Abstract
Password guessing attack is the most direct way to gain access to information systems. Using appropriate methods to generate password dictionary can effectively improve the hit rate of password guessing attacks. A Chinese syllables and Neural Network-based password generation method CSNN is proposed for Chinese password sets. This method treats Chinese Syllables as integral elements and uses them to parse and process passwords. The processed passwords are trained in Long Short-Term Memory Neural Network, and the trained model is used to generate password dictionaries (guessing sets). Long Short-Term Memory Neural Network is a kind of Recurrent Neural Network. In order to evaluate the effectiveness of CSNN, the hit rates of guessing sets generated by CSNN on target password sets (test sets) are compared with Probability Context-Free Grammar (PCFG) and 5th-order Markov Chain Model. In hit rate experiment, guessing sets of different scales were selected; the results show that the comprehensive performance of guessing sets generated by CSNN is better than PCFG and 5th-order Markov Chain Model. Compared with PCFG, different scales of CSNN guessing sets can improve up to 9% in hit rate on some test sets; compared with 5th-order Markov Chain Model, the best performance range of CSNN guessing sets is 105 to 106 guesses, and their hit rate increases range from 2.6% to 12.03%.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Jiang W, Li H, Xu G et al (2019) PTAS: Privacy-Preserving thin-client authentication scheme in blockchain-based PKI. Fut Gen Comput Syst 96:185–195
Li H, Yang Y, Dai Y et al (2017) Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data. IEEE Trans Cloud Comput 99:1–1
Xu G, Li H, Dai Y et al (2019) Enabling efficient and geometric range query with access control over encrypted spatial data. IEEE Trans Inf Forensic Secur 14(4):870–885
Li H, Liu D, Dai Y et al (2018) Personalized search over encrypted data with efficient and secure updates in mobile clouds. IEEE Trans Emerg Top Comput 6(1):97–109
Xu G, Li H, Liu S et al (2019) Efficient and Privacy-preserving Truth Discovery in Mobile Crowd Sensing Systems. IEEE Trans Veh Technol 68(4):3854–3865
Ren H, Li H, Dai Y et al (2018) Querying in internet of things with privacy preserving: challenges, Solutions and Opportunities. IEEE Netw 32(6):144–151
Wang P, Wang D, Huang XY (2016) Advances in password security. J Comput Res Dev 53(10):2173–2188
Narayanan A, Shmatikov V (2005) Fast dictionary attacks on passwords using time-space tradeoff. Proceedings of ACM CCS 2005, pp 364–372
Weir M, Aggarwal S, Medeiros B D, Glodek B (2009) Password cracking using probabilistic context-free grammars, 2009 30th IEEE Symposium on Security and Privacy, pp 391–405
Veras R, Collins C, Thorpe J (2014) On Semantic Patterns of Passwords and their Security Impact. Proceedings of NDSS, pp 1–16
Luo M, Zhnag Y (2017) A password cracking method based on name initials shorthand structure. Comput Eng 43(1):188–195
Wang D, Zhang ZJ, Wang P, Yan J, Huang XY (2016) Targeted online password guessing: an underestimated threat. Proceedings of ACM CCS 2016, pp 1–13
Yang WN, Li NH, Chowdhury O, Xiong AP, Proctor RW (2016) An empirical study of mnemonic sentence-based password generation strategies. Proceedings of ACM CCS 2016, pp 1216–1229
Xu G, Li H, Ren H et al (2019) Data Security Issues in Deep Learning: Attacks, Countermeasures and Opportunities. IEEE Commun Mag 57(11):116–122
Melicher W, Ur B, Segreti S M et al (2016) Fast, lean, and accurate: Modeling password guessability using neural networks. Proceedings of USENIX Security 2016, pp 175–191
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Levy O, Lee K, FitzGerald N, Zettlemoyer L (2018) Long short-term memory as a dynamically computed element-wise weighted sum, arXiv:1805.03716
Hitaj B, Gasti P, Ateniese G, Perez-Cruz F (2017) PassGAN: A deep learning approach for password guessing, arXiv:1709.00440
Liu YY, Xia ZY, Yi P et al (2018) GENPAss: A general deep learning model for password guessing with PCFG rules and adversarial generation. IEEE ICC 2018, pp 1–6
Klein DV (1990) Foiling the cracker: a survey of, and improvements to, password security. Proceedings of the 2nd USENIX Security Workshop, pp 5–14
Ma J, Yang WN, Luo M, Li NH (2014) A study of probabilistic password models. 2014 IEEE Symposium on Security and Privacy, pp 689–704
Dell’Amico M, Michiardi P, Roudier Y (2010) Password strength: an empirical analysis. Proceedings of IEEE INFOCOM 2010, pp 1–9
Xu G, Li H, Liu S et al (2020) VerifyNet: Secure and Verifiable Federated Learning. IEEE Trans Inf Forensic Secur 15(1):911–926
Hao M, Li H, Luo X et al (2019) Efficient and Privacy-enhanced Federated Learning for Industrial Artificial Intelligence. IEEE Transactions on Industrial Informatics, pp 1–1
Acknowledgements
The research is supported by Project ZR2019MF058 of Shandong Provincial Natural Science Foundation, the National Natural Science Foundation of China (Grant No. 61303197 and 61802214) and the Open Project Program of The State Key Laboratory of Integrated Services Networks (ISN19-14).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection:Special Issue on Security and Privacy in Machine Learning Assisted P2P Networks
Guest Editors: Hongwei Li, Rongxing Lu and Mohamed Mahmoud
Rights and permissions
About this article
Cite this article
Zhang, Y., Xian, H. & Yu, A. CSNN: Password guessing method based on Chinese syllables and neural network. Peer-to-Peer Netw. Appl. 13, 2237–2250 (2020). https://doi.org/10.1007/s12083-020-00893-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00893-7