMUTH M,ANGELSTORF F,CASTELLUCCIA C,et al.OMEN:Faster password guessing using an ordered markov enumerator[C]//International Symposium on Engineering Secure Software and Systems.Cham:Springer,2015:119-132.
[10]HOUSHMAND S,AGGARWAL S,FLOOD R.Next gen PCFG password cracking [J].IEEE Transactions on Information Forensics and Security,2015,10(8):1776-1791.
[11]WANG D,WANG P.The emperor's new password creationpolicies[C]//European Symposium on Research in Computer Security.Cham:Springer,2015:456-477.
[12]LI Y,WANG H,SUN K.A study of personal information in human-chosen passwords and its security implications[C]//IEEE INFOCOM 2016-the 35th Annual IEEE International Confe-rence on Computer Communications.IEEE,2016:1-9.
[13]WANG D,ZHANG Z,WANG P,et al.Targeted online password guessing:An underestimated threat[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:1242-1254.
[14]MELICHER W,UR B,SEGRETI S M,et al.Fast,lean,and accurate:Modeling password guessability using neural networks[C]//25th {USENIX} Security Symposium({USENIX} Security 16).2016:175-191.
[15]XU L,GE C,QIU W,et al.Password guessing based on LSTM recurrent neural networks[C]//2017 IEEE International Conference on Computational Science and Engineering(CSE) and IEEE International Conference on Embedded and Ubiquitous Computing(EUC).IEEE,2017:785-788.
[16]XIA Z Y,YI P,LIU Y,et al.GENPass:A multi-source deeplearning model for password guessing[J].IEEE Transactions on Multimedia,2019,22(5):1323-1332.
[17]HITAJ B,GASTI P,ATENIESE G,et al.Passgan:A deeplearning approach for password guessing[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2019:217-237.
[18]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improvedtraining of wasserstein gans [J].arXiv:1704.00028,2017.
[19]NAM S,JEON S,KIM H,et al.Recurrent gans password cra-cker for iot password security enhancement [J].Sensors,2020,20(11):3106.
[20]PASQUINI D,GANGWAL A,ATENIESE G,et al.Improving password guessing via representation learning[C]//2021 IEEE Symposium on Security and Privacy(SP).IEEE,2021:1382-1399.
[21]MNIH V,KAVUKCUOGLU K,SILVER D,et al.Human-level control through deep reinforcement learning [J].Nature,2015,518(7540):529-533.
[22]SILVER D,LEVER G,HEESS N,et al.Deterministic policygradient algorithms[C]//International Conference on Machine Learning.PMLR,2014:387-395.
[23]KONDA V R,TSITSIKLIS J N.Actor-critic algorithms[C]//Advances in Neural Information Processing Systems.2000:1008-1014.
[24]LILLICRAP T P,HUNT J J,PRITZEL A,et al.Continuouscontrol with deep reinforcement learning [J].arXiv:1509.02971,2015.
[25]MNIH V,BADIA A P,MIRZA M,et al.Asynchronous methodsfor deep reinforcement learning[C]//International Conference on Machine Learning.PMLR,2016:1928-1937.
[26]YANG S M,SHAN Z,DING Y,et al.Survey of Research on Deep Reinforcement Learning[J].Computer Engineering,2021,47(12):19-29.
[27]LIN K,LI D,HE X,et al.Adversarial ranking for language ge-neration [J].arXiv:1705.11001,2017.
[28]FEDUS W,GOODFELLOW I,DAI A M.Maskgan:better text generation via filling in the_ [J].arXiv:1801.07736,2018.
[29]ZHANG X,LECUN Y.Text understanding from scratch [J].arXiv:1502.01710,2015.
[1] CAI Xiao, CEHN Zhihua, SHENG Bin. SPT:Swin Pyramid Transformer for Object Detection of Remote Sensing [J]. Computer Science, 2023, 50(1): 105-113.
[2] WANG Bin, LIANG Yudong, LIU Zhe, ZHANG Chao, LI Deyu. Study on Unsupervised Image Dehazing and Low-light Image Enhancement Algorithms Based on Luminance Adjustment [J]. Computer Science, 2023, 50(1): 123-130.
[3] LI Xuehui, ZHANG Yongjun, SHI Dianxi, XU Huachi, SHI Yanyan. AFTM:Anchor-free Object Tracking Method with Attention Features [J]. Computer Science, 2023, 50(1): 138-146.
[4] SUN Kaili, LUO Xudong , Michael Y.LUO. Survey of Applications of Pretrained Language Models [J]. Computer Science, 2023, 50(1): 176-184.
[5] HUANG Yuzhou, WANG Lisong, QIN Xiaolin. Bi-level Path Planning Method for Unmanned Vehicle Based on Deep Reinforcement Learning [J]. Computer Science, 2023, 50(1): 194-204.
[6] ZHENG Cheng, MEI Liang, ZHAO Yiyan, ZHANG Suhang. Text Classification Method Based on Bidirectional Attention and Gated Graph Convolutional Networks [J]. Computer Science, 2023, 50(1): 221-228.
[7] RONG Huan, QIAN Minfeng, MA Tinghuai, SUN Shengjie. Novel Class Reasoning Model Towards Covered Area in Given Image Based on InformedKnowledge Graph Reasoning and Multi-agent Collaboration [J]. Computer Science, 2023, 50(1): 243-252.
[8] ZHANG Qiyang, CHEN Xiliang, ZHANG Qiao. Sparse Reward Exploration Method Based on Trajectory Perception [J]. Computer Science, 2023, 50(1): 262-269.
[9] WEI Nan, WEI Xianglin, FAN Jianhua, XUE Yu, HU Yongyang. Backdoor Attack Against Deep Reinforcement Learning-based Spectrum Access Model [J]. Computer Science, 2023, 50(1): 351-361.
[10] ZHANG Jia, DONG Shou-bin. Cross-domain Recommendation Based on Review Aspect-level User Preference Transfer [J]. Computer Science, 2022, 49(9): 41-47.
[11] XU Yong-xin, ZHAO Jun-feng, WANG Ya-sha, XIE Bing, YANG Kai. Temporal Knowledge Graph Representation Learning [J]. Computer Science, 2022, 49(9): 162-171.
[12] RAO Zhi-shuang, JIA Zhen, ZHANG Fan, LI Tian-rui. Key-Value Relational Memory Networks for Question Answering over Knowledge Graph [J]. Computer Science, 2022, 49(9): 202-207.
[13] LIU Xing-guang, ZHOU Li, LIU Yan, ZHANG Xiao-ying, TAN Xiang, WEI Ji-bo. Construction and Distribution Method of REM Based on Edge Intelligence [J]. Computer Science, 2022, 49(9): 236-241.
[14] TANG Ling-tao, WANG Di, ZHANG Lu-fei, LIU Sheng-yun. Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy [J]. Computer Science, 2022, 49(9): 297-305.
[15] SUN Qi, JI Gen-lin, ZHANG Jie. Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection [J]. Computer Science, 2022, 49(8): 172-177.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.