基于GPT-2模型的姓氏口令猜测方法

doi:10.3778/j.issn.1673-9418.2407028

摘要/Abstract

摘要： 随着身份验证机制的多样化，口令作为一种传统且广泛采用的认证方法，其安全性面临着严峻的挑战。受到语言特性和文化差异的影响，中文用户的口令选择与英文用户有显著不同，这为猜测攻击提供了新的视角。为应对这一问题，提出了一种基于GPT-2模型的中文姓氏口令猜测方法，旨在有效提升对中文口令的猜测能力。该方法通过无监督微调，使预训练语言模型能够生成与姓氏密切相关的口令。为了弥补GPT-2对中文字符支持的不足，该模型利用新闻语料库作为预训练数据集，将中文文本转换为拼音形式，训练模型识别拼音，从而帮助模型更准确地理解中文用户的口令习惯。实验结果表明，该模型在口令猜测任务中显示出优越的性能，特别是在资源有限的情况下，相较于传统猜测方法和基于深度学习的口令攻击技术，实现了更高的攻击成功率。此外，还探讨了温度参数对口令猜测成功率的影响，指出了进一步提升口令安全性的潜在方向。

关键词: 口令安全, 中文口令, GPT-2模型, 口令猜测, 预训练语言模型

Abstract: As authentication mechanisms diversify, passwords, as a traditional and widely adopted authentication method, face severe security challenges. Due to linguistic characteristics and cultural differences, Chinese users?? password choices differ significantly from those of English-speaking users, providing new perspectives for guessability attacks. To address this issue, this paper proposes a Chinese surname-based password guessing method using the GPT-2 model, aiming to effectively enhance the guessing capability for Chinese passwords. The proposed method employs unsupervised fine-tuning to enable the pre-trained language model to generate passwords closely related to surnames. To compensate for GPT-2??s lack of support for Chinese characters, this model leverages a news corpus as the pre-training dataset, converting Chinese text into Pinyin and training the model to recognize Pinyin, thereby helping the model more accurately understand Chinese users' password habits. Experimental results demonstrate that the proposed model exhibits superior performance in password guessing tasks, particularly in resource-constrained environments, achieving higher success rates compared with traditional guessing methods and deep learning-based password attack techniques. Additionally, this paper explores the impact of temperature parameters on the success rate of password guessing, identifying potential directions for further improving password security.

Key words: password security, Chinese password, GPT-2 model, password guessing, pre-trained language model

林嘉熹, 钱秋妍, 曾剑平, 张尉东. 基于GPT-2模型的姓氏口令猜测方法[J]. 计算机科学与探索, 2025, 19(4): 1087-1094.

LIN Jiaxi, QIAN Qiuyan, ZENG Jianping, ZHANG Weidong. Surname Password Guessing Method Based on GPT-2[J]. Journal of Frontiers of Computer Science and Technology, 2025, 19(4): 1087-1094.

参考文献

[1] HERLEY C, VAN OORSCHOT P. A research agenda acknowledging the persistence of passwords[J]. IEEE Security & Privacy, 2012, 10(1): 28-36.
[2] FREEMAN D, JAIN S, DUERMUTH M, et al. Who are you? A statistical approach to measuring user authenticity[C]//Proceedings of the 23rd Annual Network and Distributed System Security Symposium, 2016: 21-24.
[3] VERAS R, COLLINS C, THORPE J. On semantic patterns of passwords and their security impact[C]//Proceedings of the 21st Annual?Network and Distributed System Security Symposium, 2014: 1-16.
[4] WANG D, WANG P, HE D B, et al. Birthday, Name and bifacial-security: understanding passwords of Chinese web users[C]//Proceedings of the 28th USENIX Security Symposium. Berkeley: USENIX Association, 2019: 1537-1555.
[5] ELMAN J. Finding structure in time[J]. Cognitive Science, 1990, 14(2): 179-211.
[6] HOCHREITER S, SCHMIDHUBER J. Long short-term memory[J]. Neural Computation, 1997, 9(8): 1735-1780.
[7] GOODFELLOW IJ, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems. Cambridge: MIT Press, 2014: 2672-2680.
[8] DEVLIN J, CHANG M W, LEE K, et al. BERT: pre-training of deep bidirectional transformers for language understanding[C]//Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. Stroudsburg: ACL, 2019: 4171-4186.
[9] BROWN T B, MANN B, RYDER N, et al. Language models are few-shot learners[C]//Proceedings of the 34th International Conference on Neural Information Processing Systems, 2020: 1877-1901.
[10] RANDO J, PEREZ-CRUZ F, HITAJ B. PassGPT: password modeling and (guided) generation with large language models[C]//Proceedings of the 28th European Symposium on Research in Computer Security. Cham: Springer, 2024: 164-183.
[11] PETRONI F, ROCKT?SCHEL T, RIEDEL S, et al. Language models as knowledge bases?[C]//Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing. Stroudsburg: ACL, 2019: 2463-2473.
[12] ROBERTS A, RAFFEL C, SHAZEER N. How much knowledge can you pack into the parameters of a language model?[C]//Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing. Stroudsburg: ACL, 2020: 5418-5426.
[13] MIKOLOV T, SUTSKEVER I, CHEN K, et al. Distributed representations of words and phrases and their compositionality[EB/OL]. [2024-05-10]. https://arxiv.org/abs/1310.4546.
[14] PENNINGTON J, SOCHER R, MANNING C. Glove: global vectors for word representation[C]//Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing. Stroudsburg: ACL, 2014: 1532-1543.
[15] VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need[C]//Advances in Neural Information Processing Systems 30, 2017.
[16] WEIR M, AGGARWAL S, DE MEDEIROS B, et al. Password cracking using probabilistic context-free grammars[C]//Proceedings of the 2009 30th IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2009: 391-405.
[17] CASTELLUCCIA C, DüRMUTH M, PERITO D. Adaptive password-strength meters from Markov models[C]//Proceedings of the 19th Network and Distributed System Security Symposium, 2012.
[18] LI Y, WANG H N, SUN K. Personal information in passwords and its security implications[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(10): 2320-2333.
[19] LI W D, ZENG J P. Leet usage and its effect on password security[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 2130-2143.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	0	14	0	4

	来源	本网站

	次数	18
	比例	100%

摘要

最新录用	在线预览	正式出版

20	0	8

	来源	本网站

	次数	28
	比例	100%