基于真实数据挖掘的口令脆弱性评估及恢复
发布时间:2019-05-27 15:44
【摘要】:通过对大规模的真实口令数据进行分析挖掘,获得若干统计特征及口令设置规则,并将这些统计特征和规则成功应用于口令的脆弱性评估及恢复系统.以83 454 724条真实明文口令为研究对象,详细统计了它们的长度、字符种类、组合类型等各项特征,分析了口令和账号、邮箱之间的关系,挖掘了同一个人的口令在不同网站之间的关系,并统计了常用黑客字典对真实口令库的覆盖情况,总结出若干条用户设置口令的真实规则.在这些规则和统计特征的基础上,提出并设计了基于规则的口令脆弱性评估算法和口令恢复系统.测试证明,该文算法计算的口令强度分数与专家打分的拟合度分别高达97.4%(误差小于等于5%)、82.7%(误差小于等于4%).与共享软件相比,文中提出的口令恢复系统成功的概率平均提高了7.5%~66.7%.尽管文中的规则总结自中国口令库,但其统计挖掘方法可以适用于国际口令库.
[Abstract]:Through the analysis and mining of large-scale real password data, some statistical features and password setting rules are obtained, and these statistical features and rules are successfully applied to password vulnerability assessment and recovery system. In this paper, 83,454724 real plaintext passwords are taken as the research object, their length, character types and combination types are counted in detail, and the relationship between passwords, account numbers and mailboxes is analyzed. This paper excavates the relationship between different websites of the same person's password, counts the coverage of the common hacker dictionary to the real command library, and sums up some real rules for users to set the password. On the basis of these rules and statistical characteristics, a rule-based password vulnerability assessment algorithm and password recovery system are proposed and designed. The test results show that the fitting degree of the password strength fraction calculated by the algorithm is 97.4% (the error is less than or equal to 5%) and the error is 82.7% (the error is less than or equal to 4%). Compared with the shared software, the probability of success of the password recovery system proposed in this paper is 7.5% 鈮,
本文编号:2486272
[Abstract]:Through the analysis and mining of large-scale real password data, some statistical features and password setting rules are obtained, and these statistical features and rules are successfully applied to password vulnerability assessment and recovery system. In this paper, 83,454724 real plaintext passwords are taken as the research object, their length, character types and combination types are counted in detail, and the relationship between passwords, account numbers and mailboxes is analyzed. This paper excavates the relationship between different websites of the same person's password, counts the coverage of the common hacker dictionary to the real command library, and sums up some real rules for users to set the password. On the basis of these rules and statistical characteristics, a rule-based password vulnerability assessment algorithm and password recovery system are proposed and designed. The test results show that the fitting degree of the password strength fraction calculated by the algorithm is 97.4% (the error is less than or equal to 5%) and the error is 82.7% (the error is less than or equal to 4%). Compared with the shared software, the probability of success of the password recovery system proposed in this paper is 7.5% 鈮,
本文编号:2486272
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2486272.html
