Password Guessing via Neural Language Modeling

Passwords are the major part of authentication in current social networks. The state-of-the-art password guessing approaches, such as Markov model and probabilistic context-free grammars (PCFG) model, assign a probability value to each password by a statistic approach without any parameters. These methods require large datasets to accurately estimate probability due to the law of large number. The neural network, approximating target probability distribution through iteratively training its parameters, was used to model passwords by some researches. However, since the network architectures they used are simple and straightforward, there are many ways to improve it.

[1]  Lujo Bauer,et al.  Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[4]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[5]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[6]  Maurizio Filippone,et al.  Monte Carlo Strength Evaluation: Fast and Reliable Password Checking , 2015, CCS.

[7]  Zoubin Ghahramani,et al.  A Theoretically Grounded Application of Dropout in Recurrent Neural Networks , 2015, NIPS.

[8]  Zhiyuan Tang,et al.  Recurrent neural network training with dark knowledge transfer , 2015, 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[9]  Claude Castelluccia,et al.  Adaptive Password-Strength Meters from Markov Models , 2012, NDSS.

[10]  Fernando Pérez-Cruz,et al.  PassGAN: A Deep Learning Approach for Password Guessing , 2017, ACNS.

[11]  Sudhir Aggarwal,et al.  Next Gen PCFG Password Cracking , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[13]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Claude Castelluccia,et al.  OMEN: Faster Password Guessing Using an Ordered Markov Enumerator , 2015, ESSoS.

[15]  Wei Wang,et al.  GENPass: A General Deep Learning Model for Password Guessing with PCFG Rules and Adversarial Generation , 2018, 2018 IEEE International Conference on Communications (ICC).

[16]  Zheng Huang,et al.  Password Guessing Based on LSTM Recurrent Neural Networks , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[17]  Ming-Wei Chang,et al.  BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding , 2019, NAACL.

[18]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[19]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[20]  Wenyuan Xu,et al.  A Large-Scale Empirical Analysis of Chinese Web Passwords , 2014, USENIX Security Symposium.

[21]  Lukasz Kaiser,et al.  Attention is All you Need , 2017, NIPS.