SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets

GONG Xue-luan; CHEN Yan-jiao; WANG Tao; CAO Yu-xin

doi:10.12263/DZXB.20220633

您当前的位置：

首页 >

文章列表页 >

SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets

PAPERS | 更新时间：2025-12-08

- SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets
- ACTA ELECTRONICA SINICA Vol. 51, Issue 5, Pages: 1148-1153(2023)
- 作者机构：
  
  1.武汉大学计算机学院，湖北武汉 430070
  2.浙江大学电气工程学院，浙江杭州 310058
- 作者简介：
- 基金信息：
- DOI：10.12263/DZXB.20220633
  CLC： TP311
- Received：31 May 2022，
  
  Revised：2022-11-18，
  
  Published：25 May 2023
- 稿件说明：
移动端阅览
龚雪鸾,陈艳姣,王涛等.SeqGANPass：使用序列生成式对抗网络进行口令猜测[J].电子学报,2023,51(05):1148-1153.

GONG Xue-luan,CHEN Yan-jiao,WANG Tao,et al.SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets[J].ACTA ELECTRONICA SINICA,2023,51(05):1148-1153.
龚雪鸾,陈艳姣,王涛等.SeqGANPass：使用序列生成式对抗网络进行口令猜测[J].电子学报,2023,51(05):1148-1153. DOI： 10.12263/DZXB.20220633.

GONG Xue-luan,CHEN Yan-jiao,WANG Tao,et al.SeqGANPass: Password Guessing with Sequence Generative Adversarial Nets[J].ACTA ELECTRONICA SINICA,2023,51(05):1148-1153. DOI： 10.12263/DZXB.20220633.

摘要

为了破解用户口令并获取用户隐私信息，口令猜测工具应运而生.基于规则的口令猜测工具虽猜测成功率较高，但制定规则非常耗时且需要一定的专业知识.基于深度神经网络的口令猜测工具则需要大量的训练数据集来训练模型.基于此，本文提出了（Sequence Generative Adversarial Network Password， SeqGANPass），利用序列生成式对抗网络，针对口令数据集执行数据预处理操作，经由多轮对抗性训练过程训练口令生成器，以生成高质量的猜测口令.即使没有任何先验知识，SeqGANPass仍可以通过小规模训练集来实现口令破译.同时我们发现使用SeqGANPass可以大大提高基于规则的口令猜测工具的有效性.在实验中，我们与当前的主流口令猜测工具进行比较，如John the Ripper，Hashcat，Markov Model，上下文无关文法（Probabilistic Context Free Grammars，PCFG），FLA（Fast， Lean， and Accurate）和PassGAN等.实验表明，SeqGANPass的匹配率优于这些主流的口令猜测工具.

Abstract

In order to crack the user's password to achieve the purpose of obtaining user's private information

password guessing tools also came into being. Although state-of-the-art rule-based attacks work achieve high attack success rate

the collection of rules is time consuming and needs expertise. Deep neural network-based attacks require amounts of datasets to achieve a good result. In this paper

we propose sequence generative adversarial network password (SeqGANPass)

which uses sequence generative adversarial nets

conducts data preprocessing operations on the password datasets

to generate high-quality passwords. SeqGANPass can implement password cracking under a small scale of training set even without any prior knowledge. Furthermore

we show that SeqGANPass can greatly improve the effectiveness of rule-based attacks. Our experiments show that SeqGANPass outperforms most state-of-the-art password guessing methods

i.e.

John the Ripper

Hashcat

Markov model

probabilistic context free grammars (PCFG)

FLA (Fast

Lean

and Accurate)

and PassGAN in matching rate.

关键词

Keywords

references

王平 , 汪定 , 黄欣沂 . 口令安全研究进展 [J]. 计算机研究与发展 , 2016 , 53 ( 10 ): 2173 - 2188 .

WANG P , WANG D , HUANG X Y . Advances in password security [J]. Journal of Computer Research and Development , 2016 , 53 ( 10 ): 2173 - 2188 . (in Chinese)

尚旭哲 , 王润田 , 孙颖 , 等 . 口令破解与防范技术研究 [J]. 网络空间安全 , 2020 , 11 ( 5 ): 98 - 103 .

SHANG X Z , WANG R T , SUN Y , et al . The research on password cracking and prevention technology [J]. Cyberspace Security , 2020 , 11 ( 5 ): 98 - 103 . (in Chinese)

NARAYANAN A , SHMATIKOV V . Fast dictionary attacks on passwords using time-space tradeoff [C]// ACM Conference on Computer and Communications Security . New York : ACM , 2005 : 364 - 372 .

WEIR M , AGGARWAL S , DE MEDEIROS B , et al . Password cracking using probabilistic context-free grammars [C]// 2009 30th IEEE Symposium on Security and Privacy . Piscataway : IEEE , 2009 : 391 - 405 .

邹静 , 林东岱 , 郝春辉 . 一种基于结构划分概率的口令攻击方法 [J]. 计算机学报 , 2014 , 37 ( 5 ): 1206 - 1215 .

ZOU J , LIN D D , HAO C H . A password cracking method based on structure division probability [J]. Chinese Journal of Computers , 2014 , 37 ( 5 ): 1206 - 1215 . (in Chinese)

韩伟力 , 袁琅 , 李思斯 , 等 . 一种基于样本的模拟口令集生成算法 [J]. 计算机学报 , 2017 , 40 ( 5 ): 1151 - 1167 .

HAN W L , YUAN L , LI S S , et al . An efficient algorithm to generate password sets based on samples [J]. Chinese Journal of Computers , 2017 , 40 ( 5 ): 1151 - 1167 . (in Chinese)

MELICHER W , UR B , SEGRETI S M , et al . Fast, lean, and accurate: Modeling password guessability using neural networks [C]// Proceedings of the 25th USENIX Conference on Security Symposium . New York : ACM , 2016 : 175 - 191 .

WU Y X , WANG D , ZOU Y K , et al . Improving Deep Learning Based Password Guessing Models Using Pre-Processing [M]// Information and Communications Security . Cham : Springer International Publishing , 2022 : 163 - 183 .

汪定 , 邹云开 , 陶义 , 等 . 基于循环神经网络和生成式对抗网络的口令猜测模型研究 [J]. 计算机学报 , 2021 , 44 ( 8 ): 1519 - 1534 .

WANG D , ZOU Y K , TAO Y , et al . Password guessing model based on recurrent neural networks and generative adversarial networks [J]. Chinese Journal of Computers , 2021 , 44 ( 8 ): 1519 - 1534 . (in Chinese)

GOODFELLOW I , POUGET-ABADIE J , MIRZA M , et al . Generative adversarial networks [J]. Communications of the ACM , 2020 , 63 ( 11 ): 139 - 144 .

HITAJ B , GASTI P , ATENIESE G , et al . PassGAN: A Deep Learning Approach for Password Guessing [M]// Applied Cryptography and Network Security . Cham : Springer International Publishing , 2019 : 217 - 237 .

YU Lan-tao , ZHANG Wei-han , WANG Jun . SeqGAN: Sequence generative adversarial nets with policy gradient [C]// AAAI Conference on Artificial Intelligence . San Francisco : AAAI Press , 2017 : 2852 - 2858 .

Skullsecurity . RockYou [CP/OL]. ( 2010-08-01 )[ 2022-11-17 ]. https://downloads.skullsecurity.org/passwords/rockyou.txt. bz2 https://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 .

WANG Ding , CHENG Hai-bo , WANG Ping . Zipf's law in passwords [J]. IEEE Transactions on Information Forensics and Security , 2017 , 12 ( 11 ): 2776 - 2791 .

ZIA T , ZAHID U . Long short-term memory recurrent neural network architectures for Urdu acoustic modeling [J]. International Journal of Speech Technology , 2019 , 22 ( 1 ): 21 - 30 .

HINTON G E , SRIVASTAVA N , KRIZHEVSKY A , et al . Improving neural networks by preventing co-adaptation of feature detectors [EB/OL]. [ 2022-05-24 ]. DOI: https://doi.org/10.48550/arXiv.1207.0580 https://doi.org/10.48550/arXiv.1207.0580 .

SRIVASTAVA N , HINTON G , KRIZHEVSKY A , et al . Dropout: A simple way to prevent neural networks from overfitting [J/OL]. The Journal of Machine Learning Research , 2014 , 15 ( 1 ): 1929 - 1958 .

Rarecoil . LinkedIn [CP/OL]. ( 2019-11-06 )[ 2022-11-17 ]. https://hashes.org/leaks.php?id=68 https://hashes.org/leaks.php?id=68 .

Pop . CSDN [CP/OL]. ( 2011-12-22 )[ 2022-11-17 ]. http://429006.com/article/technology/2622.htm http://429006.com/article/technology/2622.htm .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Review of Deep Learning Models Based on Neuroevolution

Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection

Differentially Private with Sparse and Smooth Self-Distillation

Operator Fusion Method and Hardware Architecture Design Based on Non-Standard Operators

Related Author

HAN Chong

WANG Jun-li

WU Yu-xi

ZHANG Chao-bo

HUANG Yu-zhe

GUAN Yong-yuan

WEI Song-jie

ZHAO Deng-feng

Related Institution

College of Electronics and Information Engineering, University of Tongji

School of Computer Science and Engineering, School of Cyber Science and Engineering, Nanjing University of Science and Technology

School of Information, Renmin University of China

College of Information Engineering, Capital Normal University

School of Mathematical Science, Capital Normal University

⁰