GENPass: A General Deep Learning Model for Password Guessing with PCFG Rules and Adversarial Generation

Password has become today's dominant method of authentication in social network. While the brute-force attack methods, such as HashCat and John the Ripper, are unpractical, the research then switches to the password guess. The state-of-the-art approaches, such as Markov Model and probabilistic context-free grammars(PCFG), are all based on statistical probability. These approaches have a low matching rate. The methods on neural network have been proved more accurate and practical for password guessing than traditional methods. However, a raw neural network model is not qualified for cross-sites attack since each data set has its own features. This paper proposes a general deep learning model for password guessing, called GENPass. GENPass can learn features from several data sets and ensure the output wordlist high accuracy in different data sets by using adversarial generation. The password generator of GENPass is PCFG+LSTM(PL), where LSTM is a kind of Recurrent Neural Network. We combine neural network with PCFG because we found people were used to set their passwords with meaningful strings. Compared with LSTM, PL increased the matching rate by 16%-30% in the cross-sites tests when learning from a single dataset. GENPass uses several PL models to learn datasets and generate passwords. The result shows that the matching rate of GENPass is 20% higher than that of simply mixing those datasets in the cross-sites test.

[1]  M. Kendall,et al.  Kendall's advanced theory of statistics , 1995 .

[2]  Ting Zhu,et al.  A Dynamic Secure QoS Routing Protocol for Wireless Ad Hoc Networks , 2006, 2006 IEEE Sarnoff Symposium.

[3]  Wenyuan Xu,et al.  A Large-Scale Empirical Analysis of Chinese Web Passwords , 2014, USENIX Security Symposium.

[4]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[5]  Jianhua Li,et al.  A denial of service attack in advanced metering infrastructure network , 2014, 2014 IEEE International Conference on Communications (ICC).

[6]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  Li Pan,et al.  Puppet attack: A denial of service attack in advanced metering infrastructure network , 2016, J. Netw. Comput. Appl..

[8]  Yue Wu,et al.  An Intrusion Prevention Mechanism in Mobile Ad Hoc Networks , 2013, Ad Hoc Sens. Wirel. Networks.

[9]  Xudong Wang,et al.  Security Framework for Wireless Communications in Smart Distribution Grid , 2011, IEEE Transactions on Smart Grid.

[10]  Zachary Chase Lipton A Critical Review of Recurrent Neural Networks for Sequence Learning , 2015, ArXiv.

[11]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[12]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[13]  Futai Zou,et al.  A Survey on Security in Wireless Mesh Networks , 2010 .

[14]  Wang,et al.  Intrusion Detection for Wireless Mesh Networks using Finite State Machine , 2010 .

[15]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[16]  Haining Wang,et al.  A study of personal information in human-chosen passwords and its security implications , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[17]  Ting Zhu,et al.  Gait-Based Wi-Fi Signatures for Privacy-Preserving , 2016, AsiaCCS.

[18]  Alex Graves,et al.  Generating Sequences With Recurrent Neural Networks , 2013, ArXiv.

[19]  Ming Yu,et al.  NIS02-4: A Secure Quality of Service Routing Protocol for Wireless Ad Hoc Networks , 2006, IEEE Globecom 2006.

[20]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[21]  Shiyong Zhang,et al.  Distributed Intrusion Detection for Mobile Ad Hoc Networks , 2005, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops).

[22]  Demis Hassabis,et al.  Mastering the game of Go with deep neural networks and tree search , 2016, Nature.

[23]  Yue Wu,et al.  Cross-layer Detection for Black Hole Attack in Wireless Network ? , 2012 .

[24]  Fernando Pérez-Cruz,et al.  PassGAN: A Deep Learning Approach for Password Guessing , 2017, ACNS.

[25]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[26]  Xiang Zhang,et al.  Character-level Convolutional Networks for Text Classification , 2015, NIPS.

[27]  Donald F. Towsley,et al.  A secure energy routing mechanism for sharing renewable energy in smart microgrid , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[28]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.