• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

TG-SPSR: A Systematic Targeted Password Attacking Model


Abstract

Identity authentication is a crucial line of defense for network security, and passwords are still the mainstream of identity authentication. So far trawling password attacking has been extensively studied, but the research related with personal information is always sporadic. Probabilistic context-free grammar (PCFG) and Markov chain-based models perform greatly well in trawling guessing. In this paper we propose a systematic targeted attacking model based on structure partition and string reorganization by migrating the above two models to targeted attacking, denoted as TG-SPSR. In structure partition phase, besides dividing passwords to basic structure similar to PCFG, we additionally define a trajectory-based keyboard pattern in the basic grammar and introduce index bits to accurately characterize the position of special characters. Moreover, we also construct a BiLSTM recurrent neural network classifier to characterize the behavior of password reuse and modification after defining nine kinds of modification rules. Extensive experimental results indicate that in online attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 275%, and respectively outperforms its foremost counterparts, Personal-PCFG, TarGuess-I, by about 70% and 19%; In offline attacking, TG-SPSR outperforms traditional trawling attacking algorithms by average about 90%, outperforms Personal-PCFG and TarGuess-I by 85% and 30%, respectively.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Mengli Zhang, Qihui Zhang, Wenfen Liu, Xuexian Hu and Jianghong Wei, "TG-SPSR: A Systematic Targeted Password Attacking Model," KSII Transactions on Internet and Information Systems, vol. 13, no. 5, pp. 2674-2697, 2019. DOI: 10.3837/tiis.2019.05.024

[ACM Style]
Zhang, M., Zhang, Q., Liu, W., Hu, X., and Wei, J. 2019. TG-SPSR: A Systematic Targeted Password Attacking Model. KSII Transactions on Internet and Information Systems, 13, 5, (2019), 2674-2697. DOI: 10.3837/tiis.2019.05.024