【摘要】：大規(guī)模的用戶口令集因可用于評估口令猜測算法的效率、檢測現(xiàn)有用戶口令保護機制的缺陷等,而廣受系統(tǒng)安全研究領域的重視.然而,盡管可以通過一些渠道,譬如網(wǎng)站口令泄露、用戶自愿征集或者個別網(wǎng)站出于研究目的的共享等,獲取真實的大規(guī)模用戶明文口令對當前研究人員來說仍然非常困難.為應對上述問題,該文提出了一種基于樣本的模擬口令集生成算法(Sample Perturbation Based Password Generation,SPPG).該算法利用較容易獲得的小規(guī)模真實口令樣本,通過學習生成概率模型,并產(chǎn)生大規(guī)模用戶口令集合.為評估這一算法的效能,該文提出了一組模擬口令集質(zhì)量的檢測指標,包括真實口令覆蓋率、Zipf分布擬合度等.最后,論文對比了SPPG算法與當前常見的用戶口令猜測概率模型,包括概率上下文無關文法和多種馬爾科夫模型,在生成用戶口令集上的效能差異.結(jié)果顯示,SPPG算法產(chǎn)生的模擬口令集在各指標下都有更好的表現(xiàn).平均地,在真實口令覆蓋率上,相對上下文無關文法和四階馬爾科夫模型分別提高了9.58%和72.79%,相對三階和一階馬爾科夫模型分別提高了10.34倍和13.41倍,并且Zipf分布的擬合度保持在0.9及以上的水平.同時,其口令結(jié)構分布和特殊模式的使用也更符合真實用戶生成口令的情況.
[Abstract]:Large-scale user password sets can be used to evaluate the efficiency of password guessing algorithms and to detect the shortcomings of existing user password protection mechanisms, which have attracted much attention in the field of system security research. However, although some channels, such as website password leakage, voluntary user solicitation or sharing of individual websites for research purposes, it is still very difficult for researchers to obtain real large scale clear text passwords of users. In order to solve the above problems, this paper proposes an analog password set generation algorithm (Sample Perturbation Based Password Generation,SPPG) based on samples. The algorithm makes use of small scale real password samples which are easy to obtain and generates probabilistic models by learning and generating large-scale user password sets. In order to evaluate the performance of the algorithm, this paper presents a set of quality detection indicators for analog password sets, including real password coverage, Zipf distribution fit, etc. Finally, the paper compares the performance difference between SPPG algorithm and common user password guessing probability models, including probabilistic context-free grammar and multiple Markov models, in generating user password sets. The results show that the simulated password set generated by SPPG algorithm has better performance under each index. On average, the relative context-free grammar and the fourth order Markov model are increased by 9.58% and 72.79%, respectively, and the third and first order Markov models are increased by 10.34 and 13.41 times, respectively. The fitting degree of Zipf distribution was maintained at the level of 0. 9 and above. At the same time, the distribution of password structure and the use of special patterns are more in line with the real user generated password.
【作者單位】： 復旦大學軟件學院;上海市數(shù)據(jù)科學重點實驗室;
【基金】：上海市科委“創(chuàng)新行動計劃項目”(16DZ1100200) 國家自然科學基金(61572136,61370080)資助~~
【分類號】：TP393.092

【相似文獻】

相關期刊論文 前2條

1 尹清波,張汝波,李雪耀,王慧強;基于動態(tài)馬爾科夫模型的入侵檢測技術研究[J];電子學報;2004年11期

2 ;[J];;年期

相關碩士學位論文 前1條

1 林彥;基于選擇型馬爾科夫模型的CDN緩存管理系統(tǒng)研究[D];汕頭大學;2008年

，

本文編號：2320741