AC-Pass: Samfurin Zato Kalmar Sirri Wanda Ya Danganta da Koyon Ƙarfafawa

Teburin Abubuwan Ciki

1.1 Gabatarwa & Bayyani
1.2 Ayyukan Da Suka Gabata & Bayanin Matsala
2. Hanyar Aiki: Samfurin AC-Pass
3. Cikakkun Bayanai na Fasaha & Tsarin Lissafi
4. Saitin Gwaji & Sakamako
5. Muhimman Fahimta & Bincike
6. Tsarin Bincike: Misalin Hali
7. Hasashen Aikace-aikace & Hanyoyin Gaba
8. Nassoshi

1.1 Gabatarwa & Bayyani

Tsaron kalmar sirri ya ci gaba da zama babban gaba a cikin tsaron yanar gizo. Zato kalmar sirri, tsarin ƙoƙarin karye kalmomin sirri ta hanyar samar da mafi yuwuwar zaɓuɓɓuka, wani muhimmin fanni ne na bincike don duka gwajin tsaro na kai hari da kuma kimanta ƙarfin tsaro. Hanyoyin gargajiya kamar Nahawun Mahallin Kyauta na Yiwuwa (PCFG) da kuma hanyoyin koyo mai zurfi na baya-bayan nan, musamman waɗanda suka dogara da Cibiyoyin Sadarwa na Haɓakawa (GANs), sun nuna alƙawari. Duk da haka, samfuran tushen GAN sau da yawa suna fama da rashin isasshen jagora daga mai nuna bambanci zuwa mai samarwa yayin horarwa, wanda ke haifar da rashin ingancin samar da kalmar sirri. Wannan takarda ta gabatar da AC-Pass, sabon samfurin zato kalmar sirri wanda ya haɗa algorithm ɗin koyon ƙarfafawa na Actor-Critic cikin tsarin GAN don samar da mafi daidaitaccen jagora, mataki-mataki, don samar da jerin kalmomin sirri, ta haka yana haɓaka aikin karyewa sosai.

1.2 Ayyukan Da Suka Gabata & Bayanin Matsala

Samfuran zato kalmar sirri na yanzu sun haɗa da hanyoyin tushen ƙa'ida (misali, John the Ripper, dokokin murƙushe Hashcat), samfuran yiwuwa kamar PCFG, da kuma samfuran koyo mai zurfi na zamani. Samfuran tushen GAN, kamar PassGAN da seqGAN, suna wakiltar sauyin tsari ta hanyar koyon rarraba kalmomin sirri kai tsaye daga bayanai. Babban ƙalubalen da suke fuskanta shine "matsalar sanya kiredi" a cikin samarwa na jeri. Mai nuna bambanci yana ba da maki na ƙarshe don cikakkiyar kalmar sirri, amma yana ba da ɗan ra'ayi kaɗan akan waɗanne takamaiman zaɓuɓɓukan haruffa yayin samarwa suka kasance masu kyau ko mara kyau. Wannan rauni, jinkirin siginar lada yana hana ingancin koyo na mai samarwa, wanda shine babbar matsala da AC-Pass ke nufin warwarewa.

2. Hanyar Aiki: Samfurin AC-Pass

2.1 Tsarin Samfurin

AC-Pass yana haɓaka daidaitaccen tsarin GAN ta hanyar haɗa cibiyar sadarwa ta Actor-Critic tare da mai samarwa (Actor) da mai nuna bambanci. An riƙe abubuwan GAN na daidaitaccen tsari: Mai Samarwa (G) wanda ke ƙirƙirar zaɓuɓɓukan kalmar sirri daga hayaniya, da Mai Nuna Bambanci (D) wanda ke bambanta ainihin kalmomin sirri da waɗanda aka samar. Sabon abu yana cikin cibiyar sadarwa ta Critic (C), wanda shine mai kimanta aikin ƙima.

2.2 Haɗa Actor-Critic tare da GAN

Yayin samarwar jeri na kalmar sirri (harafi da harafi), cibiyar sadarwa ta Critic tana kimanta "yanayin" (jigon da aka samar a wani ɓangare) kuma tana hasashen lada na gaba da ake tsammani. Wannan ƙimar da aka hasashe, haɗe tare da lada na ƙarshe daga Mai Nuna Bambanci (da zarar an kammala kalmar sirri), ana amfani da su don ƙididdige siginar fa'ida mai ƙarin bayani. Wannan siginar fa'ida tana jagorantar sabunta manufar Actor (Mai Samarwa) kai tsaye a kowane lokaci, yana ba da cikakken ra'ayi nan take wanda ke magance matsalar jagoranci mara ƙarfi na GANs na asali.

2.3 Tsarin Horarwa

Horarwa ya ƙunshi wasan gaba da gaba tsakanin G da D, kamar yadda yake a cikin daidaitattun GANs, amma an ƙara shi ta hanyar sabunta gradient ɗin manufa wanda tsarin Actor-Critic ke motsawa. An horar da Critic don rage kuskuren bambancin lokaci, yayin da aka horar da Actor don haɓaka lada mai tarawa da ake tsammani, wanda ke da siffa ta duka kimantawar ƙimar Critic da hukuncin ƙarshe na Mai Nuna Bambanci.

3. Cikakkun Bayanai na Fasaha & Tsarin Lissafi

Babban manufar koyon ƙarfafawa shine haɓaka dawowar da ake tsammani $J(\theta)$ don manufar mai samarwa $\pi_\theta$:

$J(\theta) = \mathbb{E}_{\tau \sim \pi_\theta}[R(\tau)]$

inda $\tau$ shine yanayin tafiya (kalmar sirri da aka samar) kuma $R(\tau)$ shine lada, galibi daga mai nuna bambanci $D(\tau)$. Hanyar Actor-Critic tana amfani da aikin ƙima $V^\pi(s)$ (wanda Critic ya ƙiyasta) don rage bambanci a cikin sabunta gradient ɗin manufa. An kiyasta gradient ɗin manufa kamar haka:

$\nabla_\theta J(\theta) \approx \mathbb{E}_{\tau \sim \pi_\theta} \left[ \sum_{t=0}^{T} \nabla_\theta \log \pi_\theta(a_t | s_t) \cdot A(s_t, a_t) \right]$

inda $A(s_t, a_t)$ shine aikin fa'ida, galibi ana ƙididdige shi azaman $A(s_t, a_t) = R_t + \gamma V(s_{t+1}) - V(s_t)$. A cikin AC-Pass, $R_t$ yana da siffa ta hanyar fitowar mai nuna bambanci da sauran lada, yana ba da siginar jagora mai gauraye.

4. Saitin Gwaji & Sakamako

4.1 Bayanan Gwaji

An gudanar da gwaje-gwaje akan bayanan kalmomin sirri guda uku na ainihin duniya da aka ɓoye: RockYou, LinkedIn, da CSDN. Waɗannan bayanan suna ba da samfuran kalmomin sirri daban-daban da masu amfani suka zaɓa don horarwa da kimantawa.

4.2 Samfuran Kwatankwacin

An kwatanta AC-Pass da:
1. PCFG: Samfurin yiwuwa na gargajiya.
2. PassGAN: Daidaitaccen mai samar da kalmar sirri na tushen GAN.
3. seqGAN: GAN ta amfani da RL don samar da jeri.

4.3 Sakamako & Binciken Aiki

Bayanin Chati (Hasashe bisa da'awar takarda): Chati mai layi wanda ke nuna adadin daidaiton kalmar sirri (nasarar karyewa) akan axis-y akan adadin zato (misali, har zuwa 9×10^8) akan axis-x. Chatin zai nuna layi huɗu: PCFG, PassGAN, seqGAN, da AC-Pass. Layin AC-Pass zai kasance a sama da sauran samfuran guda biyu na tushen GAN a duk faɗin kewayon zato, yana nuna inganci mafi girma. A cikin bayanan gwaji na "heterologous" (inda bayanan horarwa da gwaji suka fito daga tushe daban-daban, misali, horar da RockYou, gwada akan LinkedIn), an ruwaito AC-Pass yana nuna aiki mafi girma idan aka kwatanta da PCFG, yana nuna ingantacciyar ƙaddamarwa.

Sakamako Mai Muhimmanci: A kan saitin zato na kalmomin sirri 9×10^8, AC-Pass ya sami ƙimar karyewa mafi girma fiye da duka PassGAN da seqGAN akan duka bayanan gwaji na homologous (tushe ɗaya) da heterologous (tushe dabam). Bugu da ƙari, AC-Pass yana nuna babban sararin fitar da kalmar sirri mai tasiri, ma'ana yawan nasararsa yana ci gaba da haɓaka yayin da girman saitin zato ya ƙaru, ba kamar wasu samfuran da suka tsaya cik ba.

Muhimman Fahimta na Aiki

Haɗin Actor-Critic ya ba da siginar "lada mai yawa" da ake buƙata don yanke shawara mai inganci a jeri a cikin samar da kalmar sirri, yana fassara kai tsaye zuwa mafi girman adadin bugun zato a kowane ƙoƙarin lissafi.

5. Muhimman Fahimta & Bincike

Babban Fahimta: Babban nasarar takarda ba sabon tsarin cibiyar sadarwar jijiyoyi ba ne, amma kyakkyawan tsari na abubuwan da suka wanzu. Ya gano daidai matsalar "lada mara yawa" a matsayin muguwar cizon dugun zato kalmar sirri na tushen GAN kuma ya yi amfani da ingantaccen maganin RL (Actor-Critic) tare da daidaitaccen tiyata. Wannan bai fi game da ƙirƙira ba fiye da ingantacciyar haɗin injiniya.

Kwararar Ma'ana: Hujja tana da inganci: 1) GANs don kalmomin sirri suna da matsala ta jagoranci (gaskiya), 2) Actor-Critic yana ba da jagora mataki-mataki a cikin RL (gaskiya), 3) Haɗa su yakamata ya inganta aiki. Ƙirar gwaji, ta amfani da daidaitattun bayanai da ma'auni (PCFG, PassGAN), tana da ƙarfi kuma tana tabbatar da hasashe.

Ƙarfi & Kurakurai: Ƙarfi: Samfurin ya yi aiki sosai fiye da waɗanda suka gabace shi. Ayyukansa mai ƙarfi akan bayanan heterologous yana da mahimmanci musamman don karyewa na ainihin duniya inda ba a san rarraba kalmar sirri da aka yi niyya ba. Takarda tana da inganci a cikin iyakokinta. Kurakurai: Binciken yana da ɗan kunkuntar hangen nesa. Yana kwatanta ma'auni da sauran samfuran ilimi amma ya yi watsi da matsayi na zamani a cikin karyewa na zahiri, wanda sau da yawa ya ƙunshi manyan hare-hare na tushen ƙa'ida mai gauraye (kamar dokokin murƙushe Hashcat's best64.rule) haɗe da manyan ƙamus na ɓarna. Ta yaya ingancin AC-Pass ya kwatanta da ingantaccen tsarin gauraye wanda ba na ML ba dangane da zato-a-sakandare da ƙimar nasara? Farashin lissafi na horarwa da gudanar da samfurin AC-Pass shima an yi watsi da shi—wannan wani muhimmin al'amari ne don karɓa.

Fahimta Mai Aiki: 1. Ga Masu Tsaro (Ƙungiyar Blue): Wannan bincike yana jaddada haɓaka ƙwararrun hare-haren AI. Dole ne manufofin tsaron kalmar sirri su ci gaba fiye da toshe kalmomin ƙamus masu sauƙi. Aiwatar da ƙayyadaddun iyaka, tilastawa tantancewa mai-factor da yawa (MFA), da haɓaka amfani da masu sarrafa kalmomin sirri waɗanda ke samar da ainihin kalmomin sirri masu bazuwa, dogo, ba za su zama zaɓi ba. 2. Ga Masu Bincike: Mataki na gaba na ma'ana shine bincika horar da adawa. Shin za mu iya gina "GAN mai tsaro" wanda ke samar da kalmomin sirri da aka ƙera musamman don yaudarar samfura kamar AC-Pass, ta haka yana ƙirƙirar ma'auni mafi ƙarfi? Haka nan, bincika fassarar samfurin—waɗanne alamu ne ainihin yake koyon su?—zai iya haifar da fahimta cikin son zuciya na ƙirƙirar kalmar sirri na ɗan adam. 3. Ga Masu Aiki (Ƙungiyar Red/Masu Gwajin Shiga): Duk da cewa yana da alƙawari, AC-Pass ba shi da yuwuwar zama maye gurbin kayan aiki na yanzu saboda rikitarwa da sauri. Duk da haka, yana wakiltar wani ɓangare mai ƙarfi don cikakken kayan aikin binciken kalmar sirri. Ya kamata fifiko ya kasance kan haɓaka ingantattun aiwatarwa, masu haɓakawa waɗanda za a iya haɗa su cikin tsarin kamar Hashcat.

Bincike na Asali (kalmomi 300-600): Takarda "AC-Pass: Samfurin Zato Kalmar Sirri Wanda Ya Danganta da Koyon Ƙarfafawa" ta gabatar da ingantacciyar juyin halitta a cikin kayan aikin tsaro na kai hari na AI. Babban gudummawar sa yana cikin nasarar haɗa ikon samarwa na GANs tare da daidaitaccen tsarin yanke shawara na jeri na koyon ƙarfafawa na Actor-Critic. Wannan yana magance kai tsaye iyakancewar da aka sani a cikin amfani da daidaitattun GANs ga samarwar jeri mai rarrabuwa, matsala da aka haskaka a cikin binciken seqGAN na asali kuma yayi kama da ƙalubale a wasu fagage kamar samar da rubutu tare da samfuran GPT (inda samfuran auto-regressive na tushen transformer suka warware shi ta wata hanya). An ruwaito ribobin aiki suna da mahimmanci kuma suna da aminci. Yin fiye da PassGAN da seqGAN akan daidaitattun ma'auni kamar bayanan RockYou yana tabbatar da hanyar fasaha. Mafi ban sha'awa, mafi girman aikin sa akan bayanan heterologous (misali, horarwa akan RockYou, gwaji akan LinkedIn) yana nuna AC-Pass yana koyon ƙarin ƙaddamarwa, mahimman alamu na ƙirƙirar kalmar sirri na ɗan adam maimakon kawai haddace saitin horarwa. Wannan ikon ƙaddamarwa yana da mahimmanci don ingancin ainihin duniya, kamar yadda aka lura a cikin kimanta barazanar tsaron yanar gizo daga ƙungiyoyi kamar MITRE ATT&CK, waɗanda ke jaddada dabarun kai hari masu daidaitawa. Duk da haka, kallon wannan ta hanyar hangen mai aiki yana bayyana gibi. Takarda tana wanzuwa a cikin ɗan kankantar ilimi. Mafi kyawun ma'auni na ainihin duniya don karyewa kalmar sirri ba tsantsar samfurin jijiyoyi ba ne; tsarin gauraye ne na zahiri wanda ke haɗa manyan ƙamus da aka tsara (daga ɓarnar da suka gabata), ƙa'idodin murƙushewa masu ƙwarewa (kamar yadda yake a cikin Hashcat ko tsarin John the Ripper na tsari mai ƙarfi), da masu samarwa na tushen Markov ko PCFG. Waɗannan tsarin suna da ingantaccen inganci don sauri, sau da yawa suna samarwa da gwada biliyoyin zato a kowane dakika akan tarin GPU. Takarda ba ta kwatanta ingancin zato-a-sakandare na AC-Pass da waɗannan kayan aikin masu inganci na masana'antu ba. Farashin horarwa da saurin yanke hukunci na samfurin koyo mai zurfi na iya zama cikas mai hana. Bugu da ƙari, abubuwan da ke tattare da tsaro suna da tsauri. Yayin da samfura kamar AC-Pass suka girma, manufofin rikitarwar kalmar sirri na gargajiya (bukatar manyan haruffa, lambobi, alamomi) sun zama ma ƙasa da tasiri, yayin da waɗannan samfuran suka ƙware wajen koyon irin waɗannan alamu. Wannan yana ƙarfafa buƙatar gaggawa na sauyin tsari a cikin tantancewa, matsawa zuwa ga MFA mai jurewa phishing (misali, FIDO2/WebAuthn) da mafita marasa kalmar sirri, wani yanayi da NIST ke ba da shawarar sosai a cikin Sabis ɗin Shaidar Lambobi na ƙarshe. A ƙarshe, AC-Pass kyakkyawan bincike ne wanda ke haɓaka matsayi na zamani a cikin wani yanki mai mahimmanci amma mai mahimmanci. Ainihin tasirinsa za a ƙaddara ta hanyar haɗa shi cikin kayan aiki masu amfani, masu haɓakawa da kuma rawar da yake takawa wajen tilasta ingantaccen sabuntawa a dabarun tantancewa na tsaro.

6. Tsarin Bincike: Misalin Hali

Hali: Ƙungiyar tsaro tana son tantance ƙarfin kalmomin sirri na tushen masu amfani da su akan hare-haren AI na zamani.

Aiwatar Tsarin (Babu Code): 1. Tattara Bayanai & Ba da Suna: Cire samfurin hashes na kalmar sirri (misali, bcrypt) daga bayanan mai amfani. An cire duk bayanan da za a iya gane su; an ajiye hash kawai da watakila ID na mai amfani don daidaitawa daga baya. 2. Zaɓin Samfurin & Horarwa: Zaɓi samfurin kai hari. A cikin wannan bincike, muna la'akari da AC-Pass. Ƙungiyar za ta horar da AC-Pass akan babban juzu'i na waje na ɓarnar kalmomin sirri (misali, RockYou) don koyon ƙirar ƙirƙirar kalmar sirri gabaɗaya. Ba za su horar da kalmomin sirri na kansu ba. 3. Samar da Zato: Samfurin AC-Pass da aka horar ya samar da jerin jerin zato na kalmar sirri, a ce miliyan 10 na 'yan takara. 4. Karye Hash & Kimantawa: Kowane zato da aka samar ana yin hash ta amfani da algorithm ɗaya da sigogi (gishiri, da sauransu) kamar bayanan da aka yi niyya. Sakamakon hash ana kwatanta shi da hashes da aka adana. 5. Ƙididdigar Ma'auni & Rahoto: Ga kowane mai amfani wanda aka daidaita hash ɗinsa, "lambar zato" (matsayin da aka sami kalmar sirri a cikin jerin da aka tsara) ana yin rikodin su. An ƙididdige ma'auni masu mahimmanci: - Lankwasa Daidaitawa Mai Tarawa: Kashi na kalmomin sirri da aka karye a matsayin aikin adadin zato da aka yi ƙoƙari. - Matsakaicin Darajar Zato: Matsakaicin matsayin da aka sami kalmomin sirri. - Ƙofar Rashin Tsaro: Wane kashi na kalmomin sirri za a karye a cikin yanayin kai hari na zahiri (misali, tare da zato biliyan 1)? 6. Fitowa Mai Aiki: Rahoton ya gano mafi yawan alamu na kalmar sirri masu rauni (misali, "kalmomin sirri waɗanda ke ɗauke da kalmar tushe ta gama gari tare da shekara mai lamba 2"). Yana ba da tabbataccen bayani don tabbatar da tilasta ƙa'idar kalmar sirri mafi tsauri, tilasta sake saita kalmomin sirri don asusun da ke da haɗari, ko haɓaka fitar da MFA.

7. Hasashen Aikace-aikace & Hanyoyin Gaba

Aikace-aikace na Gajeren Lokaci: - Ingantacciyar Binciken Tsaro: Haɗawa cikin kayan aikin ƙungiyar ja don ƙarin ingantaccen kimanta ƙarfin kalmar sirri. - Gwajin Matsala na Manufar Kalmar Sirri: Gwada sabbin manufofin ƙirar kalmar sirri gabaɗaya akan masu zato na AI kafin fitarwa. - Hankali na Barazana: Yin samfurin haɓaka iyawar kayan aikin karyewa na abokin gaba.

Hanyoyin Bincike na Gaba: 1. Ingantaccen Ingantawa: Haɓaka nau'ikan samfurin masu sauƙi, masu sauri (misali, ta hanyar narkar da ilimi, datsa samfurin) don karyewa na ainihin lokaci ko babban sikelin. 2. Tsarin Samfuran Gauraye: Haɗa AC-Pass tare da tsarin tushen ƙa'ida. Wakilin RL zai iya koyan zaɓar da amfani da mafi ingantaccen dokokin murƙushewa daga akwatin kayan aiki bisa ga mahallin. 3. Binciken Tsaro na Adawa: Yin amfani da AC-Pass azaman samfurin kai hari don horar da GANs na tsaro waɗanda za su iya gano ko samar da kalmomin sirri masu jurewa irin waɗannan masu zato na AI, ƙirƙirar simintin tseren makamai. 4. Bayan Kalmomin Sirri: Aiwatar da tsarin AC-Pass ga sauran ƙalubalen tsaro na jeri, kamar samar da jerin zirga-zirgar cibiyar sadarwa mara kyau don gwajin gujewa IDS ko ƙirƙirar rubutun imel na satar bayanai.

8. Nassoshi

Li, X., Wu, H., Zhou, T., & Lu, H. (2023). A Password Guessing Model Based on Reinforcement Learning. Computer Science, 50(1), 334-341. (Tushen farko).
Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., ... & Bengio, Y. (2014). Generative adversarial nets. Advances in neural information processing systems, 27. (Takardar GAN ta asali).
Sutton, R. S., & Barto, A. G. (2018). Reinforcement learning: An introduction. MIT press. (Daidaitaccen nassi don hanyoyin Actor-Critic).
Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2017). PassGAN: A deep learning approach for password guessing. In International conference on applied cryptography and network security (pp. 217-237). Springer, Cham. (Muhimmin aikin da ya gabata akan GANs don kalmomin sirri).
National Institute of Standards and Technology (NIST). (2020). Digital Identity Guidelines (SP 800-63B). [https://pages.nist.gov/800-63-3/sp800-63b.html] (Mai iko akan mafi kyawun ayyukan tantancewa).
The MITRE Corporation. (2023). ATT&CK® Framework, Technique T1110: Brute Force. [https://attack.mitre.org/techniques/T1110/] (Mahallin don hare-haren kalmar sirri a cikin yanayin barazana).