Universal Neural-Cracking-Machines: Self-Configurable Password Models
from Auxiliary Data
- URL: http://arxiv.org/abs/2301.07628v5
- Date: Wed, 13 Mar 2024 08:02:51 GMT
- Title: Universal Neural-Cracking-Machines: Self-Configurable Password Models
from Auxiliary Data
- Authors: Dario Pasquini, Giuseppe Ateniese and Carmela Troncoso
- Abstract summary: "universal password model" is a password model that adapts its guessing strategy based on the target system.
It exploits users' auxiliary information, such as email addresses, as a proxy signal to predict the underlying password distribution.
- Score: 21.277402919534566
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We introduce the concept of "universal password model" -- a password model
that, once pre-trained, can automatically adapt its guessing strategy based on
the target system. To achieve this, the model does not need to access any
plaintext passwords from the target credentials. Instead, it exploits users'
auxiliary information, such as email addresses, as a proxy signal to predict
the underlying password distribution. Specifically, the model uses deep
learning to capture the correlation between the auxiliary data of a group of
users (e.g., users of a web application) and their passwords. It then exploits
those patterns to create a tailored password model for the target system at
inference time. No further training steps, targeted data collection, or prior
knowledge of the community's password distribution is required. Besides
improving over current password strength estimation techniques and attacks, the
model enables any end-user (e.g., system administrators) to autonomously
generate tailored password models for their systems without the often
unworkable requirements of collecting suitable training data and fitting the
underlying machine learning model. Ultimately, our framework enables the
democratization of well-calibrated password models to the community, addressing
a major challenge in the deployment of password security solutions at scale.
Related papers
- Search-based Ordered Password Generation of Autoregressive Neural Networks [0.0]
We build SOPGesGPT, a password guessing model based on GPT, using SOPG to generate passwords.
Compared with the most influential models OMEN, FLA, PassGAN, VAEPass, experiments show that SOPGesGPT is far ahead in terms of both effective rate and cover rate.
arXiv Detail & Related papers (2024-03-15T01:30:38Z) - Model Pairing Using Embedding Translation for Backdoor Attack Detection on Open-Set Classification Tasks [63.269788236474234]
We propose to use model pairs on open-set classification tasks for detecting backdoors.
We show that this score, can be an indicator for the presence of a backdoor despite models being of different architectures.
This technique allows for the detection of backdoors on models designed for open-set classification tasks, which is little studied in the literature.
arXiv Detail & Related papers (2024-02-28T21:29:16Z) - SentinelLMs: Encrypted Input Adaptation and Fine-tuning of Language
Models for Private and Secure Inference [6.0189674528771]
This paper addresses the privacy and security concerns associated with deep neural language models.
Deep neural language models serve as crucial components in various modern AI-based applications.
We propose a novel method to adapt and fine-tune transformer-based language models on passkey-encrypted user-specific text.
arXiv Detail & Related papers (2023-12-28T19:55:11Z) - Model Stealing Attack against Recommender System [85.1927483219819]
Some adversarial attacks have achieved model stealing attacks against recommender systems.
In this paper, we constrain the volume of available target data and queries and utilize auxiliary data, which shares the item set with the target data, to promote model stealing attacks.
arXiv Detail & Related papers (2023-12-18T05:28:02Z) - PassGPT: Password Modeling and (Guided) Generation with Large Language
Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation.
We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z) - On Deep Learning in Password Guessing, a Survey [4.1499725848998965]
This paper compares various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations.
We propose a promising research experimental design on using variations of IWGAN on password guessing under non-targeted offline attacks.
arXiv Detail & Related papers (2022-08-22T15:48:35Z) - Unsupervised Paraphrasing with Pretrained Language Models [85.03373221588707]
We propose a training pipeline that enables pre-trained language models to generate high-quality paraphrases in an unsupervised setting.
Our recipe consists of task-adaptation, self-supervision, and a novel decoding algorithm named Dynamic Blocking.
We show with automatic and human evaluations that our approach achieves state-of-the-art performance on both the Quora Question Pair and the ParaNMT datasets.
arXiv Detail & Related papers (2020-10-24T11:55:28Z) - Federated Learning of User Authentication Models [69.93965074814292]
We propose Federated User Authentication (FedUA), a framework for privacy-preserving training of machine learning models.
FedUA adopts federated learning framework to enable a group of users to jointly train a model without sharing the raw inputs.
We show our method is privacy-preserving, scalable with number of users, and allows new users to be added to training without changing the output layer.
arXiv Detail & Related papers (2020-07-09T08:04:38Z) - Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection [44.040106718326605]
The choice of password composition policy to enforce on a password-protected system represents a critical security decision.
In practice, this choice is not usually rigorous or justifiable, with a tendency for system administrators to choose password composition policies based on intuition alone.
We propose a novel methodology that draws on password probability distributions constructed from large sets of real-world password data.
arXiv Detail & Related papers (2020-07-07T22:12:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.