IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v25y2023i2d10.1007_s10796-022-10325-x.html
   My bibliography  Save this article

Password and Passphrase Guessing with Recurrent Neural Networks

Author

Listed:
  • Alex Nosenko

    (Santa Clara County Office of Education)

  • Yuan Cheng

    (California State University, Sacramento)

  • Haiquan Chen

    (California State University, Sacramento)

Abstract

Most online services continue their reliance on text-based passwords as the primary authentication mechanism. With a growing number of these services and the limited creativity to devise new memorable passwords, users tend to reuse their passwords across multiple platforms. These factors, combined with the increasing number of leaked passwords, make passwords vulnerable to cross-site guessing attacks. Over the years, researchers have proposed several prevalent methods to predict subsequently used passwords, such as dictionary attacks, rule-based approaches, neural networks, and combinations of the above. We exploit the correlation between the similarity and predictability of these subsequent passwords in a dataset of 28.8 million users and their 61.5 million passwords. We use a rule-based approach but delegate rule derivation, classification, and prediction to a Recurrent Neural Network (RNN). We limit the number of guessing attempts to ten yet get an astonishingly high prediction accuracy of up to 83% in under five attempts, twice as much as any other known model. The result makes our model effective for targeted online password guessing without getting spotted or locked out. To the best of our knowledge, this study is the first attempt of its kind using RNN. We also explore the use of RNN models in passphrase guessing. Passphrases are perceived to be more secure and easier to remember than passwords of the same length. We use a dataset that contains around 100,000 distinct phrases. We demonstrate that RNN models can predict complete passphrases given the initial word with rate up to 40%, which is twice better than other known approaches. Furthermore, our predictions can succeed in under 5,000 attempts, a 100% improvement compared to existing algorithms. In addition, this approach provides ease of deployment and low resource consumption. To our knowledge, it is the first attempt to exploit RNN for passphrase guessing.

Suggested Citation

  • Alex Nosenko & Yuan Cheng & Haiquan Chen, 2023. "Password and Passphrase Guessing with Recurrent Neural Networks," Information Systems Frontiers, Springer, vol. 25(2), pages 549-565, April.
    • Handle: RePEc:spr:infosf:v:25:y:2023:i:2:d:10.1007_s10796-022-10325-x
    DOI: 10.1007/s10796-022-10325-x
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-022-10325-x
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-022-10325-x?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Schumacher, Martin & Ro[ss]ner, Reinhard & Vach, Werner, 1996. "Neural networks and logistic regression: Part I," Computational Statistics & Data Analysis, Elsevier, vol. 21(6), pages 661-682, June.
    2. Vach, Werner & Ro[ss]ner, Reinhard & Schumacher, Martin, 1996. "Neural networks and logistic regression: Part II," Computational Statistics & Data Analysis, Elsevier, vol. 21(6), pages 683-701, June.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Sagar Samtani & Ziming Zhao & Ram Krishnan, 2023. "Secure Knowledge Management and Cybersecurity in the Era of Artificial Intelligence," Information Systems Frontiers, Springer, vol. 25(2), pages 425-429, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Leo Liberti, 2020. "Distance geometry and data science," TOP: An Official Journal of the Spanish Society of Statistics and Operations Research, Springer;Sociedad de Estadística e Investigación Operativa, vol. 28(2), pages 271-339, July.
    2. Jiangping Gao & Xiangyang Shi & Linghui Li & Ziqiang Zhou & Junfeng Wang, 2022. "Assessment of Landslide Susceptibility Using Different Machine Learning Methods in Longnan City, China," Sustainability, MDPI, vol. 14(24), pages 1-26, December.
    3. Zhang, G. Peter & Keil, Mark & Rai, Arun & Mann, Joan, 2003. "Predicting information technology project escalation: A neural network approach," European Journal of Operational Research, Elsevier, vol. 146(1), pages 115-129, April.
    4. Reggiani, Aura & Nijkamp, Peter & Nobilio, Lucia, 1997. "Spatial modal patterns in European freight transport networks: results of neurocomputing and logit models," Serie Research Memoranda 0029, VU University Amsterdam, Faculty of Economics, Business Administration and Econometrics.
    5. H. Pourghasemi & H. Moradi & S. Fatemi Aghda, 2013. "Landslide susceptibility mapping by binary logistic regression, analytical hierarchy process, and statistical index models and assessment of their performances," Natural Hazards: Journal of the International Society for the Prevention and Mitigation of Natural Hazards, Springer;International Society for the Prevention and Mitigation of Natural Hazards, vol. 69(1), pages 749-779, October.
    6. Rabiu Muazu Musa & Anwar P. P. Abdul Majeed & Zahari Taha & Siow Wee Chang & Ahmad Fakhri Ab. Nasir & Mohamad Razali Abdullah, 2019. "A machine learning approach of predicting high potential archers by means of physical fitness indicators," PLOS ONE, Public Library of Science, vol. 14(1), pages 1-12, January.
    7. Manojit Chattopadhyay & Subrata Kumar Mitra, 2017. "Applicability and effectiveness of classifications models for achieving the twin objectives of growth and outreach of microfinance institutions," Computational and Mathematical Organization Theory, Springer, vol. 23(4), pages 451-474, December.
    8. Gaudart, Jean & Giusiano, Bernard & Huiart, Laetitia, 2004. "Comparison of the performance of multi-layer perceptron and linear regression for epidemiological data," Computational Statistics & Data Analysis, Elsevier, vol. 44(4), pages 547-570, January.
    9. Marie Lebreton & Katia Melnik, 2009. "Voluntary Participation as a Determinant of Social Capital in France : Allowing for Parameter Heterogeneity," Working Papers halshs-00410530, HAL.
    10. Peltonen, Tuomas A., 2006. "Are emerging market currency crises predictable? A test," Working Paper Series 571, European Central Bank.
    11. Schumacher, Martin & Ro[ss]ner, Reinhard & Vach, Werner, 1996. "Neural networks and logistic regression: Part I," Computational Statistics & Data Analysis, Elsevier, vol. 21(6), pages 661-682, June.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:25:y:2023:i:2:d:10.1007_s10796-022-10325-x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.