摘要: |
文本口令是现如今最主要的身份认证方式之一,很多用户为了方便记忆在构造口令时使用个人信息。然而,目前利用用户个人信息进行定向口令猜测,进而评估口令安全的工作相对欠缺。同时,神经网络在文本序列处理问题上的成功应用,使得利用神经网络进行口令安全问题研究成为一种新的研究思路。本文基于大规模口令集合,对用户口令构造行为进行分析的基础上,研究用户个人信息在口令构造中的作用,进而提出一种结合神经网络和用户个人信息的定向口令猜测模型TPGXNN(TargetedPassword Guessing using X Neural Networks),并在8组共计7000万条口令数据上进行定向口令猜测实验。实验结果显示,在各组定向口令猜测实验中,TPGXNN模型的猜测成功率均比概率上下文无关文法、马尔科夫模型等传统模型更高,表明了TPGXNN模型的有效性。 |
关键词: 用户个人信息 口令安全 定向口令猜测 神经网络 |
DOI:10.19363/J.cnki.cn10-1380/tn.2018.09.03 |
Received:June 20, 2017Revised:January 25, 2018 |
基金项目:本课题得到国家重点研发计划(No.2016YFB0801604)、院重基金(No.CXJJ-17S0490)资助。 |
|
Research on Targeted Password Guessing Using Neural Networks |
ZHOU Huan,LIU Qixu,CUI Xiang,ZHANG Fangjiao |
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China |
Abstract: |
Text-based passwords is one of the most important mechanisms of identity authentication nowadays. Many users tend to use personal information when constructing passwords for convenience. However, there are few studies about targeted password guessing using personal information in the field of password security. Besides, the successful application of neural network on the issue of text sequence processing makes the study of password security by using neural network become a new research idea. Based on the analysis of user's behaviors when constructing password, this thesis studies the role of user's personal information in password structure, and proposes a brand new model called TPGXNN (Targeted Password Guessing using X Neural Networks) which combines neural network and user's personal information. An experiment is carried out on 70 million password datasets. TPGXNN is compared with the current common guessing probability model including probability context-free grammar and various Markov models using guessing success rate. Experimental results show that TPGXNN model in each group of the experiments has a higher rate than the traditional password guessing model. The results not only demonstrate the validity of TPGXNN model, but also prove that the binding of neural network and user's personal information in password guessing is a practical research idea. |
Key words: personal information password security targeted password guessing neural networks |