Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security 2021
DOI: 10.1145/3433210.3453092
|View full text |Cite
|
Sign up to set email alerts
|

HoneyGen: Generating Honeywords Using Representation Learning

Abstract: Honeywords are false passwords injected in a database for detecting password leakage. Generating honeywords is a challenging problem due to the various assumptions about the adversary's knowledge as well as users' password-selection behaviour. The success of a Honeywords Generation Technique (HGT) lies on the resulting honeywords; the method fails if an adversary can easily distinguish the real password. In this paper, we propose HoneyGen, a practical and highly robust HGT that produces realistic looking honey… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
16
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3
2
1

Relationship

0
6

Authors

Journals

citations
Cited by 14 publications
(16 citation statements)
references
References 29 publications
0
16
0
Order By: Relevance
“…We choose to use chaffing-by-tweaking instead of other recently proposed methods in the literature because other methods are more vulnerable to targeted attacks, with a typical example mentioned in Section 1.1, and some more examples shown in Table 4. Dionysiou et al [12] highlight the intricacy of developing tweaking rules in such a way that it could be difficult for an attacker to distinguish the password from its changed versions. For example, if a chaffing-by-tweaking strategy randomly perturbs the last three characters of a password, the adversary may easily conclude that the authentic password is the first one in the instances "18!morning", "18!morniey", and "18!gorndge".…”
Section: Discussionmentioning
confidence: 99%
See 4 more Smart Citations
“…We choose to use chaffing-by-tweaking instead of other recently proposed methods in the literature because other methods are more vulnerable to targeted attacks, with a typical example mentioned in Section 1.1, and some more examples shown in Table 4. Dionysiou et al [12] highlight the intricacy of developing tweaking rules in such a way that it could be difficult for an attacker to distinguish the password from its changed versions. For example, if a chaffing-by-tweaking strategy randomly perturbs the last three characters of a password, the adversary may easily conclude that the authentic password is the first one in the instances "18!morning", "18!morniey", and "18!gorndge".…”
Section: Discussionmentioning
confidence: 99%
“…Thus, they replace all occurrences of a particular symbol in a given password with a randomly chosen alternate symbol, lower-case each letter in a password with probability p = 0.3, upper-case each letter in a password with probability f = 0.03, and replace each digit occurrence with probability q = 0.05. [12] contains the pseudocode and rationale for the assignment of p, q, and f . A few examples of honeywords developed by tweaking are included in Table 5.…”
Section: Discussionmentioning
confidence: 99%
See 3 more Smart Citations