MLSTM:一种基于多序列长度LSTM的口令猜测方法  被引量：1

作　　者：常庚 赵岚 陈文 CHANG Geng;ZHAO Lan;CHEN Wen(School of Cyber Science and Engineering,Sichuan University,Chengdu 610065,China;Southwest China Research Institute of Electronic Equipment,Chengdu 610036,China)

机构地区：[1]四川大学网络空间安全学院,成都610065 [2]西南电子设备研究所,成都610036

出　　处：《计算机科学》2022年第4期354-361,共8页Computer Science

基　　金：国家重点研发计划(2019QY0800);国家自然科学基金(61872255)。

摘　　要：当前,口令仍然是重要的用户身份认证方式,使用有效的口令猜测方法来提高口令攻击的命中率是研究口令安全的主要方法之一。近年来,研究人员提出使用神经网络LSTM来实现口令猜测,并证实其命中率优于传统的PCFG口令猜测模型等。然而,传统LSTM模型存在序列长度选择困难的问题,无法学习到不同长度序列之间的关系。文中收集了大规模口令集合,通过对用户口令构造行为以及用户设置口令的偏好进行分析发现,用户个人信息对口令设置有重要影响。接着提出了多序列长度LSTM的口令猜测方法MLSTM(Multi-LSTM),同时将个人信息应用到漫步口令猜测,以进一步提高猜测命中率。实验结果表明,与PCFG相比,MLSTM的命中率最多提升了68.2%,与传统LSTM和三阶马尔可夫相比,MLSTM命中率的增加范围分别是7.6%~42.1%和23.6%~65.2%。Password is one of the most important methods of user authentication.Using effective password guessing methods to improve the hit rate of password attacks is the main approach to study password security.In recent years,researchers have proposed to use long short-term memory(LSTM)neural network to guess password and have demonstrated it is superior to traditional password guessing models,such as Markov model and PCFG(probabilistic context free text)model.However,the traditional LSTM model has the problem that it is hard to select the length of the sequence and cannot learn the relationship between different length sequences.This paper collects large-scale password sets and analyzes the user’s password construction behaviors and the preference for passwords setting,and finds that the user’s personal information has important influences on the password settings.Then a multiple sequence lengths of LSTM password guessing model MLSTM(Multi-LSTM)is proposed and the personal information is applied to trawling guessing.Experimental results demonstrate that compared with PCFG,the cracking rate is increased by 68.2%at most.While compared with traditional LSTM and 3 th-order Markov,the hit rates are increased by 7.6%~42.1%and 23.6%~65.2%respectively.

关 键 词：口令猜测 神经网络 口令分析 用户信息 口令安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]