Chenyang Wang (National University of Defense Technology), Fan Shi (National University of Defense Technology), Min Zhang (National University of Defense Technology), Chengxi Xu (National University of Defense Technology), Miao Hu (National University of Defense Technology), Pengfei Xue (National University of Defense Technology), Shasha Guo (National University of Defense Technology), jinghua zheng (National University of Defense Technology)

Password is still the primary authentication method, and the security community researches password guessing to improve password security. Dynamic password guessing continuously collects target's information and dynamically fits the distribution during the guessing process, thus expanding the threat. Existing methods are mainly of two types: dynamic adjustment of password policies and dynamic generation based on generative models. However, these methods fit the target distribution from a single perspective, ignoring the complementary effects of information between different dimensions. Dynamic password guessing performance will be greatly improved if information from multiple dimensions is well utilized, but how to effectively fuse multidimensional information is a challenge.
Motivated by this, we propose CoT-DPG, a new dynamic password guessing framework that allows multiple guessing models to learn collaboratively and complement each other's knowledge. This is the first application of the co-training approach in multi-view learning to password guessing. Firstly, at the feature level, we dynamically update the neural network parameters and fit the target distribution based on incremental training. Secondly, at the character level, we design a policy distribution optimization approach to alleviate the blindness of policy selection. Thirdly, we use the co-training approach for complementary learning, iterative training, and password generation in multiple dimensions. Finally, the experiments demonstrate the effectiveness of the proposed framework, with the absolute improvement in cracking rate of 6.4% to 26.7% over the state-of-the-art method on eight real-world password datasets.

View More Papers

LAPSE: Automatic, Formal Fault-Tolerant Correctness Proofs for Native Code

Charles Averill, Ilan Buzzetti (The University of Texas at Dallas), Alex Bellon (UC San Diego), Kevin Hamlen (The University of Texas at Dallas)

Read More

Finding Behavioural Biometrics Scripts on the Web Using Dynamic...

Alexandru Bara (University of Waterloo), Aswad Tariq (University of Waterloo), Urs Hengartner (University of Waterloo)

Read More

Decompiling the Synergy: An Empirical Study of Human–LLM Teaming...

Zion Leonahenahe Basque (Arizona State University), Samuele Doria (University of Padua), Ananta Soneji (Arizona State University), Wil Gibbs (Arizona State University), Adam Doupe (Arizona State University), Yan Shoshitaishvili (Arizona State University), Eleonora Losiouk (University of Padua), Ruoyu “Fish” Wang (Arizona State University), Simone Aonzo (EURECOM)

Read More