西安电子科技大学学报 ›› 2022, Vol. 49 ›› Issue (3): 129-136.doi: 10.19665/j.issn1001-2400.2022.03.015

• 信息与通信工程 • 上一篇    下一篇

一种结合GAN的定向口令猜测方案

杜李旭弘1(),陈杰1,2(),杨小雪1()   

  1. 1.西安电子科技大学 通信工程学院,陕西 西安 710071
    2.桂林电子科技大学 广西密码学与信息安全重点实验室,广西壮族自治区 桂林 541004
  • 收稿日期:2021-07-09 修回日期:2021-12-01 出版日期:2022-06-20 发布日期:2022-07-04
  • 作者简介:杜李旭弘(1997—),女,西安电子科技大学硕士研究生,E-mail: lxhdu@stu.xidian.edu.cn|陈杰(1979—),女,副教授,博士,E-mail: jchen@mail.xidian.edu.cn|杨小雪(1997—),女,西安电子科技大学硕士研究生,E-mail: 1500020789@qq.com
  • 基金资助:
    陕西省自然科学基础研究计划(2021JM-126);广西密码学与信息安全重点实验室研究课题(GCIS202125)

Targeted password guessing scheme combined with GAN

DU Lixuhong1(),CHEN Jie1,2(),YANG Xiaoxue1()   

  1. 1. School of Telecommunications Engineering,Xidian University,Xi’an 710071,China
    2. Guangxi Key Laboratory of Cryptography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China
  • Received:2021-07-09 Revised:2021-12-01 Online:2022-06-20 Published:2022-07-04

摘要:

为提高定向口令猜测的成功率,提出一种基于概率上下文无关文法并结合生成式对抗网络的定向口令猜测方案。首先,将用户的真实口令与其个人信息进行匹配,在TarGuess-I模型的基础上对标签进一步划分,利用划分后的标签对真实口令进行解析;其次,将解析后的口令输入生成对抗网络,经过训练得到遵循真实口令分布的扩充规则集;最后,根据训练生成的扩充规则集,由用户个人信息以及在口令解析过程得到的L(Letters)、D(Digits)、S(Symbols)字段频次表,生成目标用户的猜测口令集。根据数据统计结果,提出设想并通过实验验证的论证方式,对提出的基于类型的个人可标识信息匹配的优化方式,即“数字+字母”“字母+特殊字符”“数字+特殊字符”(普遍应该为“字母”“数字”)进行一系列研究。通过在含有用户个人信息的铁路12306数据集上进行猜测攻击实验,对比于其他定向口令猜测方案,提出的方案具有更高的口令猜测成功率。

关键词: 口令猜测, 生成对抗网络, 自然语言处理

Abstract:

In order to improve the success rate of directional password guessing,this paper proposes a directional password guessing scheme based on the probabilistic context-free grammar (PCFG) combined with generative adversarial networks (GAN).First,this scheme matches the user’s real password with his personal information,and further divides the tags on the basis of the TarGuess-I model,and uses the divided tags to parse the real password.Second,the parsed passwords are input into the confrontation network,and an expanded rule set that follows the real password distribution is obtained after training.Finally,the guessed password set of the target user is generated according to the expanded rule set generated by training and the frequency table of the L (Letters),D (Digits),and S (Symbols) fields obtained from the user's personal information and the password parsing process.This paper adopts the method of demonstration based on the statistical results of the data to propose ideas and verification through experiments,and optimizes the innovative matching of the type-based personal identifiable information PII (Personal Identifiable Information):“numbers +letters” and “letters +special characters”.A series of studies on “numbers +special characters” (which should generally be “letters” and “numbers”) is carried out.Through guessing attack experiments on the railway 12306 data set containing users’ personal information,compared with other targeted password guessing schemes,this scheme has a higher success rate of password guessing.

Key words: password guessing, generative adversarial networks, natural language processing

中图分类号: 

  • TP309