[1]刘志勇,何道敬,成嘉轩,等.大语言模型驱动的口令管理系统优化与实践[J].智能系统学报,2026,21(1):257-271.[doi:10.11992/tis.202504017]
 LIU Zhiyong,HE Daojing,CHENG Jiaxuan,et al.Optimization and practice of password management system driven by large language models[J].CAAI Transactions on Intelligent Systems,2026,21(1):257-271.[doi:10.11992/tis.202504017]
点击复制

大语言模型驱动的口令管理系统优化与实践

《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷: 21 期数: 2026年第1期 页码: 257-271 栏目: 人工智能院长论坛 出版日期: 2026-03-05
Title:
Optimization and practice of password management system driven by large language models
作者:
刘志勇1,2, 何道敬2, 成嘉轩1, 陈志雄3, 梁承东1, 彭世强1
1. 广州竞远安全技术股份有限公司, 广东 广州 510641;
2. 哈尔滨工业大学(深圳) 计算机科学与技术学院, 广东 深圳 518055;
3. 香港城市大学 电气工程学院, 香港 999077
Author(s):
LIU Zhiyong1,2, HE Daojing2, CHENG Jiaxuan1, CHEN Zhixiong3, LIANG Chengdong1, PENG Shiqiang1
1. Guangzhou Jingyuan Security Technology Co., Ltd., Guangzhou 510641, China;
2. Department of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen 518055, China;
3. Department of Electrical Engineering, City University of Hong Kong, Hong Kong 999077, China
关键词:
网络安全密码管理身份认证人工智能大语言模型口令管理系统口令破解口令强度计口令生成器
Keywords:
network securitypassword managementauthenticationartificial intelligencelarge language modelpassword management systempassword crackingpassword strength meterpassword generator
分类号:
TP304
DOI:
10.11992/tis.202504017
摘要:
随着互联网服务的增多,口令管理成为一大挑战。尽管口令管理系统是安全的解决方案,但其可用性受到口令强度评估器和非随机口令生成器设计缺陷的制约,导致口令评估不准确、生成口令强度不足且难以记忆。为解决这些问题,提出了一种基于大语言模型的口令管理系统优化方案。该方案结合微调技术与检索增强生成技术,设计了专门针对口令安全的大语言模型,能够有效识别脆弱口令并提取深层语义特征。同时,创新的非随机口令生成器框架提升了生成口令的强度和易记忆性。通过改进的Zxcvbn算法和口令猜测模型,优化了口令强度评估器的准确性。该方案显著提高了口令管理系统的可用性,促进了其在实际应用中的普及。
Abstract:
As the number of internet services continues to grow, password management has become a significant challenge. Although password management system (PMS) provide secure solutions, their usability is limited by design flaws in password strength meters (PSM) and non-random password generators (NRPG), leading to inaccurate password assessments, insufficient password strength, and poor memorability. To address these issues, this paper proposes an optimization scheme for PMS based on large language model (LLM). The proposed approach combines fine-tuning techniques with retrieval-augmented generation, creating a specialized LLM model for password security that can effectively identify weak passwords and extract deep semantic features. Meanwhile, an innovative NRPG framework enhances both password strength and memorability. The accuracy of the PSM is optimized through an improved Zxcvbn algorithm and password guessing model. This solution significantly enhances the usability of PMS and promotes its widespread adoption in practical applications.
参考文献/References:
[1] PEARMAN S, ZHANG Shikun, BAUER L, et al. Why people (don’t) use password managers effectively[C]//Fifteenth symposium on usable privacy and security. Santa Clara: [s. n. ], 2019: 319-338.
[2] F?BREGA A, NAMAVARI A, AGARWAL R, et al. Exploiting leakage in password managers via injection attacks[EB/OL]. (2024-08-13)[2025-04-23]. https://arxiv.org/abs/2408.07054.
[3] 娄峰, 韩超. 数据中心用户管理系统的设计与实现[J]. 铁路计算机应用, 2022, 31(4): 65-69 LOU Feng, HAN Chao. Design and implementation of data center user management system[J]. Railway computer application, 2022, 31(4): 65-69
[4] 孙亮, 陈小春, 鲍天明, 等. 面向多处理器的内网计算机BIOS口令集中管理机制研究[J]. 信息安全与通信保密, 2021, 19(2): 63-74 SUN Liang, CHEN Xiaochun, BAO Tianming, et al. Research on centralized management mechanism of BIOS password of intranet computer for multiprocessor[J]. Information security and communications privacy, 2021, 19(2): 63-74
[5] GLORY F Z, UL AFTAB A, TREMBLAY-SAVARD O, et al. Strong password generation based on user inputs[C]//2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference. Piscataway: IEEE, 2019: 416-423.
[6] OESCH S, RUOTI S. That was then, this is now: a security evaluation of password generation, storage, and autofill in thirteen password managers[EB/OL]. (2019-08-09)[2025-04-23]. https://arxiv.org/abs/1908.03296.
[7] GOLLA M, D?RMUTH M. On the accuracy of password strength meters[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018: 1567-1582.
[8] PATEL S, MADISETTI V K. PhishGuard: integrating fine-tuned large language models (LLMs) into password management[J]. Journal of information security, 2024, 15(4): 474-493
[9] LI Hang, CHEN Mengqi, YAN Shengbo, et al. Password guessing via neural language modeling[M]//Machine Learning for Cyber Security. Cham: Springer International Publishing, 2019: 78-93.
[10] PAL B, DANIEL T, CHATTERJEE R, et al. Beyond credential stuffing: password similarity models using neural networks[C]//2019 IEEE Symposium on Security and Privacy. [S. l. ]: IEEE, 2019: 417-434.
[11] PASQUINI D, CIANFRIGLIA M, ATENIESE G, et al. Reducing bias in modeling real-world password strength via deep learning and dynamic dictionaries[C]//30th USENIX Security Symposium. [S. l. ]: USENIX, 2020.
[12] XU Ming, YU Jitao, ZHANG Xinyi, et al. Improving real-world password guessing attacks via bi-directional transformers[C]//32nd USENIX Security Symposium. [S. l. ]: USENIX, 2023: 1001-1018.
[13] HITAJ B, GASTI P, ATENIESE G, et al. PassGAN: a deep learning approach for password guessing[M]//Applied Cryptography and Network Security. Cham: Springer International Publishing, 2019: 217-237.
[14] RANDO J, PEREZ-CRUZ F, HITAJ B. PassGPT: password modeling and (guided) generation with large language models[C]//Computer Security–ESORICS 2023. Cham: Springer, 2024: 164-183.
[15] GEWIDA M, QU Yanzhen. Enhancing IoT security: predicting password vulnerability and providing dynamic recommendations using machine learning and large language models[J]. European journal of electrical engineering and computer science, 2025, 9(1): 8-16
[16] KAGNICI O, BISGIN H, ULUDAG S. Evaluating the efficacy of GPT-based password generation on real world data[C]//2025 1st International Conference on Secure IoT, Assured and Trusted Computing (SATC). Piscataway: IEEE, 2025: 1-5.
[17] GE Yingqiang, HUA Wenyue, MEI Kai, et al. OpenAGI: when LLM meets domain experts[J]. Advances in neural information processing systems, 2023, 36: 5539-5568
[18] AN Shengnan, CHEN Weizhu, LIN Zeqi, et al. Make your LLM fully utilize the context[C]//Advances in Neural Information Processing Systems 37. New Orleans: NeurIPS, 2024: 62160-62188.
[19] XU Haoruo, ZHANG Ning, YIN Zhenyu, et al. GeoLLM: a specialized large language model framework for intelligent geotechnical design[J]. Computers and geotechnics, 2025, 177: 106849
[20] MUNYENDO C W, MAYER P, AVIV A J. “I just stopped using one and started using the other”: Motivations, Techniques, and Challenges When Switching Password Managers[C]//Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2023: 3123-3137.
[21] MURMU S, KASYAP H, TRIPATHY S. PassMon: a technique for password generation and strength estimation[J]. Journal of network and systems management, 2021, 30(1): 13
[22] HOUSHMAND S, AGGARWAL S. Building better passwords using probabilistic techniques[C]//Proceedings of the 28th Annual Computer Security Applications Conference. New York: ACM, 2012: 109-118.
[23] 栗会峰, 李铁成, 姚启桂, 等. 基于形态学的电力系统弱口令深度学习检测方案[J]. 计算机应用与软件, 2024, 41(10): 379-385 LI Huifeng, LI Tiecheng, YAO Qigui, et al. Weak password deep learning detection scheme for power system based on morphology[J]. Computer applications and software, 2024, 41(10): 379-385
[24] BONNEAU J. The science of guessing: analyzing an anonymized corpus of 70 million passwords[C]//2012 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2012: 538-552.
[25] WHEELER D L. Zxcvbn: Low-budget password strength Estimation[C]//USENIX Security Symposium. [S. l. ]: USENIX, 2016: 157-173.
[26] DOUCEK P, PAVL??EK L, SEDL??EK J, et al. Adaptation of password strength estimators to a non-English environment: the Czech experience[J]. Computers & security, 2020, 95: 101757
[27] MELICHER W, UR B, KOMANDURI S, et al. Fast, lean, and accurate: modeling password guessability using neural networks[C]//USENIX Annual Technical Conference. [S. l. ]: USENIX, 2016.
[28] PEREIRA D, FERREIRA J F, MENDES A. Evaluating the accuracy of password strength meters using off-the-shelf guessing attacks[C]//2020 IEEE International Symposium on Software Reliability Engineering Workshops. Piscataway: IEEE, 2021: 237-242.
[29] 岳增营, 叶霞, 刘睿珩. 基于语言模型的预训练技术研究综述[J]. 中文信息学报, 2021, 35(9): 15-29 YUE Zengying, YE Xia, LIU Ruiheng. A review of pre-training technology based on language model[J]. Journal of Chinese information processing, 2021, 35(9): 15-29
[30] 邱玉祥, 蔡艳, 陈霖, 等. 基于自回归神经网络的多维时间序列分析[J]. 吉林大学学报(理学版), 2022, 60(5): 1143-1152 QIU Yuxiang, CAI Yan, CHEN Lin, et al. Multidimensional time series analysis based on autoregressive neural network[J]. Journal of Jilin university (science edition), 2022, 60(5): 1143-1152
[31] RIQUELME C, PUIGCERVER J, MUSTAFA B, et al. Scaling vision with sparse mixture of experts[EB/OL]. (2021-06-10)[2025-04-23]. https://arxiv.org/abs/2106.05974.
[32] OYMAK S, RAWAT A S, SOLTANOLKOTABI M, et al. On the role of attention in prompt-tuning[C]//International Conference on Machine Learning. Hangzhou: ACM, 2023.
[33] DEVALAL S, KARTHIKEYAN A. LoRa technology - an overview[C]//2018 Second International Conference on Electronics, Communication and Aerospace Technology. Piscataway: IEEE, 2018: 284-290.
[34] CHAUDHARI S, AGGARWAL P, MURAHARI V, et al. RLHF deciphered: a critical analysis of reinforcement learning from human feedback for LLMs[J]. ACM computing surveys, 2026, 58(2): 1-37
[35] 张钦彤, 王昱超, 王鹤羲, 等. 大语言模型微调技术的研究综述[J]. 计算机工程与应用, 2024, 60(17): 17-33 ZHANG Qintong, WANG Yuchao, WANG Hexi, et al. A survey of fine-tuning techniques for large language models[J]. Computer engineering and applications, 2024, 60(17): 17-33
[36] MATSUZAKI T, MIYAO Y, TSUJII J. Probabilistic CFG with latent annotations[C]//Proceedings of the 43rd Annual Meeting on Association for Computational Linguistics-ACL ’05. Morristown: ACL, 2005: 75-82.
[37] 王辰成, 杨麟儿, 王莹莹, 等. 基于Transformer增强架构的中文语法纠错方法[J]. 中文信息学报, 2020, 34(6): 106-114 WANG Chencheng, YANG Liner, WANG Yingying, et al. Chinese grammar error correction method based on transformer enhanced architecture[J]. Journal of Chinese information processing, 2020, 34(6): 106-114
[38] HE Daojing, LIU Zhiyong, ZHU Shanshan, et al. Special characters usage and its effect on password security[J]. IEEE Internet of things journal, 2024, 11(11): 19440-19453
[39] HE Daojing, LIU Zhiyong, ZHOU Beibei, et al. The impact of digit semantic patterns on password security[J]. IEEE transactions on dependable and secure computing, 2025, 3639170.
[40] HE Daojing, LIU Zhiyong, ZHU Shanshan, et al. Exploiting semantics of special characters to strengthen passwords[J]. IEEE transactions on dependable and secure computing, 2025, 3608956.
[41] DEY R, SALEM F M. Gate-variants of gated recurrent unit (GRU) neural networks[C]//2017 IEEE 60th International Midwest Symposium on Circuits and Systems. Piscataway: IEEE, 2017: 1597-1600.
[42] 杨观赐, 杨静, 李少波, 等. 基于Dopout与ADAM优化器的改进CNN算法[J]. 华中科技大学学报(自然科学版), 2018, 46(7): 122-127 YANG Guanci, YANG Jing, LI Shaobo, et al. Improved CNN algorithm based on dopout and ADAM optimizer[J]. Journal of Huazhong University of science and technology (nature science edition), 2018, 46(7): 122-127
[43] 刘建昌, 李飞, 王洪海, 等. 进化高维多目标优化算法研究综述[J]. 控制与决策, 2018, 33(5): 879-887 LIU Jianchang, LI Fei, WANG Honghai, et al. Review on evolutionary high-dimensional multi-objective optimization algorithms[J]. Control and decision, 2018, 33(5): 879-887
[44] 王春柳, 杨永辉, 邓霏, 等. 文本相似度计算方法研究综述[J]. 情报科学, 2019, 37(3): 158-168 WANG Chunliu, YANG Yonghui, DENG Fei, et al. Summary of research on text similarity calculation methods[J]. Information science, 2019, 37(3): 158-168
相似文献/References:
[1]秦娅,申国伟,余红星.基于Hadoop的大规模网络安全实体识别方法[J].智能系统学报,2019,14(5):1017.[doi:10.11992/tis.201809024]
 QIN Ya,SHEN Guowei,YU Hongxing.Large-scale network security entity recognition method based on Hadoop[J].CAAI Transactions on Intelligent Systems,2019,14():1017.[doi:10.11992/tis.201809024]
[2]丁俐夫,颜钢锋.多智能体系统安全性问题及防御机制综述[J].智能系统学报,2020,15(3):425.[doi:10.11992/tis.201812015]
 DING Lifu,YAN Gangfeng.A survey of the security issues and defense mechanisms of multi-agent systems[J].CAAI Transactions on Intelligent Systems,2020,15():425.[doi:10.11992/tis.201812015]
[3]常利伟,田晓雄,张宇青,等.基于多源异构数据融合的网络安全态势评估体系[J].智能系统学报,2021,16(1):38.[doi:10.11992/tis.202006053]
 CHANG Liwei,TIAN Xiaoxiong,ZHANG Yuqing,et al.Network security situation assessment architecture based on multi-source heterogeneous data fusion[J].CAAI Transactions on Intelligent Systems,2021,16():38.[doi:10.11992/tis.202006053]

备注/Memo

收稿日期:2025-4-23。
基金项目:国家自然科学基金项目(62376074); 国家重点研发计划项目(2024YFE0215300); 深圳市科技计划项目(KJZD20240903100505007, SGDX20230116091244004,JSGGKQTD20221101115655027).
作者简介:刘志勇,博士研究生,主要研究方向为网络安全。发表学术论文4篇。E-mail:liuzhiyong0513@163.com。;何道敬,教授、博士生导师,哈尔滨工业大学(深圳)计算机学院副院长、哈尔滨工业大学(深圳)计算与智能研究院常务副院长。连续多年被评选为“爱思唯尔”中国高被引学者及全球前2%顶尖科学家。E-mail:hedaojinghit@163.com。;成嘉轩,硕士,主要研究方向为信息安全与AI安全,并参与了多项网络安全标准的制定,持有CISSP认证。发表学术论文4篇。E-mail:lssn1000@163.com。
通讯作者:何道敬. E-mail:hedaojinghit@163.com

更新日期/Last Update: 2026-01-05
Copyright © 《 智能系统学报》 编辑部
地址:(150001)黑龙江省哈尔滨市南岗区南通大街145-1号楼 电话:0451- 82534001、82518134 邮箱:tis@vip.sina.com