Affiliation:
1. MIREA – Russian Technological University
2. SFB Laboratory
Abstract
Objectives. One of the most commonly used authentication methods in computer systems, password authentication is susceptible to various attacks including brute-force and dictionary attacks. This susceptibility requires not only the strict protection of user credentials, but also the definition of criteria for increasing a password’s strength to minimize the possibility of its exploitation by an attacker. Thus, an important task is the development of a verifier for checking passwords for strength and prohibiting the user from setting passwords that are susceptible to cracking. The use of machine learning methods to construct a verifier involves algorithms for formulating requirements for password complexity based on lists of known passwords available for each strength category.Methods. The proposed supervised machine learning algorithms comprise support vector machines, random forest, boosting, and long short-term memory (LSTM) recurrent neural network types. Embedding and term frequency–inverse document frequency (TF-IDF) methods are used for data preprocessing, while cross-validation is used for selecting hyperparameters.Results. Password strength recommendations and requirements from international and Russian standards are described. The existing methods of password strength verification in various operating systems are analyzed. The experimental results based on existing datasets comprising passwords having an associated level of strength are presented.Conclusions. A LSTM recurrent neural network is highlighted as one of the most promising areas for building a password strength verifier.
Subject
General Materials Science
Reference21 articles.
1. Conklin A., Dietrich G., Walz D. Password-based authentication: a system perspective. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences. 2004; IEEE. https://doi.org/10.1109/ HICSS.2004.1265412
2. Dell’Amico M., Michiardi P., Roudier Y. Password strength: An empirical analysis. In: 2010 Proceedings IEEE INFOCOM. 2010; IEEE. https://doi.org/10.1109/ INFCOM.2010.5461951
3. Chakrabarti S., Singhal M. Password-based authentication: Preventing dictionary attacks. Computer. 2007;40(6): 68–74. https://doi.org/10.1109/MC.2007.216
4. Shay R., Komanduri S., Kelley P.G., Leon P.G., Mazurek M.L., Bauer L., Christin N., Cranor L.F. Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security. 2010; Article 2. https://doi.org/10.1145/1837110.1837113
5. Селифанов В.В. Оценка эффективности системы защиты информации государственных информационных систем от несанкционированного доступа. Интеграция науки, общества, производства и промышленности: сборник статей Международной научно-практической конференции. 2016. С. 109–113. [Selifanov V.V. Evaluation of the efficiency of the information protection system of state information systems from unauthorized access. In: Integration of Science, Society, production and Industry: Collection of Articles of the International Scientific and Practical Conference. 2016. P. 109–113 (in Russ.).]
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献