Research Article
A Honeywords Generation Method Based on Deep Learning and Rule-Based Password Attack
@INPROCEEDINGS{10.1007/978-3-030-96791-8_22, author={Kunyu Yang and Xuexian Hu and Qihui Zhang and Jianghong Wei and Wenfen Liu}, title={A Honeywords Generation Method Based on Deep Learning and Rule-Based Password Attack}, proceedings={Security and Privacy in New Computing Environments. 4th EAI International Conference, SPNCE 2021, Virtual Event, December 10-11, 2021, Proceedings}, proceedings_a={SPNCE}, year={2022}, month={3}, keywords={Honeywords Deep learning Password attack Top-PW attack}, doi={10.1007/978-3-030-96791-8_22} }- Kunyu Yang
Xuexian Hu
Qihui Zhang
Jianghong Wei
Wenfen Liu
Year: 2022
A Honeywords Generation Method Based on Deep Learning and Rule-Based Password Attack
SPNCE
Springer
DOI: 10.1007/978-3-030-96791-8_22
Abstract
Honeywords is a simple and efficient method that can help the authentication server to detect password leaks. The indistinguishability between generated honeywords and real passwords is the key to the honeywords generation methods. However, the current honeywords generation methods are difficult to achieve that and are vulnerable to the Top-PW attack.
In order to improve the security of the honeywords generation method, this paper combines the deep learning and rule-based password attacks to propose a new honeywords generation method called GHDR. The method first builds a deep learning model to learn whether the rules used in the rule-based password attack are effective for different passwords. When a user sets a password, effective rules will be selected by the model according to the entered password, and then these selected rules will be used to transform the user’s password to generate honeywords. Experimental results show that the proposed honeywords generation method can better resist Top-PW attacks than the state-of-the-art methods.
