Enhancing Password Security Through a High-Accuracy Scoring Framework Using Random Forests
- URL: http://arxiv.org/abs/2511.09492v2
- Date: Fri, 14 Nov 2025 01:22:35 GMT
- Title: Enhancing Password Security Through a High-Accuracy Scoring Framework Using Random Forests
- Authors: Muhammed El Mustaqeem Mazelan, Noor Hazlina Abdul, Nouar AlDahoul,
- Abstract summary: We implement and evaluate a password strength scoring system by comparing four machine learning models.<n>Our primary contribution is a novel hybrid feature engineering approach that captures nuanced vulnerabilities missed by standard metrics.
- Score: 0.5097809301149341
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Password security plays a crucial role in cybersecurity, yet traditional password strength meters, which rely on static rules like character-type requirements, often fail. Such methods are easily bypassed by common password patterns (e.g., 'P@ssw0rd1!'), giving users a false sense of security. To address this, we implement and evaluate a password strength scoring system by comparing four machine learning models: Random Forest (RF), Support Vector Machine (SVM), a Convolutional Neural Network (CNN), and Logistic Regression with a dataset of over 660,000 real-world passwords. Our primary contribution is a novel hybrid feature engineering approach that captures nuanced vulnerabilities missed by standard metrics. We introduce features like leetspeak-normalized Shannon entropy to assess true randomness, pattern detection for keyboard walks and sequences, and character-level TF-IDF n-grams to identify frequently reused substrings from breached password datasets. our RF model achieved superior performance, achieving 99.12% accuracy on a held-out test set. Crucially, the interpretability of the Random Forest model allows for feature importance analysis, providing a clear pathway to developing security tools that offer specific, actionable feedback to users. This study bridges the gap between predictive accuracy and practical usability, resulting in a high-performance scoring system that not only reduces password-based vulnerabilities but also empowers users to make more informed security decisions.
Related papers
- When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking [0.41998444721319217]
We conduct an empirical investigation into the efficacy of pre-trained Large Language Models for password cracking using synthetic user profiles.<n>We evaluate the performance of state-of-the-art open-source LLMs by prompting them to generate plausible passwords based on structured user attributes.<n>Our results, measured using Hit@1, Hit@5, and Hit@10 metrics, reveal consistently poor performance, with all models achieving less than 1.5% accuracy at Hit@10.
arXiv Detail & Related papers (2025-10-18T02:15:28Z) - MoPE: A Mixture of Password Experts for Improving Password Guessing [10.399922446362417]
We propose MoPE, specifically designed to leverage the structural patterns in passwords to improveguessing performance.<n>Our evaluation shows that MoPE significantly outperforms existing state-of-the-art baselines in both offline and online guessing scenarios.
arXiv Detail & Related papers (2025-09-20T07:30:15Z) - Evaluating Language Model Reasoning about Confidential Information [95.64687778185703]
We study whether language models exhibit contextual robustness, or the capability to adhere to context-dependent safety specifications.<n>We develop a benchmark (PasswordEval) that measures whether language models can correctly determine when a user request is authorized.<n>We find that current open- and closed-source models struggle with this seemingly simple task, and that, perhaps surprisingly, reasoning capabilities do not generally improve performance.
arXiv Detail & Related papers (2025-08-27T15:39:46Z) - Secure Tug-of-War (SecTOW): Iterative Defense-Attack Training with Reinforcement Learning for Multimodal Model Security [63.41350337821108]
We propose Secure Tug-of-War (SecTOW) to enhance the security of multimodal large language models (MLLMs)<n>SecTOW consists of two modules: a defender and an auxiliary attacker, both trained iteratively using reinforcement learning (GRPO)<n>We show that SecTOW significantly improves security while preserving general performance.
arXiv Detail & Related papers (2025-07-29T17:39:48Z) - One Token to Fool LLM-as-a-Judge [52.45386385722788]
Large language models (LLMs) are increasingly trusted as automated judges, assisting evaluation and providing reward signals for training other models.<n>We uncover a critical vulnerability even in this reference-based paradigm: generative reward models are systematically susceptible to reward hacking.
arXiv Detail & Related papers (2025-07-11T17:55:22Z) - Adversarial Machine Learning for Robust Password Strength Estimation [0.0]
This study focuses on developing robust password strength estimation models using adversarial machine learning.<n>We apply five classification algorithms and use a dataset with more than 670,000 samples of adversarial passwords to train the models.<n>Results demonstrate that adversarial training improves password strength classification accuracy by up to 20% compared to traditional machine learning models.
arXiv Detail & Related papers (2025-05-31T03:54:04Z) - Password Strength Detection via Machine Learning: Analysis, Modeling, and Evaluation [0.8225825738565354]
This study introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of machine learning in the realm of password security.<n>We extract multiple characteristics of passwords, including length, the number of digits, the number of uppercase and lowercase letters, and the number of special characters.
arXiv Detail & Related papers (2025-05-22T09:27:40Z) - Lie Detector: Unified Backdoor Detection via Cross-Examination Framework [68.45399098884364]
We propose a unified backdoor detection framework in the semi-honest setting.<n>Our method achieves superior detection performance, improving accuracy by 5.4%, 1.6%, and 11.9% over SoTA baselines.<n> Notably, it is the first to effectively detect backdoors in multimodal large language models.
arXiv Detail & Related papers (2025-03-21T06:12:06Z) - PassGPT: Password Modeling and (Guided) Generation with Large Language
Models [59.11160990637616]
We present PassGPT, a large language model trained on password leaks for password generation.
We also introduce the concept of guided password generation, where we leverage PassGPT sampling procedure to generate passwords matching arbitrary constraints.
arXiv Detail & Related papers (2023-06-02T13:49:53Z) - Security and Privacy Enhanced Gait Authentication with Random
Representation Learning and Digital Lockers [3.3549957463189095]
Gait data captured by inertial sensors have demonstrated promising results on user authentication.
Most existing approaches stored the enrolled gait pattern insecurely for matching with the pattern, thus, posed critical security and privacy issues.
We present a gait cryptosystem that generates from gait data the random key for user authentication, meanwhile, secures the gait pattern.
arXiv Detail & Related papers (2021-08-05T06:34:42Z) - RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
Federated Learning allows a large number of clients to train a joint model without the need to share their private data.
To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation.
We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
arXiv Detail & Related papers (2021-07-07T15:42:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.