CSNN:基于汉语拼音与神经网络的口令集安全评估方法

CSNN:Password Set Security Evaluation Method Based on Chinese Syllables and Neural Network

口令猜测攻击是一种最直接的获取信息系统访问权限的攻击,采用恰当方法生成的口令字典能够准确地评估信息系统口令集的安全性。该文提出一种针对中文口令集的口令字典生成方法(CSNN)。该方法将每个完整的汉语拼音视为一个整体元素,后利用汉语拼音的规则对口令进行结构划分与处理。将处理后的口令放入长短期记忆网络(LSTM)中训练,用训练后的模型生成口令字典。该文通过命中率实验评估CSNN方法的效能,将CSNN与其它两种经典口令生成方法(即,概率上下文无关文法PCFG和5阶马尔可夫链模型)对生成口令的命中率进行实验对比。实验选取了不同规模的字典,结果显示,CSNN方法生成的口令字典的综合表现优于另外两种方案。与概率上下文无关文法相比,在猜测数为107时,CSNN字典在不同测试集上的命中率提高了5.1%~7.4%(平均为6.3%);相对于5阶马尔可夫链模型,在猜测数为8×105时,CSNN字典在不同测试集上的命中率提高了2.8%~12%(平均为8.2%)。

Password guessing attack is the most direct way to break information systems.Using appropriate methods to generate password dictionaries can accurately evaluate the security of password sets.This paper proposes a new approach to the Chinese password set security evaluation that is named Chinese Syllables and Neural Network-based password generation(CSNN).In CSNN,each chinese syllable is treated as an integral element,and the spelling rules of chinese syllable can be used to parse and process the passwords.The processed passwords are then trained in the neural network model of Long Short-Term Memory(LSTM),which is used to generate password dictionaries(guessing sets).To evaluate the performance of CSNN,the hit rates of guessing sets generated by CSNN is compared with the two classical approaches(i.e.,Probability Context-Free Grammar(PCFG)and 5th-order Markov chain model).In the hit rate experiment,guessing sets of different scales are selected;the results show that the comprehensive performance of guessing sets generated by CSNN is better than PCFG and 5th-order markov chain model.Compared with PCFG,different scales of CSNN guessing sets can improve 5.1%~7.4%in hit rate on some test sets by 107 guesses(average 6.3%);Compared with 5th-order markov chain model,the CSNN guessing sets increased its hit rate by 2.8%to 12%(with an average of 8.2%)by 8×105 guesses.