PassTSL: Yin Kwatancen Kalmomin Sirri na Mutane ta Hanyar Koyo Mai Matakai Biyu - Bincike Mai Zurfi kan Fasa Kalmomin Sirri da Kuma Kimanta Ƙarfinsu ta hanyar NLP

Teburin Abubuwan Ciki

1. Taƙaitaccen Bayani da Babban Tunani
2. Gabatarwa: Matsalar Kalmar Sirri
3. Tsarin PassTSL
- 3.1 Tsarin Koyo Mai Matakai Biyu
- 3.2 Transformer da Hanyar Hankali-Kai
4. Sakamakon Gwaji da Aiki
- 4.1 Aikin Fasa Kalmar Sirri
- 4.2 Kimanta Ma'aunin Ƙarfin Kalmar Sirri (PSM)
5. Bayanan Fasaha da Tsarin Lissafi
6. Tsarin Bincike: Misali na Musamman
7. Bincike Mai Zurfi: Babban Tunani, Tsarin Tunani, Ƙarfi da Rashi, Shawarwari Masu Amfani
8. Bincike na Asali da Ma'anoni Masu Faɗi
9. Aikace-aikace na Gaba da Hanyoyin Bincike
10. Manazarta

1. Taƙaitaccen Bayani da Babban Tunani

PassTSL ya gabatar da wani sabon salo na yin kwatancen kalmomin sirri ta hanyar amfani da tsarin koyo mai matakai biyu wanda aka yi wahayi daga horarwa-fine-tuning na NLP. Babban tunanin shi ne cewa kalmomin sirri da mutane ke ƙirƙira, ko da yake sun bambanta da harshe na halitta, suna da isasshen halaye na tsari da ma'ana don amfana daga gine-ginen da suka dogara da transformer. Wannan hanya ta nuna fifiko a kan duk wasu hanyoyin SOTA, gami da Markov chains, RNNs, da GANs, da babban rata (4.11% zuwa 64.69%) a ayyukan fasa kalmar sirri. Bugu da ƙari, yana ba da damar kimanta ƙarfin kalmar sirri daidai, yana rage haɗarin kuskuren tabbatar da ƙarfi (wato, ƙididdige ƙarfi fiye da yadda yake) idan aka kwatanta da kayan aiki kamar zxcvbn.

2. Gabatarwa: Matsalar Kalmar Sirri

Kalmomin sirri na rubutu sun kasance mafi yawan hanyar tabbatarwa duk da sanannun rauninsu. Kalmomin sirri da mutane ke ƙirƙira galibi ana iya tsinkaya, suna bin tsarin da aka samo daga harshe na halitta, jerin maɓallan rubutu, da bayanan sirri. Hanyoyin SOTA na yanzu sun haɗa da Markov chains, samfuran tushen tsari, RNNs, da GANs. Duk da haka, waɗannan hanyoyin galibi suna fafitikar ɗaukar dogon-zango dependencies da tsarin ma'ana mai rikitarwa. PassTSL ya magance wannan ta hanyar amfani da samfurin tushen transformer, wanda ya ƙware wajen koyan alaƙar mahallin ta hanyar hankali-kai.

3. Tsarin PassTSL

3.1 Tsarin Koyo Mai Matakai Biyu

PassTSL yana amfani da tsari mai matakai biyu: horarwa ta farko a kan babban bayanan kalmar sirri na gaba ɗaya (misali, RockYou) don koyan tsarin kalmar sirri na duniya, sannan fine-tuning a kan ƙaramin bayanan da aka yi niyya (misali, LinkedIn). Wannan hanya tana ba da damar samfurin ya dace da halaye na musamman na saitin kalmomin sirri daban-daban, yana haɓaka daidaiton fasa sosai. Marubutan sun nuna cewa ko da ƙaramin adadin bayanan fine-tuning (0.1% na bayanan horarwa ta farko) na iya haifar da ingantawa fiye da 3%.

3.2 Transformer da Hanyar Hankali-Kai

Jigon PassTSL shine mai canza transformer, wanda ke amfani da hankali-kai don auna mahimmancin haruffa daban-daban a cikin jerin kalmar sirri. Ba kamar RNNs ba, waɗanda ke sarrafa jerin mataki-mataki, transformers na iya kula da duk wurare a lokaci guda, suna ɗaukar dogon-zango dependencies kamar "q1w2e3" inda tsarin ya dogara da maɓallan rubutu. Samfurin yana tsinkayar harafin da ke gaba bisa ga mahallin da ya gabata, wanda aka tsara shi azaman $P(x_t | x_1, x_2, ..., x_{t-1})$.

4. Sakamakon Gwaji da Aiki

4.1 Aikin Fasa Kalmar Sirri

An gwada PassTSL a kan manyan bayanan kalmar sirri guda shida da aka fallasa (misali, RockYou, LinkedIn, MySpace). Ya ci gaba da yin nasara a kan hanyoyin SOTA guda biyar (Markov, RNN, GAN, da sauransu) a yawan fasa. Misali, a zato 10^10, PassTSL ya fasa kalmomin sirri 64.69% fiye da mafi kyawun tushe akan bayanan LinkedIn. Ingantawa ya fi bayyana a kan bayanan da ke da tsarin tsari mai ƙarfi.

4.2 Kimanta Ma'aunin Ƙarfin Kalmar Sirri (PSM)

An daidaita PassTSL zuwa PSM ta hanyar amfani da rikitarwar samfurin (ko yuwuwar) azaman maki ƙarfi. Idan aka kwatanta da zxcvbn da PSM na tushen hanyar sadarwa, PassTSL ya samar da ƙananan kurakurai marasa aminci (ƙididdige ƙarfi fiye da yadda yake) a daidai adadin kurakurai masu aminci (ƙididdige ƙarfi ƙasa da yadda yake). Wannan yana da mahimmanci ga tsaro na ainihi, saboda ƙididdige ƙarfi fiye da yadda yake yana ba masu amfani tunanin tsaro na ƙarya.

5. Bayanan Fasaha da Tsarin Lissafi

An horar da samfurin don rage rashin yuwuwar log na mummunan jerin kalmar sirri:

$L = -\sum_{t=1}^{T} \log P(x_t | x_1, ..., x_{t-1})$

inda $T$ shine tsawon kalmar sirri. Hanyar hankali-kai tana ƙididdige maki hankali $A_{ij} = \text{softmax}(Q_i K_j^T / \sqrt{d_k})$, inda $Q$ da $K$ sune matrices na tambaya da maɓalli, kuma $d_k$ shine girman maɓalli. Tsarin fine-tuning yana amfani da ƙaramin ƙimar koyo da ƙananan lokuta don guje wa mantawa da ilimin da aka horar da shi.

6. Tsarin Bincike: Misali na Musamman

Yanayi: Wani mai binciken tsaro yana son kimanta ƙarfin kalmomin sirri daga sabon, ƙaramin bayanan (misali, kalmomin sirri 10,000 daga fallasa kamfani).

Mataki na 1: Horarwa ta Farko. Yi amfani da PassTSL da aka horar da shi akan RockYou (kalmomin sirri miliyan 32).

Mataki na 2: Fine-tuning. Yi fine-tuning samfurin akan kalmomin sirri 10,000 da aka fallasa na tsawon lokuta 5 tare da ƙimar koyo na 1e-5.

Mataki na 3: Fasa. Ƙirƙiri manyan kalmomin sirri 10^9 mafi yuwuwa daga samfurin da aka yi fine-tuning.

Mataki na 4: Kimanta Ƙarfi. Ga sabuwar kalmar sirri "P@ssw0rd123", ƙididdige rikitarwarta: $\text{Perplexity} = \exp(-\frac{1}{T} \sum \log P(x_t))$. Ƙananan rikitarwa yana nuna kalmar sirri mai rauni.

Sakamako: Samfurin da aka yi fine-tuning ya fasa kalmomin sirri 15% fiye da samfurin da aka horar da shi akan RockYou kawai, kuma PSM ya yi daidai da alamar "P@ssw0rd123" a matsayin mai rauni (rikitarwa = 12.3) yayin da zxcvbn ya ƙididdige shi a matsayin "mai ƙarfi" (maki 4/4).

7. Bincike Mai Zurfi: Babban Tunani, Tsarin Tunani, Ƙarfi da Rashi, Shawarwari Masu Amfani

Babban Tunani: Babban ra'ayin takardar—cewa za a iya inganta yin kwatancen kalmar sirri sosai ta hanyar ɗaukar shi azaman matsala ta NLP mai matakai biyu—ba kawai wayo ba ne; ci gaba ne da ake buƙata. Fannin ya kasance yana tafiya tare da samfuran Markov marasa zurfi da GANs marasa kwanciyar hankali. Amfani da PassTSL na transformers shine aikace-aikace mai ma'ana, ko da yake ya ɗan jinkarta, na mafi ƙarfin tsarin yin kwatancen jerin da ake da shi.

Tsarin Tunani: Hujjar tana gudana a sarari: (1) Kalmomin sirri suna kama da harshe, (2) Transformers sune mafi kyau a yin kwatancen harshe, (3) Koyo mai matakai biyu yana dacewa da takamaiman bayanan, (4) Don haka, PassTSL ya kamata ya yi nasara. Tabbatar da gwaji yana da ƙarfi, tare da bayanan guda shida da tushe da yawa. Duk da haka, takardar ta yi watsi da farashin lissafi na horar da transformer akan miliyoyin kalmomin sirri, wanda shine babban shingen aiki.

Ƙarfi da Rashi: Babban ƙarfin shine girman nasarar aiki—ingantawar 64.69% a yawan fasa ba ƙarami ba ne; tsalle ne. Sakamakon PSM kuma yana da jan hankali, yana magance buƙatar tsaro ta ainihi kai tsaye. Babban rashi shine rashin tattaunawa kan juriya na adawa. Idan maharin ya yi amfani da irin wannan samfurin mai matakai biyu don ƙirƙirar kalmomin sirri da za su yaudari PSM na PassTSL fa? Takardar kuma ba ta bincika illolin ɗabi'a na sanya irin wannan kayan aikin fasa mai ƙarfi a fili ba.

Shawarwari Masu Amfani: Ga masu aikin tsaro, abin da za a ɗauka nan take shine cewa dole ne manufofin kalmar sirri su canza. Tsayi da rikitarwa ba su isa ba idan maharin zai iya yin kwatancen tsarin da ke ƙasa. Ƙungiyoyi su ɗauki PSMs bisa ga samfuran ci gaba kamar PassTSL. Ga masu bincike, mataki na gaba shine bincika hanyoyin tsaro, kamar horarwa ta adawa don sanya ƙirƙirar kalmar sirri ta zama ba za a iya tsinkaya ba. Takardar kuma tana nuna cewa masu sarrafa kalmomin sirri da masu ƙirƙirar kalmomin sirri na bazuwar su ne kawai zaɓi mai aminci ga irin waɗannan samfuran.

8. Bincike na Asali da Ma'anoni Masu Faɗi

PassTSL yana wakiltar babbar gudummawar fasaha, amma ma'anarsa ta wuce ma'aunin aiki kawai. Takardar ta tabbatar da wani hasashe da ke yawo a cikin al'ummar tsaro ta yanar gizo: cewa iyaka tsakanin harshe na halitta da tsarin kalmar sirri yana da isasshen buɗaɗɗen don ba da damar koyo na canja wuri. Wannan yana tunatar da yadda CycleGAN (Zhu et al., 2017) ya nuna cewa za a iya yin fassarar hoto-zuwa-hoto ba tare da misalai guda biyu ba, wanda ya canza fannin hangen nesa na kwamfuta gaba ɗaya. Hakazalika, PassTSL ya nuna cewa samfurin da aka horar da shi akan bayanan kalmar sirri ɗaya za a iya daidaita shi zuwa wani da ƙarancin bayanai, wani binciken da zai iya daidaita ikon fasa kalmomin sirri.

Duk da haka, wannan daidaitawa takobi ne mai kaifi biyu. Kamar yadda Cibiyar Ƙididdiga ta Ƙasa (NIST) ta lura a cikin Jagororin Asalin Dijital (SP 800-63B), tsaron kalmar sirri ya dogara da zaton cewa maharan suna da iyakacin albarkatun lissafi da samfuran gaba ɗaya. PassTSL ya kalubalanci wannan zato ta hanyar nuna cewa za a iya gina samfuran da aka yi niyya, masu inganci tare da ƙarancin bayanan fine-tuning. Wannan farkawa ce ga masu tsara dokoki da masu gudanar da tsarin.

Daga mahangar fasaha, amfani da bambance-bambancen Jensen-Shannon don zaɓin bayanan fine-tuning na heuristic mataki ne mai wayo, ko da yake na farko. Yana nuna cewa ba duk kalmomin sirri suke daidai da amfani don daidaita samfurin ba, ra'ayi da za a iya bincika shi sosai tare da dabarun koyo mai aiki. Takardar ta mayar da hankali kan ma'aunin ƙarfin kalmar sirri kuma abin yabawa ne, saboda yana haɗa gada tsakanin bincike na ilimi da kayan aiki na aiki. Duk da haka, kimanta PSM ya iyakance ga kwatanta da zxcvbn da hanyar sadarwa guda ɗaya; ma'auni mai cikakken bayani game da PSMs na kasuwanci (misali, waɗanda Google ko Microsoft ke amfani da su) zai ƙarfafa da'awar.

A ƙarshe, PassTSL takarda ce mai mahimmanci wacce za ta iya yin tasiri ga dabarun fasa kalmomin sirri da tsaro na shekaru masu zuwa. Babban gudummawarta ba kawai sabon samfurin ba ne, amma sabon tsarin tunani game da tsaron kalmar sirri a zamanin manyan samfuran harshe. Babban tambayar da ke gaba ba ita ce ko maharan za su iya gina irin waɗannan samfuran ba—suna iya—amma yadda masu tsaro za su dace. Amsar ta ta'allaka ne a kan barin kalmomin sirri da masu amfani suka zaɓa gaba ɗaya, zuwa hanyoyin tabbatarwa marasa kalmar sirri kamar WebAuthn da FIDO2, waɗanda ke da juriya ga irin waɗannan hare-haren kwatancen.

9. Aikace-aikace na Gaba da Hanyoyin Bincike

Manufofin Kalmar Sirri Masu Daidaitawa: Yi amfani da PassTSL don kimanta ƙarfin kalmar sirri a lokacin ƙirƙira, yana ba da amsa nan take ga masu amfani.
Fasa Kalmar Sirri da aka Yi Niyya: Jami'an tsaro da masu gwajin shiga za su iya amfani da samfuran PassTSL da aka yi fine-tuning don fasa kalmomin sirri daga takamaiman ƙungiyoyi ko mutane.
Ƙirƙirar Kalmar Sirri ta Adawa: Haɓaka samfuran da ke ƙirƙirar kalmomin sirri da aka tsara musamman don yaudarar PSMs na tushen PassTSL, wanda zai haifar da wasan kyanwa da bera.
Kwatancen Kalmar Sirri Mai Nau'o'i Da yawa: Haɗa takamaiman bayanan mai amfani (misali, ranar haihuwa, suna) cikin samfurin don fasa mafi inganci.
Koyo na Tarayya don Sirri: Horar da PassTSL a cikin ƙungiyoyi da yawa ba tare da raba bayanan kalmar sirri na ainihi ba, yana ba da damar tsaro na haɗin gwiwa.

10. Manazarta

Li, H., Wang, Y., Qiu, W., Li, S., & Tang, P. (2024). PassTSL: Modeling Human-Created Passwords through Two-Stage Learning. arXiv:2407.14145.
Zhu, J. Y., Park, T., Isola, P., & Efros, A. A. (2017). Unpaired Image-to-Image Translation using Cycle-Consistent Adversarial Networks. In ICCV.
National Institute of Standards and Technology (NIST). (2020). Digital Identity Guidelines: Authentication and Lifecycle Management (SP 800-63B).
Melicher, W., Ur, B., Segreti, S. M., Komanduri, S., Bauer, L., Christin, N., & Cranor, L. F. (2016). Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. In USENIX Security.
Wheeler, D. L. (2016). zxcvbn: Low-Budget Password Strength Estimation. In USENIX Security.