KAPG: Adaptive Password Guessing via Knowledge-Augmented Generation
- URL: http://arxiv.org/abs/2510.23036v1
- Date: Mon, 27 Oct 2025 06:03:08 GMT
- Title: KAPG: Adaptive Password Guessing via Knowledge-Augmented Generation
- Authors: Xudong Yang, Jincheng Li, Kaiwen Xing, Zhenjia Xiao, Mingjian Duan, Weili Han, Hu Xiong,
- Abstract summary: We propose a knowledge-augmented password guessing framework that integrates external lexical knowledge into the guessing process.<n>KnowGuess achieves average improvements of 36.5% and 74.7% over state-of-the-art models in intra-site and cross-site scenarios.<n>We also develop KAPSM, a trend-aware and site-specific password strength meter.
- Score: 7.1409672981861485
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As the primary mechanism of digital authentication, user-created passwords exhibit common patterns and regularities that can be learned from leaked datasets. Password choices are profoundly shaped by external factors, including social contexts, cultural trends, and popular vocabulary. Prevailing password guessing models primarily emphasize patterns derived from leaked passwords, while neglecting these external influences -- a limitation that hampers their adaptability to emerging password trends and erodes their effectiveness over time. To address these challenges, we propose KAPG, a knowledge-augmented password guessing framework that adaptively integrates external lexical knowledge into the guessing process. KAPG couples internal statistical knowledge learned from leaked passwords with external information that reflects real-world trends. By using password prefixes as anchors for knowledge lookup, it dynamically injects relevant external cues during generation while preserving the structural regularities of authentic passwords. Experiments on twelve leaked datasets show that KnowGuess achieves average improvements of 36.5\% and 74.7\% over state-of-the-art models in intra-site and cross-site scenarios, respectively. Further analyses of password overlap and model efficiency highlight its robustness and computational efficiency. To counter these attacks, we further develop KAPSM, a trend-aware and site-specific password strength meter. Experiments demonstrate that KAPSM significantly outperforms existing tools in accuracy across diverse evaluation settings.
Related papers
- Password Strength Analysis Through Social Network Data Exposure: A Combined Approach Relying on Data Reconstruction and Generative Models [3.4879868100629356]
We present SODA, a data reconstruction tool designed to enhance evaluation processes related to the password strength.<n>In particular, SODA integrates a specialized password evaluation module aimed at evaluating password strength by leveraging publicly available data.<n>We also investigate the capabilities and risks associated with emerging Large Language Models (LLMs) in generating passwords.
arXiv Detail & Related papers (2025-11-20T18:34:33Z) - Enhancing Password Security Through a High-Accuracy Scoring Framework Using Random Forests [0.5097809301149341]
We implement and evaluate a password strength scoring system by comparing four machine learning models.<n>Our primary contribution is a novel hybrid feature engineering approach that captures nuanced vulnerabilities missed by standard metrics.
arXiv Detail & Related papers (2025-11-12T17:05:27Z) - MoPE: A Mixture of Password Experts for Improving Password Guessing [10.399922446362417]
We propose MoPE, specifically designed to leverage the structural patterns in passwords to improveguessing performance.<n>Our evaluation shows that MoPE significantly outperforms existing state-of-the-art baselines in both offline and online guessing scenarios.
arXiv Detail & Related papers (2025-09-20T07:30:15Z) - Evaluating Language Model Reasoning about Confidential Information [95.64687778185703]
We study whether language models exhibit contextual robustness, or the capability to adhere to context-dependent safety specifications.<n>We develop a benchmark (PasswordEval) that measures whether language models can correctly determine when a user request is authorized.<n>We find that current open- and closed-source models struggle with this seemingly simple task, and that, perhaps surprisingly, reasoning capabilities do not generally improve performance.
arXiv Detail & Related papers (2025-08-27T15:39:46Z) - MAYA: Addressing Inconsistencies in Generative Password Guessing through a Unified Benchmark [1.4419466020986265]
This paper introduces MAYA, a unified, customizable, plug-and-play benchmarking framework for generative password-guessing models.<n>We conduct a comprehensive assessment of six state-of-the-art approaches, which we re-implemented and adapted to ensure standardization.<n>Our findings indicate that these models effectively capture different aspects of human password distribution and exhibit strong generalization capabilities.
arXiv Detail & Related papers (2025-04-23T12:16:59Z) - ParamMute: Suppressing Knowledge-Critical FFNs for Faithful Retrieval-Augmented Generation [91.20492150248106]
We investigate the internal mechanisms behind unfaithful generation and identify a subset of mid-to-deep feed-forward networks (FFNs) that are disproportionately activated in such cases.<n>We propose Parametric Knowledge Muting through FFN Suppression (ParamMute), a framework that improves contextual faithfulness by suppressing the activation of unfaithfulness-associated FFNs.<n> Experimental results show that ParamMute significantly enhances faithfulness across both CoFaithfulQA and the established ConFiQA benchmark, achieving substantial reductions in reliance on parametric memory.
arXiv Detail & Related papers (2025-02-21T15:50:41Z) - Robust Utility-Preserving Text Anonymization Based on Large Language Models [80.5266278002083]
Anonymizing text that contains sensitive information is crucial for a wide range of applications.<n>Existing techniques face the emerging challenges of the re-identification ability of large language models.<n>We propose a framework composed of three key components: a privacy evaluator, a utility evaluator, and an optimization component.
arXiv Detail & Related papers (2024-07-16T14:28:56Z) - "Glue pizza and eat rocks" -- Exploiting Vulnerabilities in Retrieval-Augmented Generative Models [74.05368440735468]
Retrieval-Augmented Generative (RAG) models enhance Large Language Models (LLMs)
In this paper, we demonstrate a security threat where adversaries can exploit the openness of these knowledge bases.
arXiv Detail & Related papers (2024-06-26T05:36:23Z) - PassGPT: Password Modeling and (Guided) Generation with Large Language
Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation.
We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z) - On Deep Learning in Password Guessing, a Survey [4.1499725848998965]
This paper compares various deep learning-based password guessing approaches that do not require domain knowledge or assumptions about users' password structures and combinations.
We propose a promising research experimental design on using variations of IWGAN on password guessing under non-targeted offline attacks.
arXiv Detail & Related papers (2022-08-22T15:48:35Z) - Reinforcement Learning on Encrypted Data [58.39270571778521]
We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces.
Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
arXiv Detail & Related papers (2021-09-16T21:59:37Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.