[1]TENG Nanjun,LU Huaxiang,JIN Min,et al.PG-RNN: a password-guessing model based on recurrent neural networks[J].CAAI Transactions on Intelligent Systems,2018,13(6):889-896.[doi:10.11992/tis.201712006]
Copy

PG-RNN: a password-guessing model based on recurrent neural networks

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 13 Number of periods: 2018 6 Page number: 889-896 Column: 学术论文—机器学习 Public date: 2018-10-25
Title:
PG-RNN: a password-guessing model based on recurrent neural networks
Author(s):
TENG Nanjun12 LU Huaxiang134 JIN Min1 YE Junbin12 LI Zhiyuan12
1. Institute of Semiconductors, Chinese Academy of Sciences, Beijing 100083, China;
2. University of Chinese Academy of Sciences, Beijing 100089, China;
3. Center for Excellence in Brain Science and Intelligence Technology, Chinese Academy of Sciences, Shanghai 200031, China;
4. Semiconductor Neural Network Intelligent Perception and Computing Technology Beijing Key Lab, Beijing 100083, China
Keywords:
password generationdeep learningrecurrent neural networksMarkovpassword guessing
CLC:
TP391
DOI:
10.11992/tis.201712006
Abstract:
Passwords are the most popular way of user ID authentication. However, it is rather difficult to obtain large-scale real text passwords. Generating large-scale password sets based on password-guessing techniques is a principal method to research password security, which can be applied to evaluate the efficiency of password-guessing algorithm and detect the defects of existing user-password protective mechanisms. In this paper, we propose a password guessing-based recurrent neural network (PG-RNN) model. Our model can directly and automatically infer the distribution characteristics and character rules from the data of password sets, which is different from the traditional password generating method based on manual design rule. Therefore, an RNN model that has been trained on a disclosed real user password set can generate passwords very close to the real data of the training set, which avoids the limitations of manual setting for password guessing. The results of our experiments show that PG-RNN can generate passwords closer to primitive data distribution more than Markov in password length and character structure categories. When evaluating on large password dataset, the proposed PG-RNN model matching outperforms that of PassGAN, which is based on generative adversarial networks, by more than 1.2%.
References:
[1] CASTELLUCCIA C, D?RMUTH M, PERITO D, et al. Adaptive password-strength meters from markov models[C]//Proceedings of the 19th Network & Distributed System Security Symposium. San Diego, United States, 2012.
[2] HASHCAT[EB/OL].[2017-10-12]. https://hashcat.net.
[3] John the Ripper password cracker[EB/OL].[2017-10-15]. http://www.openwall.com/john/.
[4] WEIR M, AGGARWAL S, DE MEDEIROS B, et al. Password cracking using probabilistic context-free grammars[C]//Proceedings of the 30th IEEE Symposium on Security and Privacy. Berkeley, USA, 2009:391-405.
[5] 韩伟力, 袁琅, 李思斯, 等. 一种基于样本的模拟口令集生成算法[J]. 计算机学报, 2017, 40(5):1151-1167 HAN Weili, YUAN Lang, LI Sisi, et al. An efficient algorithm to generate password sets based on samples[J]. Chinese journal of computers, 2017, 40(5):1151-1167
[6] MA J, YANG Weining, LUO Min, et al. A study of probabilistic password models[C]//Proceedings of 2014 IEEE Symposium on Security and Privacy. San Jose, USA, 2014:689-704.
[7] AMICO M D, MICHIARDI P, ROUDIER Y, et al. Password strength:an empirical analysis[C]//Proceedings of 2010 IEEE INFOCOM. San Diego, USA, 2010:1-9.
[8] GRAVES A. Generating sequences with recurrent neural networks[J]. Computer science, arXiv:1308. 0850, 2013.
[9] SUTSKEVER I, MARTENS J, HINTON G E, et al. Generating text with recurrent neural networks[C]//Proceedings of the 28th International Conference on Machine Learning. Bellevue, USA, 2011:1017-1024.
[10] Using neural networks for password cracking[OL/EB].[2017-10-15]. https://0day.work/using-neural-networks-for-password-cracking/.
[11] HITAJ B, GASTI P, ATENIESE G, et al. PassGAN:a deep learning approach for password guessing[J]. arXiv:1709.00440, 2017.
[12] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems. Montreal, Canada, 2014:2672-2680.
[13] MELICHER W, UR B, SEGRETI S M, et al. Fast, lean, and accurate:modeling password guessability using neural networks[C]//Proceedings of the 23rd USENIX Security Symposium. Austin, USA, 2016:175-191.
[14] HOCHREITER S, SCHMIDHUBER J. Long short-term memory[J]. Neural computation, 1997, 9(8):1735-1780.
[15] CHUNG J, GULCEHRE C, CHO K, et al. Empirical evaluation of gated recurrent neural networks on sequence modeling[J]. arXiv:1412.3555, 2014.
[16] KOLEN J, KREMER S. Gradient flow in recurrent nets:the difficulty of learning LongTerm dependencies[M].[S.l.]:Wiley-IEEE Press, 2001.
[17] BENGIO Y, SIMARD P, FRASCONI P. Learning long-term dependencies with gradient descent is difficult[J]. IEEE transactions on neural networks, 1994, 5(2):157-166.
[18] ROCKYOU[OL/EB].[2017-10-13]. http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2.
[19] YAHOO. Hackers expose 453, 000 credentials allegedly taken from Yahoo service (Updated)[EB/OL].[2012-07-12]. http://arstechnica.com/security/2012/07/yahoo-service-hacked/.
[20] MYSPACE. Information of 427 million MySpace accounts leaked, selling as a package at the price of 2800 dollars in black market[EB/OL].[2016-06-08]. https://www.wosign.com/english/News/myspace.html.
Similar References:

Memo

-

Last Update: 2018-12-25

Copyright © CAAI Transactions on Intelligent Systems