计算机应用 ›› 2018, Vol. 38 ›› Issue (5): 1383-1388.DOI: 10.11772/j.issn.1001-9081.2017102516

• 网络空间安全 • 上一篇    下一篇

基于集成学习的口令强度评估模型

宋创创1, 方勇2, 黄诚1, 刘亮2   

  1. 1. 四川大学 电子信息学院, 成都 610065;
    2. 四川大学 网络空间安全学院, 成都 610207
  • 收稿日期:2017-10-24 修回日期:2017-12-08 出版日期:2018-05-10 发布日期:2018-05-24
  • 通讯作者: 黄诚
  • 作者简介:宋创创(1991-),男,河北邯郸人,硕士研究生,主要研究方向:Web安全;方勇(1966-),男,四川成都人,教授,博士,主要研究方向:信息安全、网络信息对抗;黄诚(1987-),男,重庆人,博士,主要研究方向:Web安全、网络攻防;刘亮(1982-),男,四川成都人,讲师,博士,主要研究方向:网络系统与信息安全。

Password strength estimation model based on ensemble learning

SONG Chuangchuang1, FANG Yong2, HUANG Cheng1, LIU Liang2   

  1. 1. College of Electronics and Information, Sichuan University, Chengdu Sichuan 610065, China;
    2. College of Cybersecurity, Sichuan University, Chengdu Sichuan 610207, China
  • Received:2017-10-24 Revised:2017-12-08 Online:2018-05-10 Published:2018-05-24
  • Contact: 黄诚

摘要: 针对现有的口令评估模型通用性差,没有一个可以对从简单口令到非常复杂口令都适用的评估模型的问题,设计了一种基于多模型的集成学习的口令评估模型。首先,使用真实的口令训练集训练多个现有的口令评估模型作为子模型;其次,将多个经过训练的子模型作为基学习器进行集成学习,采用偏弱项投票法的结合策略实现各个子模型的优势集成;最后,实现一个以高准确性为前提的通用口令评估模型。实验中使用网络泄露的真实用户口令数据集作为实验数据,实验结果表明,基于多模型集成学习模型针对不同复杂程度的口令进行口令强度评估,其评估结果准确率高、通用性强,所提模型在口令评估方面具有较好的适用性。

关键词: 口令安全, 口令强度评估, 多模型, 集成学习

Abstract: Focused on the issue that the existing password evaluation models cannot be used universally, and there is no evaluation model applicable from simple passwords to very complex passwords. A password evaluation model was designed based on multi-model ensemble learning. Firstly, an actual password training set was used to train multiple existing password evaluation models as the sub-models. Secondly, a multiple trained evaluation sub-models were used as the base learners for ensemble learning, and the ensemble learning strategy which designed to be partial to weakness, was used to get all advantages of sub-models. Finally, a common password evaluation model with high accuracy was obtained. Actual user password set that leaked on the network was used as the experimental data set. The experimental results show that the multi-model ensemble learning model used to evaluate the password strength of different complexity passwords, has a high accuracy and is universal. The proposed model has good applicability in the evaluation of passwords.

Key words: password security, password strength estimation, multi-model, ensemble learning

中图分类号: