English  |  正體中文  |  简体中文  |  Items with full text/Total items : 49275/83828 (59%)
Visitors : 7144685      Online Users : 62
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/87764


    Title: 應用資料探勘之知識於密碼破解之研究
    Other Titles: Password cracking : based on data mining and discovered knowledge
    Authors: 張家祥;Chung, Cha-Shung
    Contributors: 淡江大學資訊管理學系碩士班
    李鴻璋;Lee, Hung-Chang
    Keywords: 密碼破解;字典攻擊;暴力攻擊;Password Cracking;Dictionary Attack;Brute Force Attack
    Date: 2012
    Issue Date: 2013-04-13 11:42:26 (UTC+8)
    Abstract: 密碼目前仍是各系統中用來作認證最常用的機制,然而這種機制很容易受到字典攻擊法攻擊。為了防止這種攻擊,使用者會使用複雜的知識建構規則來創建其密碼。本文利用資料探勘的方法,試圖找出這樣的密碼知識建構規則,並利用其所發現之規則,建構出對於破解密碼的模型。
    在密碼知識建構規則探勘中,我們利用已公布的一個大型社交網站用戶密碼進行正規化、結構分類與統計分析,發現使用者在創建密碼時,有80%以上是由英文小寫文字與數字交錯使用而成,其中在英文小寫字串後附加數字的密碼結構規則佔了33.02%。然而,在「英文小寫字串」、「英文小寫字串後附加數字」與「數字後附加英文小寫字串」之間,經過與dic-0294比對之後,有意義的英文小寫字串比例卻有明顯的差異。在上述的三大類之間,將英文小寫字串抽離互相比對後,以長度為6的英文小寫字串來說,有意義的字串比例為6.78%、43.39%、59.76%;若長度縮減為4,有意義的字串比例提高為64.14%、69.58%、79.73%。
    之後我們利用Context-Free Grammar來表示密碼知識建構規則且分析這些知識規則所建構之所有密碼之空間複雜度。發現對於密碼知識建構規則的分析,低於280有99.94%,低於240有77.04%。為了實驗有效的攻擊辦法,我們設計了一種模式,利用訓練時所產生的密碼知識規則以及規則下的元素集合(Knowledge Set)、搭配廣泛的字典(Dictionary)用於測試集(Testing Set)來進行密碼破解效果的測試,稱為KDT模型,生成密碼的資料庫。並利用此密碼資料庫對測試集做破解的動作。將之前已公布的大型社交網站用戶密碼等份,任取一份利用KTD模型作為訓練集來訓練,之後任取一份做為測試集測試。
    Passwords are still the most commonly used mechanism for user authentication. However, they are vulnerable to dictionary attacks. In order to guard against such attacks, users will use complicated knowledge construction rules to create their passwords. This paper proposes a method by using data mining to find out these knowledge construction rules, and uses these rules to create a model to cracking passwords.
    To mining these rules, we analyze an already announced large social network websites users’ password. After these data are normalized, structural classification and statistics, we found that more than 80 percent passwords are created by English lowercase and digital. And additional digital string after English lowercase string’s case is 33.02 percent. However, after comparing with dic-0294, there is obvious difference in meaningful English lowercase string’s ratio between “English lowercase string”, “additional digital string after English lowercase string” and “additional English lowercase string after digital string”. Dic-0294 should contain most common American words, abbreviations, hyphenations, and even incorrect spellings. To the length is six of English lowercase string, the meaningful string’s rate are 6.78 percent, 43.39 percent and 59.76 percent. This represent when users create their password only use English lowercase string, they wont use one word to be password so that the repeat strings are very small. If the length is four, the rate are raising 64.14 percent, 69.58 percent and 79.73 percent. It means the shorter English lowercase string they use, the higher rate of meaningful string.
    Then we use a complete grammar type to represent password knowledge construction rules and analyze these password’s space complexity. We found that there are 99.04 percent lower than 280, and 77.04 percent lower than 240. We propose a high efficient and effective way by these data to cracking those users’ password. And we create a model include knowledge construction rules and elements’ set, and also use widespread dictionary in training set to do cracking password. The model called KTD model. Then we generate a database of password and use this database for cracking those password. We separate the websites users’ password, and then use one of them to do Knowledge set and one of them for Testing set. In 1/10000000, the success rate of password cracking is 10%.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat
    index.html0KbHTML102View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback