Jisuanji kexue (Jan 2023)

Password Guessing Model Based on Reinforcement Learning

  • LI Xiaoling, WU Haotian, ZHOU Tao, LU Hui

DOI
https://doi.org/10.11896/jsjkx.211100001
Journal volume & issue
Vol. 50, no. 1
pp. 334 – 341

Abstract

Read online

Password guessing is an important research direction in password security.Password guessing based on generative adversarial network(GAN) is a new method proposed in recent years,which guides the update of the generator according to evaluation results on passwords generated by the discriminator.Consequently,password guessing sets can be generated with trained GANs.However,the existing GAN-based password guessing models have low efficiency due to inadequate guidance of the discriminator to the generator.To solve this problem,an improved GAN password guessing model AC-Pass based on reinforcement learning Actor-Critic algorithm is proposed.The AC-Pass model guides the update of the generation strategy of the Actor network at each time step through the output rewards of the discriminator and the Critic network,and realizes the reinforce guidance of password sequence generation process.The proposed AC-Pass model is implemented on RockYou,LinkedIn and CSDN data sets and compared with PCFG model and the existing GANs-based password guessing models such as PassGAN and seqGAN.Results on homologous testing sets and heterologous testing sets indicate that password cracking rate of AC-Pass model on the guessing set is higher than that of PassGAN and seqGAN.Moreover,AC-Pass shows better guessing performance than PCFG when the password spatial distribution between the testing set and the training set is significant.In addition,the AC-Pass model has a large password output space.As the size of password guessing set increases,the cracking rate continues to rise.

Keywords