【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 6397次   下载 7738 本文二维码信息
码上扫一扫!
基于神经网络的定向口令猜测研究
周环,刘奇旭,崔翔,张方娇
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100093;中国科学院大学网络空间安全学院 北京 中国 100049;中国科学院信息工程研究所 北京 中国 100093;广州大学网络空间先进技术研究院 广州 中国 510006)
摘要:
文本口令是现如今最主要的身份认证方式之一,很多用户为了方便记忆在构造口令时使用个人信息。然而,目前利用用户个人信息进行定向口令猜测,进而评估口令安全的工作相对欠缺。同时,神经网络在文本序列处理问题上的成功应用,使得利用神经网络进行口令安全问题研究成为一种新的研究思路。本文基于大规模口令集合,对用户口令构造行为进行分析的基础上,研究用户个人信息在口令构造中的作用,进而提出一种结合神经网络和用户个人信息的定向口令猜测模型TPGXNN(TargetedPassword Guessing using X Neural Networks),并在8组共计7000万条口令数据上进行定向口令猜测实验。实验结果显示,在各组定向口令猜测实验中,TPGXNN模型的猜测成功率均比概率上下文无关文法、马尔科夫模型等传统模型更高,表明了TPGXNN模型的有效性。
关键词:  用户个人信息  口令安全  定向口令猜测  神经网络
DOI:10.19363/J.cnki.cn10-1380/tn.2018.09.03
Received:June 20, 2017Revised:January 25, 2018
基金项目:本课题得到国家重点研发计划(No.2016YFB0801604)、院重基金(No.CXJJ-17S0490)资助。
Research on Targeted Password Guessing Using Neural Networks
ZHOU Huan,LIU Qixu,CUI Xiang,ZHANG Fangjiao
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China
Abstract:
Text-based passwords is one of the most important mechanisms of identity authentication nowadays. Many users tend to use personal information when constructing passwords for convenience. However, there are few studies about targeted password guessing using personal information in the field of password security. Besides, the successful application of neural network on the issue of text sequence processing makes the study of password security by using neural network become a new research idea. Based on the analysis of user's behaviors when constructing password, this thesis studies the role of user's personal information in password structure, and proposes a brand new model called TPGXNN (Targeted Password Guessing using X Neural Networks) which combines neural network and user's personal information. An experiment is carried out on 70 million password datasets. TPGXNN is compared with the current common guessing probability model including probability context-free grammar and various Markov models using guessing success rate. Experimental results show that TPGXNN model in each group of the experiments has a higher rate than the traditional password guessing model. The results not only demonstrate the validity of TPGXNN model, but also prove that the binding of neural network and user's personal information in password guessing is a practical research idea.
Key words:  personal information  password security  targeted password guessing  neural networks