引用本文: |
-
郗志红,周永彬,李勇,樊一康,谢子平,石瑞鑫.基于深度学习的口令猜测方法的组合优化构造[J].信息安全学报,已采用 [点击复制]
- xizhihong,zhouyongbin,liyong,fanyikang,xieziping,shiruixin.Combinatorial optimization construction of password guessing method based on deep learning[J].Journal of Cyber Security,Accept [点击复制]
|
|
摘要: |
与传统的基于统计的口令猜测方法相比,基于深度学习的口令猜测方法在生成候选口令的数量及多样性方面均有显著技术优势。然而,现有的基于深度学习的口令猜测方法通过逐字符或映射采样的方式生成候选口令,未利用口令的内在结构特征,通常需要生成大量的候选口令才能取得较理想的猜测效果,在生成候选口令数较小的情况下,猜测成功率较低。针对上述问题,基于对口令结构与口令片段之间相互独立性的观察与认识,对口令内在结构特征与猜测模型基础特性的具体分析,本文提出一种以模块化方式对现有的基于深度学习的口令猜测方法进行组合优化的构造方法,将合适的统计模型作为基础组件引入到口令猜测过程中,以期获得具有更高猜测成功率和更好猜测效率的新方法,提高基于深度学习的口令猜测方法的实用性。实验结果表明,与现有的基于深度学习的口令猜测方法相比,经过组合优化构造出的新的口令猜测方法在同站和跨站口令猜测场景下的猜测成功率平均提高了215.51%和176.84%,证明了本文组合优化设计方法的有效性。 |
关键词: 口令猜测 深度学习 统计模型 组合优化 |
DOI:10.19363/J.cnki.cn10-1380/tn.2023.06.09 |
投稿时间:2020-11-23修订日期:2021-03-02 |
基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
Combinatorial optimization construction of password guessing method based on deep learning |
xizhihong, zhouyongbin, liyong, fanyikang, xieziping, shiruixin
|
(Institute of Information Engineering, Chinese Academy of Sciences) |
Abstract: |
The existing password guessing methods based on deep learning have great advantages in the number and diversity of password guessing compared with the statistical password guessing methods. However, the existing password guessing methods based on deep learning generate candidate passwords in a character-by-character or map-sample manner. It is necessary to generate a large number of candidate passwords to get a better guess effect without using the internal structure characteristics of passwords. When the number of candidate passwords is small, the guessing success rate is low. Aiming at the above problems, based on the observation and understanding of the mutual independence between the password structure and the password fragments, this paper proposes a modular construction method to optimize the existing password guessing methods based on deep learning by analysising the characteristics of the password structure and the basic characteristics of the guessing model. In order to obtain a new method with higher guess success rate and better guess efficiency, some appropriate statistical models are introduced into the password guessing process as a basic component. Furthermore, it improves the practicability of password guessing method based on deep learning. The experimental results show that the password guessing success rate of the combined-optimized password guessing method is up to 215.51% and 176.84% higher than that of the existing password guessing methods based on deep learning in the same site and cross-site password guessing scenarios. It shows the effectiveness of combinatorial optimization. |
Key words: password guessing deep learning statistic model combinatorial optimization |