基于机器学习技术的口令脆弱性评估
|
摘要
现有的口令脆弱性评估大多基于规则的方案,很容易绕开规则而得到不准确的评估值。因此,根据口令字符组成,基于自然语言处理中TF-IDF技术,进行口令字符特征到数值特征的转换,提出了基于机器学习的口令脆弱性评估方案。通过使用训练集添加标签的方法增加样本学习目标值,再使用逻辑回归算法进行模型训练,并在评估阶段基于该模型进行脆弱性评估。通过与测试样本口令强度与模型评估值误差分析表明,所提方案具有较高的准确度,且对一些简单口令进行实际评测,模型输出结果比较符合实际情况。
Most of the existing schemes for password vpulnerability assessments are based on basic rules,and it is easy to bypass the rulesand get inaccurate estimates.Therefore,according to the password character composition,withTF-IDF technology in natural language processing,and by converting password character features to numeric features,a password vulnerability assessment scheme based on machine learning is proposed.The sample learning target value is increased by adding a label to the training set,and then the model training is performed by using a logistic regression algorithm,andthe vulnerability assessmentbased on the model is done in the evaluation stage.Testingon the strength of sample password and the error of model evaluation valueindicates that the proposed scheme hasfairly high accuracy.The actual evaluation on some simple passwords shows that the output of the model is in good agreement with the actual situation.
Most of the existing schemes for password vpulnerability assessments are based on basic rules,and it is easy to bypass the rulesand get inaccurate estimates.Therefore,according to the password character composition,withTF-IDF technology in natural language processing,and by converting password character features to numeric features,a password vulnerability assessment scheme based on machine learning is proposed.The sample learning target value is increased by adding a label to the training set,and then the model training is performed by using a logistic regression algorithm,andthe vulnerability assessmentbased on the model is done in the evaluation stage.Testingon the strength of sample password and the error of model evaluation valueindicates that the proposed scheme hasfairly high accuracy.The actual evaluation on some simple passwords shows that the output of the model is in good agreement with the actual situation.
引文
[1]石元兵,何雪海.基于GMM的移动终端声纹持续认证[J].通信技术,2017,50(08):1800-1804.SHI Yuan-bing,HE Xue-hai.Continuous Voiceprint Authentication System for Mobile Terminal Devices based on GMM[J].Journal of Communication Technology,2017,50(08):1800-1804.
[2]王平,汪定,黄欣沂.口令安全研究进展[J].计算机研究与发展,2016,53(10):2173-2188.WANG Ping,WANG Ding,HUANG Xin-yi.Advances in Password Security[J].Journal of Computer Research and Development,2016,53(10):2173-2188.
[3]刘功申,邱卫东,孟魁等.基于真实数据挖掘的口令脆弱性评估及恢复[J].计算机学报,2016,39(03):454-467.LIU Gong-shen,QIU Wei-dong,MENG Kui,et al.Password Vulnerability Assessment and Recovery Based on Rules Mined from Large-Scale Real Data[J].Chinese Journal of Computers,2016,39(03):454-467.
[4]杜薇,张李军,张爱丽.网络论坛口令的安全分析[J].通信技术,2018,51(05):1179-1184.DU Wei,ZHANG Li-jun,ZHANG Ai-li.Password Security Analysis of Network Forums[J].Journal of Communication Technology,2018,51(05):1179-1184.
[5]宋创创,方勇,黄诚等.基于集成学习的口令强度评估模型[J].计算机应用,2018,38(05):1383-1388.SONG Chuang-chuang,FANG Yong,HUANG Cheng,et al.Password Strength Estimation Model Based on Ensemble Learning[J].Journal of Computer Applications,2018,38(05):1383-1388.
[6]叶雪梅,毛雪岷,夏锦春等.文本分类TF-IDF算法的改进研究[J].计算机工程与应用,2019,55(02):104-109.YE Xue-mei,MAO Xue-min,XIA Jin-chun,et al.Improved Approach to TF-IDF Algorithm in Text Classification[J].CEA,2019,55(02):104-109.
[7]侯爱华,高伟,汪霖.基于逻辑回归模型的流量异常检测方法研究[J].工程数学学报,2017(05):1383-1388.HOU Ai-hua,GAO Wei,WANG Lin.Research on Traffic Anomaly Detection Method Based on the Logistic Regression Model[J].Chinese Journal of Engineering Mathematics,2017(05):1383-1388.
[2]王平,汪定,黄欣沂.口令安全研究进展[J].计算机研究与发展,2016,53(10):2173-2188.WANG Ping,WANG Ding,HUANG Xin-yi.Advances in Password Security[J].Journal of Computer Research and Development,2016,53(10):2173-2188.
[3]刘功申,邱卫东,孟魁等.基于真实数据挖掘的口令脆弱性评估及恢复[J].计算机学报,2016,39(03):454-467.LIU Gong-shen,QIU Wei-dong,MENG Kui,et al.Password Vulnerability Assessment and Recovery Based on Rules Mined from Large-Scale Real Data[J].Chinese Journal of Computers,2016,39(03):454-467.
[4]杜薇,张李军,张爱丽.网络论坛口令的安全分析[J].通信技术,2018,51(05):1179-1184.DU Wei,ZHANG Li-jun,ZHANG Ai-li.Password Security Analysis of Network Forums[J].Journal of Communication Technology,2018,51(05):1179-1184.
[5]宋创创,方勇,黄诚等.基于集成学习的口令强度评估模型[J].计算机应用,2018,38(05):1383-1388.SONG Chuang-chuang,FANG Yong,HUANG Cheng,et al.Password Strength Estimation Model Based on Ensemble Learning[J].Journal of Computer Applications,2018,38(05):1383-1388.
[6]叶雪梅,毛雪岷,夏锦春等.文本分类TF-IDF算法的改进研究[J].计算机工程与应用,2019,55(02):104-109.YE Xue-mei,MAO Xue-min,XIA Jin-chun,et al.Improved Approach to TF-IDF Algorithm in Text Classification[J].CEA,2019,55(02):104-109.
[7]侯爱华,高伟,汪霖.基于逻辑回归模型的流量异常检测方法研究[J].工程数学学报,2017(05):1383-1388.HOU Ai-hua,GAO Wei,WANG Lin.Research on Traffic Anomaly Detection Method Based on the Logistic Regression Model[J].Chinese Journal of Engineering Mathematics,2017(05):1383-1388.