Search

CN-121580376-B - Directional password guessing method and system based on differential transformation guidance

CN121580376BCN 121580376 BCN121580376 BCN 121580376BCN-121580376-B

Abstract

The invention discloses a directional password guessing method and a directional password guessing system based on differential transformation guidance, wherein the method comprises the steps of encoding a known source password and a target password in a password pair containing various typical modification patterns by a pre-trained encoder, calculating differential transformation vectors, and clustering the differential transformation vectors to obtain differential password vectors of the various typical modification patterns; the method comprises the steps of respectively inputting a source password and differential password vectors of various typical modification patterns into a pre-trained decoder to sequentially obtain probability distribution of each character in a target password, finally obtaining a target password set under the corresponding typical modification patterns, and summarizing the target password set under the various typical modification patterns to obtain a target password guess result of the source password. The invention aims to improve the capturing capability of password modification behaviors, make up for the short plates for current password modification behavior evaluation, and improve the stability and accuracy of password security evaluation.

Inventors

  • PENG WEI
  • TANG XINJIE
  • ZHAO TAO
  • WEI ZILING
  • CHEN SHUHUI
  • WANG FEI
  • LUO ZHENHAO

Assignees

  • 中国人民解放军国防科技大学

Dates

Publication Date
20260508
Application Date
20260126

Claims (6)

  1. 1. The directional password guessing method based on differential transformation guidance is characterized by comprising the following steps of: S101, according to known password pairs containing various typical modification patterns, respectively adopting a pre-trained encoder to encode a source password and a target password in the password pairs into hidden layer representations, calculating differential transformation vectors among the hidden layer representations, and clustering the differential transformation vectors of all the password pairs to obtain differential password vectors of the various typical modification patterns, wherein the typical modification patterns are typical modification rules for modifying the source password to obtain the target password; S102, respectively inputting a source password and differential password vectors of various typical modification patterns into a pre-trained decoder to sequentially obtain probability distribution of each character in a target password, and finally obtaining a target password set under the corresponding typical modification patterns; s103, gathering target passwords under various typical modification forms to obtain a target password guess result of the source password; the functional expression of the differential transformation vector is as follows: ; Wherein, the In order to transform the vector in a differential manner, For the purpose of pooling the functions, In the case of an encoder, For the purpose of the password to be a target, In order to be a source password, For target password Is represented by the hidden layer of (a), As source password Is represented by a hidden layer; When clustering the differential transformation vectors of all the password pairs in step S101, the differential password vector set composed of the differential transformation vectors of all the password pairs is included Wherein the objective function shown in the following formula is minimum, and clustering is performed by adopting a specified clustering algorithm to obtain the inclusion A differential password vector cluster of a typical modification paradigm: ; Wherein, the As a function of the object to be processed, For the number of clusters of differential password vectors, For the set of differential transformation vectors in the kth differential password vector cluster, In order to transform the vector in a differential manner, And the center vector of the kth differential password vector cluster is the differential password vector of the kth typical modification form.
  2. 2. The method according to claim 1, wherein in step S102, when the source password and the differential password vectors of various typical modification patterns are input to the pre-trained decoder to sequentially obtain the probability distribution of each character in the target password, the method includes, for each character in the target password, using a beam search algorithm to obtain the first k characters with highest probability of the character, and finally obtaining the target password set corresponding to the typical modification pattern.
  3. 3. The differential transformation-guided directional password guessing method according to claim 1, wherein the step S101 is preceded by the step of training an encoder and a decoder: S201, constructing a training data set, wherein a training sample of the training data set consists of a source password and an associated target password; s202, extracting a current batch of training samples from a training data set; s203, aiming at the training samples of the current batch, encoding the source password and the associated target password of each training sample by adopting an encoder, and calculating a differential transformation vector of encoding results of the source password and the associated target password; S204, aiming at the training samples of the current batch, decoding each training sample and the corresponding differential transformation vector thereof by using a decoder to obtain probability distribution of a target password, carrying out loss and gradient calculation by combining a preset loss function, and optimizing and updating network parameters of an encoder and a decoder according to the lost gradient; S205, judging whether the loss convergence of the loss function or the maximum batch of the training batch is met, if not, jumping to the step S202 to continue training, otherwise, finishing the training of the encoder and the decoder.
  4. 4. A directed password guessing method based on differential transformation guidance according to claim 3, wherein the predetermined loss function is a cross entropy loss function.
  5. 5. A differential transformation-guided directional password guessing method according to claim 3, wherein the training of the encoder and decoder further comprises generating and fine-tuning for the encoder and decoder: s301, constructing a test data set, wherein a test sample of the test data set consists of a source password and an associated target password; S302, obtaining a target password guess result of a test sample by using an encoder and a decoder, comparing the target password guess result of the test sample with a real target password, and dividing the test data set into a correct guess test data subset and a wrong guess test data subset; S303, judging whether the fine adjustment is needed to be continued, if not, judging that the fine adjustment of the encoder and the decoder is finished, otherwise, jumping to the next step; And S304, finely adjusting the encoder and the decoder by using the correct guess test data subset, acquiring a target password guess result of the test sample by using the finely adjusted encoder and decoder, comparing the target password guess result of the test sample with a real target password, dividing the test data set into a new correct guess test data subset and a correct guess test data subset, and continuing iteration in step S303.
  6. 6. A directed password guessing system based on differential transformation guidance, comprising a microprocessor and a memory connected to each other, wherein the microprocessor is programmed or configured to perform the directed password guessing method based on differential transformation guidance according to any one of claims 1 to 5.

Description

Directional password guessing method and system based on differential transformation guidance Technical Field The invention belongs to the technical field of password security, and particularly relates to a directional password guessing method and system based on differential transformation guidance. Background Due to the simplicity, easy modification and cost effectiveness of text passwords, it is expected that in the foreseeable future, text passwords will still be the primary user authentication method and other alternative authentication techniques cannot compete with text passwords. Recent studies have shown that each user has an average of 80-107 different online accounts. Identity authentication is an important defense line of network space security, and text passwords exist in our daily life as an indispensable and irreplaceable user identity authentication mode for a long time by virtue of the characteristics of simplicity and easiness in deployment. To facilitate memorization and management, users often select a relatively simple string as a password, such as a keyboard mode, and repeatedly use an existing password, which greatly increases the risk of security breaches. Meanwhile, users tend to add characters (e.g., mailbox information, name, etc.) related to personal information to passwords. In addition, rather than regenerating a completely new password, users often reuse the password or change it (e.g., insert, delete, or replace characters) at different websites through simple editing operations. The current directional password guessing method is mainly divided into four types according to technical routes, namely a rule-based traditional method, a statistical-based method, a machine learning-based method, particularly deep learning method and a mixed password guessing scheme. The rule-based method mainly depends on the application of fixed rules on the historical passwords of the user, the statistical-based method can model the association of personal information or the historical passwords of the user to other passwords by using a templatization method (such as PCFG), researchers are continuously optimizing the method, and good effects are achieved in specific scenes. However, these conventional methods have problems of insufficient pertinence, poor generalization property, etc., and in view of the limitations thereof, as the deep learning technology is significantly advanced and developed, the prior art proposes a solution based on deep learning to automatically capture the rules of user password modification and setting, and provide a more accurate solution for directional password guessing. Currently, the directional password guessing method based on deep learning mainly follows two modeling paradigms. The first paradigm models tasks as sequence editing operation predictions, i.e., learning a minimum editing path (e.g., sequence of operations to insert, delete, replace characters, etc.) from a source password to a target password. Although the scheme has strong interpretability, the performance of the scheme is seriously dependent on an artificially preset editing operation set, so that strong induction deviation is introduced, and complex actual modification behaviors of a user can not be completely covered. In addition, the method is easy to generate a large number of repeated guesses in the generation process, and has limited cracking efficiency for password pairs with low character level similarity. The second model adopts an end-to-end character sequence generation model to directly generate the character sequence of the target password according to the source password. This data-driven approach reduces reliance on a priori knowledge, but suffers from significant drawbacks in terms of interpretability. The black box characteristics make it difficult for researchers to trace and analyze specific modification rules learned by the model, so that the secret code modification habit and mode of a user are not easy to understand deeply, and the deep application value of the secret code modification habit and mode in the field of safety analysis is limited. Disclosure of Invention Aiming at the problems in the prior art, the invention provides a directional password guessing method and a directional password guessing system based on differential transformation guidance, which aim to improve the capturing capability of password modification behaviors, make up a short board for current password modification behavior evaluation and improve the stability and accuracy of password security evaluation. In order to solve the technical problems, the invention adopts the following technical scheme: A directional password guessing method based on differential transformation guidance comprises the following steps: S101, according to known password pairs containing various typical modification patterns, respectively adopting a pre-trained encoder to encode a source password and a target password in the