电子学报

• •    

SeqGANPass:使用序列生成式对抗网络进行口令猜测

龚雪鸾1, 陈艳姣2(), 王涛1, 曹雨欣1   

  1. 1.武汉大学计算机学院,湖北 武汉 430070
    2.浙江大学电气工程学院,浙江 杭州 310058
  • 收稿日期:2022-05-31 修回日期:2022-11-18 出版日期:2023-01-28
    • 通讯作者:
    • 陈艳姣
    • 作者简介:
    • 龚雪鸾 女,1996年3月出生于吉林省吉林市.现为武汉大学计算机学院博士生.主要研究方向为人工智能安全.E-mail: xueluangong@whu.edu.cn
      陈艳姣(通讯作者) 女,1989年6月出生于四川省德阳市.2010年毕业于清华大学电子工程学系.现为浙江大学百人计划研究员,博士生导师,从事无线网络、人工智能安全、网络安全的研究工作.
      王涛 男, 2000年8月出生于江西省赣州市,现为武汉大学计算机学院本科生,主要研究方向为人工智能安全. E-mail: WTBantoeC@whu.edu.cn
      曹雨欣 女, 2001年11月出生于江苏省徐州市.现为武汉大学计算机学院本科生,主要研究方向为人工智能安全. E-mail: 2020302111148@whu.edu.cn

SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets

GONG Xue-luan1, CHEN Yan-jiao2(), WANG Tao1, CAO Yu-xin1   

  1. 1.College of Computer Science,Wuhan University,Wuhuan,Hubei 430070,China
    2.College of Electrical Engineering,Zhejiang University,Hangzhou,Zhejiang 310058,China
  • Received:2022-05-31 Revised:2022-11-18 Online:2023-01-28
    • Corresponding author:
    • CHEN Yan-jiao

摘要:

为了破解用户口令并获取用户隐私信息,口令猜测工具应运而生.基于规则的口令猜测工具虽猜测成功率较高,但制定规则非常耗时且需要一定的专业知识.基于深度神经网络的口令猜测工具则需要大量的训练数据集来训练模型.基于此,本文提出了(Sequence Generative Adversarial Network Password, SeqGANPass),利用序列生成式对抗网络,针对口令数据集执行数据预处理操作,经由多轮对抗性训练过程训练口令生成器,以生成高质量的猜测口令.即使没有任何先验知识,SeqGANPass仍可以通过小规模训练集来实现口令破译.同时我们发现使用SeqGANPass可以大大提高基于规则的口令猜测工具的有效性.在实验中,我们与当前的主流口令猜测工具进行比较,如John the Ripper,Hashcat,Markov Model,上下文无关文法(Probabilistic Context Free Grammars,PCFG),FLA(Fast, Lean, and Accurate)和PassGAN等.实验表明,SeqGANPass的匹配率优于这些主流的口令猜测工具.

关键词: 口令猜测, 序列生成式对抗网络, 深度学习, 口令匹配, 隐私泄露, 生成式对抗网络

Abstract:

In order to crack the user's password to achieve the purpose of obtaining user's private information, password guessing tools also came into being. Although state-of-the-art rule-based attacks work achieve high attack success rate, the collection of rules is time consuming and needs expertise. Deep neural network-based attacks require amounts of datasets to achieve a good result. In this paper, we propose sequence generative adversarial network password(SeqGANPass), which uses sequence generative adversarial nets, conducts data preprocessing operations on the password datasets, to generate high-quality passwords. SeqGANPass can implement password cracking under a small scale of training set even without any prior knowledge. Furthermore, we show that SeqGANPass can greatly improve the effectiveness of rule-based attacks. Our experiments show that SeqGANPass outperforms most state-of-the-art password guessing methods, i.e., John the Ripper, Hashcat, Markov model, probabilistic context free grammars(PCFG), FLA(Fast, Lean, and Accurate), and PassGAN in matching rate.

Key words: password guessing, sequence generative adversarial networks, deep learning, password matching, privacy leakage, generative adversarial networks

中图分类号: