Skip to main content
SpringerLink
Log in

Password Guessing Based on Semantic Analysis and Neural Networks

  • Conference paper
  • First Online:
Trusted Computing and Information Security (CTCIS 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 960))

Included in the following conference series:

Abstract

Passwords remain the dominant method in data encryption and identity authentication, but they are vulnerable to guessing attack. Most users incline to choose meaningful words to make up passwords. Lots of these words are human-memorable. In this paper, we propose a hierarchical semantic model that combines LSTM with semantic analysis to implement password guessing. With our model, the potential probability relationship between words can be mined. After training the model with 4.5 million passwords from leaked Chinese passwords, we generate lots of passwords guesses ordered by probability. 0.5 million passwords are reserved for model testing. In addition, we also pick up CSDN passwords, the Rockyou passwords, and Facebook passwords as model-testing sets. Each dataset contains 0.5 million passwords. LSTM-based model, PCFG, and Markov-based model are selected for comparison. Experiments show that our model has a higher coverage rate than the other models of the reserved dataset and CSDN dataset. Besides, our model can hit more passwords for the Rockyou dataset and Facebook dataset than PCFG.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Herley, C., Van Oorschot, P.: A research agenda acknowledging the persistence of passwords. IEEE Secur. Priv. Mag. 10(1), 28–36 (2012)

    Article  Google Scholar 

  2. Kelley, P., et al.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: 2012 IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  3. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  4. Leaked password lists and dictionaries. http://thepasswordproject.com/leaked_password_lists_and_dictionaries

  5. Weir, M., Aggarwal, S., Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 30th IEEE Symposium on Security and Privacy (2009)

    Google Scholar 

  6. Houshmand, S., Aggarwal, S., Flood, R.: Next gen PCFG password cracking. IEEE Trans. Inf. Forensics Secur. 10, 1776–1791 (2015)

    Article  Google Scholar 

  7. Wheeler, DL.: zxcvbn: low-budget password strength estimation. In: USENIX Security Symposium, pp. 157–173 (2016)

    Google Scholar 

  8. Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proceedings of the 12th ACM Conference on Computer and Communications Security - CCS 2005 (2005)

    Google Scholar 

  9. Castelluccia, C., Dürmuth, M., Perito D.: Adaptive password-strength meters from Markov models. In: NDSS 2012 (2012)

    Google Scholar 

  10. Dürmuth, M., Angelstorf, F., Castelluccia, C., Perito, D., Chaabane, A.: OMEN: faster password guessing using an ordered Markov enumerator. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 119–132. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15618-7_10

    Chapter  Google Scholar 

  11. John the Ripper password cracker. http://www.openwall.com/john/

  12. Hashcat. https://hashcat.net

  13. Jozefowicz, R., Zaremba, W., Sutskever I.: An empirical exploration of recurrent network architectures. In: International Conference on Machine Learning, pp. 2342–2350 (2015)

    Google Scholar 

  14. Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: USENIX Security Symposium, pp. 175–191 (2016)

    Google Scholar 

  15. RockYou. http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2

  16. Hitaj, B., Gasti, P., Ateniese, G., Perez-Cruz, F.: PassGAN: a deep learning approach for password guessing. arXiv preprint arXiv:1709.00440 (2017)

  17. Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)

    Google Scholar 

  18. Schweitzer, D., Boleng, J., Hughes, C., Murphy, L.: Visualizing keyboard pattern passwords. In: 2009 6th International Workshop on Visualization for Cyber Security (2009)

    Google Scholar 

  19. Understanding LSTM Networks. https://colah.github.io/posts/2015-08-Understanding-LSTMs/

  20. Xu, L., et al.: Password guessing based on LSTM recurrent neural networks. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) (2017)

    Google Scholar 

  21. de Castro, L., Hunter, L., Stephanie, L., Cristina, M.: Modeling password guessing with neural networks

    Google Scholar 

  22. Softmax. http://ufldl.stanford.edu/wiki/index.php/Softmax_Regressiony

Download references

Acknowledgements

This work was supported in part by the National Key R&D Program of China (Grant No. 2017YFB0802900).

Author information

Authors and Affiliations

  1. College of Cybersecurity, Sichuan University, Chengdu, 610065, China

    Yong Fang

  2. College of Electronic and Information Engineering, Sichuan University, Chengdu, 610065, China

    Kai Liu & Zheng Zuo

  3. International Liaison Office, People’s Government of Chongqing, Chongqing, 400065, China

    Fan Jing

Authors
  1. Yong Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kai Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fan Jing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zheng Zuo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zheng Zuo .

Editor information

Editors and Affiliations

  1. School of Cyber Science and Engineering, Wuhan University, Wuhan, China

    Huanguo Zhang

  2. School of Cyber Science and Engineering, Wuhan University, Wuhan, China

    Bo Zhao

  3. School of Cyber Science and Engineering, Wuhan University, Wuhan, China

    Fei Yan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fang, Y., Liu, K., Jing, F., Zuo, Z. (2019). Password Guessing Based on Semantic Analysis and Neural Networks. In: Zhang, H., Zhao, B., Yan, F. (eds) Trusted Computing and Information Security. CTCIS 2018. Communications in Computer and Information Science, vol 960. Springer, Singapore. https://doi.org/10.1007/978-981-13-5913-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-5913-2_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5912-5

  • Online ISBN: 978-981-13-5913-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation