Password Guessing Based on LSTM Recurrent Neural Networks

Xu, Lingzhi; Ge, Can; Qiu, Weidong; Huang, Zheng; Gong, Zheng; Guo, Jie; Lian, Huijuan

doi:10.1109/cse-euc.2017.155

Cited by 13 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared to the traditional password guessing methods, it has a larger password space and the generated samples are not limited to the training set. Based on the structure of models, deep learning-based methods can be separated into two types, RNN-based password guessing [25,26] and GANbased password guessing [27][28][29]. Melicher et al [25] first applied deep learning to password guessing, introducing a password guessing model based on recurrent neural network (RNN).…”

Section: Related Work Traditional Password Guessing Methods Can Be Br...mentioning

confidence: 99%

Password Guessing Based on GAN with Gumbel-Softmax

Zhou

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Password guessing is an important issue in user security and privacy protection. Using generative adversarial network (GAN) to guess passwords is a new strategy emerging in recent years, which exploits the discriminator’s evaluation of passwords to guide the update of the generator so that password guessing sets can be produced. However, the sampling process of discrete data from a categorical distribution is not differentiable so that backpropagation does not work well. In this paper, we propose a novel password guessing model named G-Pass, which consists of two main components. The first is a new network structure, which modifies the generator from the convolutional neural network (CNN) to long short-term memory- (LSTM-) based network and employs multiple convolutional layers in the discriminator to provide more informative signals for generator updating. The second is Gumbel-Softmax with temperature control for training GAN on passwords. Experimental results show the proposed G-Pass outperforms PassGAN in password quality and cracking rate. Moreover, by dynamically adjusting one parameter during the training process, a trade-off between sample diversity and quality can be achieved with our proposed model.

show abstract

Section: Related Work Traditional Password Guessing Methods Can Be Br...mentioning

confidence: 99%

Password Guessing Based on GAN with Gumbel-Softmax

Zhou

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The RNN outputs a character in each time step and receives it as the input of the next time step. Xu improved the network architecture and replaced the RNN with LSTM, to mine long-range dependency [53]. Teng proposes PG-RNN, which increases the number of neurons and has a competitive effect on different datasets [54].…”

Section: Other Password-generation Modelsmentioning

confidence: 99%

LPG–PCFG: An Improved Probabilistic Context- Free Grammar to Hit Low-Probability Passwords

Guo

Tan

Liu

et al. 2022

Sensors

View full text Add to dashboard Cite

With the development of the Internet, information security has attracted more attention. Identity authentication based on password authentication is the first line of defense; however, the password-generation model is widely used in offline password attacks and password strength evaluation. In real attack scenarios, high-probability passwords are easy to enumerate; extremely low-probability passwords usually lack semantic structure and, so, are tough to crack by applying statistical laws in machine learning models, but these passwords with lower probability have a large search space and certain semantic information. Improving the low-probability password hit rate in this interval is of great significance for improving the efficiency of offline attacks. However, obtaining a low-probability password is difficult under the current password-generation model. To solve this problem, we propose a low-probability generator–probabilistic context-free grammar (LPG–PCFG) based on PCFG. LPG–PCFG directionally increases the probability of low-probability passwords in the models’ distribution, which is designed to obtain a degeneration distribution that is friendly for generating low-probability passwords. By using the control variable method to fine-tune the degeneration of LPG–PCFG, we obtained the optimal combination of degeneration parameters. Compared with the non-degeneration PCFG model, LPG–PCFG generates a larger number of hits. When generating 107 and 108 times, the number of hits to low-probability passwords increases by 50.4% and 42.0%, respectively.

show abstract

“…The RNN generated one character at each time step and used the generated character as the input for the next time step until the terminator appeared or the maximum length was reached. In other studies, RNN [47] was replaced with LSTM [48], promoting the effect of capturing the long-range dependence of characters. Teng devised a PG-RNN that increased the number of neurons, and got competitive results on multiple datasets [34].…”

Section: Other Password Generative Modelsmentioning

confidence: 99%

Dynamic Markov Model: Password Guessing Using Probability Adjustment Method

et al. 2021

View full text Add to dashboard Cite

In password guessing, the Markov model is still widely used due to its simple structure and fast inference speed. However, the Markov model based on random sampling to generate passwords has the problem of a high repetition rate, which leads to a low cover rate. The model based on enumeration has a lower cover rate for high-probability passwords, and it is a deterministic algorithm that always generates the same passwords in the same order, making it vulnerable to attack. We design a dynamic distribution mechanism based on the random sampling method. This mechanism enables the probability distribution of passwords to be dynamically adjusted and tend toward uniform distribution strictly during the generation process. We apply the dynamic distribution mechanism to the Markov model and propose a dynamic Markov model. Through comparative experiments on the RockYou dataset, we set the optimal adjustment degree α. Compared with the Markov model without the dynamic distribution mechanism, the dynamic Markov model reduced the repetition rate from 75.88% to 66.50% and increased the cover rate from 37.65% to 43.49%. In addition, the dynamic Markov model had the highest cover rate for high-probability passwords. Finally, the model avoided the lack of a deterministic algorithm, and when it was run five times, it reached almost the same cover rate as OMEN.

show abstract

Password Guessing Based on LSTM Recurrent Neural Networks

Cited by 13 publications

References 7 publications

Password Guessing Based on GAN with Gumbel-Softmax

Password Guessing Based on GAN with Gumbel-Softmax

LPG–PCFG: An Improved Probabilistic Context- Free Grammar to Hit Low-Probability Passwords

Dynamic Markov Model: Password Guessing Using Probability Adjustment Method

Contact Info

Product

Resources

About