Research On Key Technologies Of Password Security Based On Deep-learning

As the first line of defense to ensure the security of information systems on the internet,identity authentication technology has become increasingly important with the vigorous development of internet services.Password-based identity authentication has been used since the computer was invented and has become the most widely used authentication method on the internet thanks to the advantages of simplicity,ease of use,and low cost.Password security is the foundation of cyberspace security.However,the current research on password security still has some problems such as lack of systematic analysis of keyboard patterns,the time-consuming training process of password guessing attack models based on deep learning,and insufficient security of the honeywords generation method used in password leakage detection.To address these challenges,based on a large amount of leaked password data and using the deep learning method,this thesis focuses on the three important issues in password security and make the following key contributions:·A systematical study on the recognition methods and statistical characteristics of keyboard patterns.The keyboard pattern is a way for users to design passwords based on the position of characters on the keyboard.However,the existing keyboard pattern recognition methods are mainly rule-based,which makes the accuracy of the recognition result highly dependent on the researcher's experience.Additionally,no research has systematically analyzed the statistical characteristics of keyboard patterns as far as we know.Aiming at these problems,this thesis summarizes the definitions and recognition methods of keyboard patterns in the current studies and proposes a universal keyboard pattern recognition method.This method is used to extract about 14.6 million passwords containing keyboard patterns from the leaked password dataset,and then the statistical characteristics of the keyboard patterns in the password are further analyzed.· Propose a lightweight password guessing attack model based on deep learning.Many studies have confirmed that deep-learning-based(DL-based)models commonly used in natural language processing can be effectively applied to password attacks,and they have significant advantages in generalizability.However,the existing neural network structures constructed by the DL-based password guessing models are relatively complex and mainly use time-series models such as recurrent neural networks,resulting in model training are time-consuming.In order to improve the training efficiency of the DL-based password guessing attack model,this thesis proposes a lightweight password guessing model VAEPass and an improved model VAEPasstoken that can perform password guessing at the token level.The Variational Auto-Encoders(VAE)with a simple network structure is used as the model framework,and the Gated Convolutional Network(GCNN)which can be calculated in parallel is used as the core module.The experimental results show that the parameter scale of the proposed model does not exceed 32.3% of the current mainstream model Pass GAN,and the training time of the VAEPass-token model is only 11% of the Pass GAN,which greatly reduces the training time of the model.·Propose a honeyword generation method combined with deep learning.The honeywords method is an effective way to help the identity authentication server detect password leakage by generating decoy passwords that are indistinguishable from real passwords.However,the current honeywords generation methods have contradictions in the generation speed and security.The real-passwords-based honeywords generation methods have high security,but the computational cost is too high;the rule-based methods are fast to generate honeywords,but the security is difficult to guarantee.In order to take into account the speed and security of the honeywords generation method,this thesis proposes a honeywords generation method that combines deep learning and rule-based password attack.This method uses a deep learning model to match different password transformation rules for each password entered by the user,and uses the generated passwords transformed by these rules as honeywords.The experimental results show that when using the Top-PW method to attack,the security of the proposed method can be improved by about 3 times than the mainstream method in the worst case.