Ƙididdigar Ƙarfin Kalmar Sirri Mai Ingantacciyar Inganci Ta Amfani da Dazuzzukan Bazuwar

1. Gabatarwa

Kalmomin sirri sune babbar hanyar tabbatar da ainihi, duk da haka suna wakiltar rauni mai mahimmanci. Ma'aunin ƙarfin kalmar sirri na gargajiya, waɗanda suka dogara da ƙa'idodi masu tsayi kamar buƙatun nau'in haruffa (LUDS), ba su isa don yaƙi da hare-haren zato na zamani ba. Waɗannan hanyoyin sun kasa gano tsarin da ake iya hasasawa (misali, 'P@ssw0rd1!'), wanda ke haifar da tunanin tsaro na ƙarya. Wannan takarda tana magance wannan gibi ta hanyar gabatar da tsarin ƙididdiga na tushen koyon inji wanda ke kimanta ƙarfin kalmar sirri daidai ta hanyar koyo daga bayanan kalmar sirri na ainihi da ingantaccen injiniyan siffofi.

2. Ayyukan Da Suka Gabata

Wannan sashe yana bitar ci gaban kimanta ƙarfin kalmar sirri, tun daga masu duba na tushen ƙa'ida na farko zuwa hanyoyin ƙididdiga na zamani kamar samfuran Markov da hanyoyin sadarwar jijiyoyi. Yana sukar iyakokin hanyoyin da suka tsaya cikakkun waɗanda suka yi watsi da tsarin ma'ana da raunin mahallin, yana shirya fage don hanyar da aka gabata ta tushen bayanai, mai cike da siffofi.

3. Hanyar Da Aka Gabatar

Jigon hanyarmu shine bututun injiniyan siffofi na haɗaka wanda ke ciyar da tsarin koyon inji na kwatance.

3.1. Bayanan Aiki & Shirye-shiryen Farka

An yi amfani da bayanan aiki na fiye da kalmomin sirri 660,000 na ainihi daga keta da aka sani. An yiwa kalmomin sirri lakabi da 'rauni' ko 'ƙarfi' dangane da juriyarsu ga yunƙurin fashewa (misali, ta amfani da kayan aiki kamar Hashcat tare da tsarin ƙa'idodi na gama gari).

3.2. Injiniyan Siffofi Na Haɗaka

Mun wuce ma'auni na asali (tsawon, ƙarancin tsari) don ɗaukar raunin da ba a iya gani ba:

Ƙarancin Tsari Na Shannon Mai Daidaitaccen Leetspeak: Yana ƙididdige ƙarancin tsari bayan juyar da maye gurbin haruffa na gama gari (misali, '@' -> 'a', '3' -> 'e') don kimanta bazuwar gaskiya.
Gano Tsari: Yana gano tafiya ta madannai (misali, 'qwerty'), jerin gwano (misali, '12345'), da maimaita haruffa.
TF-IDF N-grams Na Matakin Haruffa: Yana ciro ɓangarori na kalmomin sirri da suka faru akai-akai daga bayanan aikin da aka keta don alamar guntuwar kalmar sirri da ake amfani da ita akai-akai.
Daidaitawar Ƙamus: Yana duba kasancewar kalmomi daga ƙamus da yawa (Turanci, sunaye, wurare).

3.3. Tsarin Samfurin & Horarwa

An horar da samfura huɗu kuma aka kwatanta su: Dajin Bazuwar (RF), Injin Tallafi Mai Ƙarfafawa (SVM), Hanyar Sadarwar Jijiyoyi Mai Haɗawa (CNN) don nazarin jerin gwano, da Koma Bayan Logistic a matsayin tushe. An raba bayanan aikin zuwa horo 70%, tabbatarwa 15%, da gwaji 15%.

4. Sakamako & Bincike

4.1. Ma'aunin Aiki

Samfurin Dajin Bazuwar ya sami ingantaccen aiki:

Inganci Na Saitin Gwaji

99.12%

Dajin Bazuwar

Inganci Na Kwatance

SVM: 97.45%
CNN: 98.01%
Koma Bayan Logistic: 95.88%

Bayanin Chati: Chati na sanduna zai nuna a zahiri jagorancin Dajin Bazuwar a cikin inganci akan sauran samfuran uku. Matrix na rudani don samfurin RF zai nuna ƙananan ƙididdiga marasa kyau (kuskuren rarraba kalmomin sirri masu rauni a matsayin ƙarfi), wanda yake da mahimmanci ga tsaro.

4.2. Muhimmancin Siffofi

Fahimtar Dajin Bazuwar ya ba da damar yin bincike kan muhimmancin siffofi. Manyan masu ba da gudummawa ga yanke shawarar samfurin sune:

Ƙarancin Tsari Mai Daidaitaccen Leetspeak
Kasancewar Kalmomin Ƙamus
Makin Tsarin Madannai
Makin TF-IDF don guntuwar kalmomi 3 na gama gari
Tsawon Kalmar Sirri Danye

Wannan binciken yana tabbatar da cewa sabbin siffofi (ƙarancin tsari mai daidaitawa, tsari) sun fi bambanta fiye da ma'aunin tsawon tushen gargajiya kaɗai.

5. Tattaunawa & Ayyukan Gaba

Hangen Nesa na Aikace-aikace: Ana iya haɗa wannan tsarin ƙididdiga cikin mu'amalar ƙirƙirar kalmar sirri na ainihin lokaci (misali, yayin rajistar mai amfani) don ba da takamaiman amsa mai aiki (misali, "Kalmar sirrinka tana ɗauke da tafiya ta madannai na gama gari 'qwerty'."). Hakanan ana iya amfani da shi don binciken lokaci-lokaci na bayanan aikin kalmar sirri da ke akwai.

Hanyoyin Gaba:

Koyo Mai Daidaitawa: Ci gaba da sabunta samfurin tare da sabbin bayanan keta da sabbin tsarin hare-hare (misali, zato na kalmar sirri da AI ta ƙirƙira).
Mahalli Na Harsuna Da Al'adu: Faɗaɗa ɗakunan ajiya na ƙamus da tsari don rufe harsunan da ba Turanci ba da kalmomin sirri na musamman na al'adu.
Koyo Na Tarayya: Horar da samfura akan bayanan kalmar sirri marasa tsakiya ba tare da fallasa kalmomin sirri danye ba, yana haɓaka sirri.
Haɗawa Tare da Masu Gudanar da Kalmomin Sirri: Yi amfani da samfurin don kimantawa da ba da shawarar jimloli masu ƙarfi, amma masu tunawa.

6. Ra'ayin Mai Bincike: Rarrabuwa Ta Matakai Hudu

Fahimta Ta Asali: Wannan takarda tana isar da gaskiya mai mahimmanci, amma sau da yawa ana yin watsi da ita: tsaron kalmar sirri matsala ce ta gane tsari, ba aikin bin ƙa'ida ba. Marubutan sun gano daidai cewa abokin gaba ba kawai gajerun kalmomin sirri ba ne, amma waɗanda ake iya hasasawa—wani abu da ba a iya gani ba wanda ya ɓace akan yawancin kayan aikin tsaro masu bin ƙa'ida. Ingancinsu na 99.12% ba lamba kawai ba ce; yana zargi kai tsaye ga masu duba na tushen LUDS waɗanda har yanzu suna cikin tsarin da ba a iya ƙidaya ba.

Kwararar Ma'ana: Hujjar tana da tsari mai jan hankali. Ta fara ne ta hanyar rushe fasahar da ke kan mulki (ƙa'idodi masu tsayi), ta kafa buƙatar tsarin koyo, sannan ta gina hujjarta brik da brik: ingantaccen bayanan aiki, injiniyan siffofi mai hazaka (ƙarancin tsari na leetspeak yana da fasaha), da kwatancen samfurin mai aiki. Zaɓin Dajin Bazuwar motsi ne mai hikima—yana sadaukar da ɗan ƙaramin yuwuwar aikin koyon zurfi don ma'auni na zinare na fahimta, wanda ba za a iya sasantawa ba don shawarar tsaro ta fuskar mai amfani.

Ƙarfi & Kurakurai: Ƙarfi a zahiri yana cikin saitin siffofi. Bayan wucewa daga jagororin NIST SP 800-63B, suna kai hari kan matsalar kamar masu binciken sirri, ba ma'aikatan gwamnati ba. Kurakurai, kamar yadda yake da kowane samfuri mai kulawa, shine dogaronsa ga bayanan tarihi. Yana da fasaha wajen kama 'P@ssw0rd1!' na jiya, amma ta yaya zai yi da kalmomin sirri na AI da aka ƙirƙira, waɗanda aka yi musu bayanin tunani na gobe? Samfurin yana da amsa, ba mai gabatarwa ba. Bugu da ƙari, yayin da bayanan aiki suka yi girma, wakilcinsa na duniya, halayen kalmar sirri na harsuna da yawa ba a tabbatar da shi ba.

Fahimta Mai Aiki: Ga CISOs, abin da za a ɗauka a bayyane yake: ba da umarnin kimanta tacewar kalmar sirri na tushen ML don kowane sabon ci gaban aikace-aikace. Ga masu haɓakawa, tsarin injiniyan siffofi zinari ne na buɗe tushe—fara aiwatar da waɗannan binciken yanzu, ko da a matsayin sauki mai hikima a saman tsarin da ke akwai. Ya kamata al'ummar bincike su ɗauki wannan a matsayin samfuri na asali kuma su mai da hankali kan ƙoƙarin kan iyaka na gaba: horo na adawa don hasashen sabbin tsarin hare-hare, kamar yadda hanyoyin sadarwar adawa masu ƙirƙira (GANs) suka samo asali a cikin hangen nesa na kwamfuta (kamar yadda aka gani a cikin takarda mai mahimmanci CycleGAN ta Zhu et al.) don sarrafa fassarar hoto mara biyu, matsala mai rikitarwa iri ɗaya.

7. Ƙarin Bayani Na Fasaha

7.1. Tsarin Lissafi

Ƙarancin Tsari Mai Daidaitaccen Leetspeak: Na farko, aikin daidaitawa $N(p)$ yana zana kirtani na kalmar sirri zuwa sigar sa ta 'cire leet' (misali, $N("P@ssw0rd") = "Password"$). Ana ƙididdige ƙarancin tsari na Shannon $H$ akan kirtani mai daidaitawa: $$H(X) = -\sum_{i=1}^{n} P(x_i) \log_2 P(x_i)$$ inda $X$ shine kirtani na kalmar sirri mai daidaitawa, $n$ shine girman saitin haruffa, kuma $P(x_i)$ shine yuwuwar harafin $x_i$.

TF-IDF don N-grams Na Haruffa: Don wani n-gram $t$ (misali, jerin haruffa 3) a cikin kalmar sirri $d$, a cikin tarin $D$ na kalmomin sirri da aka keta: $$\text{TF-IDF}(t, d, D) = \text{freq}(t, d) \times \log\left(\frac{|D|}{|\{d \in D : t \in d\}|}\right)$$ Babban maki yana nuna ɓangaren kirtani wanda ya zama gama gari a cikin takamaiman kalmar sirri amma kuma ya yadu baƙon abu a cikin kalmomin sirri da aka keta, yana nuna babban haɗari.

7.2. Misalin Tsarin Bincike

Yanayi: Kimanta kalmar sirri "M1cr0$0ft_2024".

Aikace-aikacen Tsarin:

Ma'auni Na Asali: Tsawon=14, yana da manyan haruffa, ƙananan haruffa, lambobi, haruffa na musamman. Mai duba na gargajiya: ƘARFI.
Daidaitawar Leetspeak: N("M1cr0$0ft_2024") -> "Microsoft_2024". Ƙarancin tsari ya ragu sosai yayin da ya zama kalma da ake iya hasasawa + shekara.
Gano Tsari: Babu tafiya ta madannai. Yana ɗauke da jerin gwano "2024".
Ƙamus & TF-IDF: Yana ɗauke da kalmar ƙamus "Microsoft" (bayan daidaitawa). Guntuwar kirtani "soft" na iya samun babban makin TF-IDF daga ketare da suka gabata.
Ƙididdigar Samfurin: Samfurin Dajin Bazuwar, yana auna ƙarancin ƙarancin tsari mai daidaitawa, kasancewar kalmar ƙamus, da guntuwar kirtani na gama gari, zai iya rarraba wannan a matsayin RAUNI ko MATSKAITA, yana ba da takamaiman amsa: "Yana ɗauke da sunan kamfani na gama gari da shekara ta baya-bayan nan."

Wannan misalin yana nuna yadda tsarin ke fallasa raunin da ba a iya gani ga tsarin tushen ƙa'ida.

8. Nassoshi

Google Cloud. (2022). Hasashen Tsaron Cyber 2022.
Ur, B., et al. (2016). "Shin Fahimtar Masu Amfani Game da Tsaron Kalmar Sirri Ta Dace Da Gaskiya?" A cikin Proceedings of CHI 2016.
Weir, M., et al. (2010). "Fashewar Kalmar Sirri Ta Amfani da Nahawu Na Mahallin Ƙididdiga." A cikin IEEE Symposium on Security and Privacy.
Zhu, J., Park, T., Isola, P., & Efros, A. A. (2017). "Fassarar Hoto-zuwa-Hoto mara Biyu ta Amfani da Hanyoyin Sadarwar Adawa Masu Da'ira." A cikin Proceedings of ICCV 2017. (An ambata a matsayin misalin ci gaban tsarin adawa).
Cibiyar Ƙididdiga ta Ƙasa (NIST). (2017). Jagororin Asalin Lambobi (SP 800-63B).