Koyon Injin Adawa don Ƙarfafa Ƙimar Ƙarfin Kalmar Sirri

1. Gabatarwa

Kalmomin sirri sun kasance babban hanyar tabbatar da ainihi a cikin tsarin dijital, duk da haka zaɓin kalmomin sirri masu rauni suna haifar da manyan raunuka na tsaro. Masu ƙididdige ƙarfin kalmar sirri na gargajiya sun dogara ne akan ƙa'idodin ƙamus na tsaye (misali, tsayi, bambancin haruffa) kuma sun kasa daidaitawa da dabarun kai hari masu tasowa, musamman hare-haren adawa inda aka ƙera kalmomin sirri da gangan don yaudarar algorithms (misali, 'p@ssword' da 'password').

Wannan binciken yana magance wannan gibi ta hanyar amfani da Koyon Injin Adawa (AML) don haɓaka samfuran ƙididdige ƙarfin kalmar sirri masu ƙarfi. Ta hanyar horar da masu rarrabawa akan bayanan gwaji da ke ɗauke da fiye da samfuran kalmomin sirri na adawa 670,000, binciken ya nuna cewa dabarun AML na iya haɓaka juriyar samfurin sosai a kan shigarwar yaudara.

Fahimtar Jiki

Horar da adawa, wanda ke fallasa samfura ga bayanan yaudara da aka ƙera da gangan yayin horarwa, na iya haɓaka daidaiton masu rarraba ƙarfin kalmar sirri har zuwa 20% idan aka kwatanta da hanyoyin koyon inji na gargajiya, wanda ke sa tsarin ya fi ƙarfi a kan barazanar daidaitawa.

2. Hanyar Aiki

Binciken ya yi amfani da tsarin tsari don ƙirƙirar kalmomin sirri na adawa da horar da samfuran rarrabuwa masu ƙarfi.

2.1 Ƙirƙirar Kalmar Sirri ta Adawa

An ƙirƙiri kalmomin sirri na adawa ta amfani da sauye-sauye na tushen ƙa'ida da dabarun ƙirƙira don kwaikwayi dabarun kai hari na ainihi:

Musanya Haruffa: Maye gurbin haruffa da lambobi ko alamomi masu kama da su (misali, a→@, s→$).
Ƙara/Gaba: Ƙara lambobi ko alamomi zuwa kalmomin tushe masu rauni (misali, 'password123', '#hello').
Bambance-bambancen Leet Speak: Amfani da tsarin sauye-sauyen 'leet'.
Cibiyoyin Sadarwar Adawa na Ƙirƙira (GANs): An yi wahayi daga tsarin kamar CycleGAN (Zhu et al., 2017) don fassarar hoto zuwa hoto mara biyu, an daidaita ra'ayin don ƙirƙirar sabbin nau'ikan kalmar sirri na yaudara waɗanda ke kiyaye ma'anar ma'ana amma suna canza siffofin saman don yaudarar masu rarrabawa.

2.2 Tsarin Samfurin

An kimanta algorithms daban-daban guda biyar na rarrabuwa don tabbatar da ƙarfi a cikin iyalai daban-daban na samfura:

Koma Bayan Logistic (Tushe)
Daji na Bazuwar
Injunan Haɓaka Gradient (XGBoost)
Injunan Tallafawa Vector (SVM)
Perceptron Mai Layer Da Yawa (MLP)

Siffofi sun haɗa da ƙididdiga na n-gram, ƙididdigar nau'in haruffa, ma'aunin entropy, da alamu da aka samo daga sauye-sauyen adawa.

2.3 Tsarin Horarwa

Tsarin horar da adawa ya ƙunshi matakai biyu:

Horarwa na Al'ada: An fara horar da samfura akan bayanan gwaji masu tsabta na kalmomin sirri masu lakabi (mai ƙarfi/mai rauni).
Daidaituwar Adawa: An ƙara horar da samfura akan bayanan gwaji gauraye da ke ɗauke da kalmomin sirri masu tsabta da na adawa da aka ƙirƙira. Wannan tsari yana taimaka wa samfurin koyon bambance kalmomin sirri masu ƙarfi na gaske daga waɗanda aka gyara da yaudara.

3. Sakamakon Gwaji

3.1 Bayanin Bayanan Gwaji

Binciken ya yi amfani da babban bayanan gwaji wanda ya ƙunshi:

Jimlar Samfuran: >670,000 kalmomin sirri
Tushe: Haɗin bayanan bayanan kalmomin sirri da aka sace da samfuran adawa da aka ƙirƙira.
Ma'auni na Aji: Kusan 60% kalmomin sirri masu rauni, 40% kalmomin sirri masu ƙarfi.
Matsakaicin Samfurin Adawa: 30% na bayanan horarwa sun ƙunshi misalan adawa da aka ƙirƙira.

3.2 Ma'aunin Aiki

An kimanta samfura ta amfani da ma'auni na rarrabuwa na al'ada:

Daidaito: Gabaɗaya daidaiton hasashe.
Daidaituwa & Tunawa (don aji 'Mai Ƙarfi'): Muhimmi don rage kuskuren tabbatacce (lakabin kalmar sirri mai rauni a matsayin mai ƙarfi).
Maki-F1: Matsakaicin ma'auni na daidaitawa da tunawa.
Makin Ƙarfin Adawa: Daidaito musamman akan saitin misalan adawa da aka ajiye.

3.3 Nazarin Kwatance & Jaridu

Sakamakon ya nuna a fili fifikon samfuran da aka horar da adawa.

Jadawali 1: Kwatancen Daidaiton Samfurin

Bayanin: Jadawali mai sanduna yana kwatanta daidaiton rarrabuwa gabaɗaya na samfura biyar a ƙarƙashin sharuɗɗa biyu: Horarwa na Al'ada da Horar da Adawa. Duk samfuran sun nuna haɓaka mai mahimmanci a cikin daidaito bayan horar da adawa, tare da samfurin Haɓaka Gradient ya sami mafi girman daidaito na cikakke (misali, daga 78% zuwa 94%). Matsakaicin haɓaka a duk samfuran shine kusan 20%.

Jadawali 2: Makin Ƙarfin Adawa

Bayanin: Jadawali mai layi yana nuna aikin (Maki-F1) na kowane samfurin lokacin da aka gwada shi kawai akan saitin kalmomin sirri na adawa mai ƙalubale. Samfuran da aka horar da adawa suna riƙe da maki masu girma (sama da 0.85), yayin da aikin samfuran al'ada ya ragu sosai (ƙasa da 0.65), yana nuna rauninsu ga shigarwar yaudara.

Matsakaicin Ribar Daidaito

20%

tare da Horar da Adawa

Girman Bayanan Gwaji

670K+

Samfuran Kalmar Sirri

Samfuran da aka Gwada

Algorithms na Rarrabuwa

Babban Bincike: Samfurin Haɓaka Gradient (XGBoost) haɗe tare da horar da adawa ya ba da mafi ƙarfin aiki, yana gano kalmomin sirri na adawa masu ƙwarewa kamar 'P@$$w0rd2024' a matsayin mai rauni, yayin da masu duba na al'ada na iya lakafta su a matsayin masu ƙarfi.

4. Nazarin Fasaha

4.1 Tsarin Lissafi

Jigon horar da adawa ya ƙunshi rage aikin asara wanda ya ƙunshi misalan halitta da na adawa. Bari $D_{clean} = \{(x_i, y_i)\}$ ya zama bayanan gwaji masu tsabta kuma $D_{adv} = \{(\tilde{x}_i, y_i)\}$ ya zama bayanan gwaji na adawa, inda $\tilde{x}_i$ ya zama tashin hankali na adawa na $x_i$.

An tsawaita rage haɗarin gwaji na al'ada zuwa:

$$\min_{\theta} \, \mathbb{E}_{(x,y) \sim D_{clean}}[\mathcal{L}(f_{\theta}(x), y)] + \lambda \, \mathbb{E}_{(\tilde{x},y) \sim D_{adv}}[\mathcal{L}(f_{\theta}(\tilde{x}), y)]$$

inda $f_{\theta}$ shine mai rarrabawa wanda $\theta$ ya ƙayyade, $\mathcal{L}$ shine asarar giciye-entropy, kuma $\lambda$ shine hyperparameter da ke sarrafa ciniki tsakanin aikin tsabta da na adawa.

4.2 Aikin Asarar Adawa

Don ƙirƙirar misalan adawa, an daidaita hanyar Gradient Descent Mai Tsari (PGD) don yankin rubutu mai rarrabe. Manufar ita ce nemo tashin hankali $\delta$ a cikin saiti mai iyaka $\Delta$ wanda ke haɓaka asara:

$$\tilde{x} = \arg\max_{\delta \in \Delta} \mathcal{L}(f_{\theta}(x + \delta), y)$$

A cikin mahallin kalmar sirri, $\Delta$ yana wakiltar saitin musanya haruffa da aka yarda (misali, {a→@, o→0, s→$}). Horar da adawa sannan yana amfani da waɗannan $\tilde{x}$ da aka ƙirƙira don haɓaka bayanan horarwa, yana sa iyakar yanke shawara ta samfurin ta fi ƙarfi a yankunan da ke da rauni ga irin waɗannan tashin hankali.

5. Nazarin Lamari: Tsarin Nazarin Salon Adawa

Yanayi: Sabis na yanar gizo yana amfani da mai duba na al'ada mai tushen ƙa'ida. Mai kai hari ya san ƙa'idodin (misali, "+1 maki don alama, +2 don tsayi >12") kuma yana ƙera kalmomin sirri don amfani da su.

Aiwatar da Tsarin Nazari:

Cire Salon: Tsarin AML yana nazarin gazawar ganowa (kalmomin sirri na adawa da aka lakafta 'mai ƙarfi' ba daidai ba). Yana gano salon sauye-sauye na gama-gari, kamar "ƙara lamba ta ƙarshe" ko "musanya wasali zuwa alama."
Ƙididdigar Ƙa'ida: Tsarin ya ƙididdige cewa mai duba na gado yana da tsarin maki na layi mai rauni ga cushe siffa mai sauƙi.
Ƙirƙirar Magani: Samfurin AML yana daidaita ma'auninsa na ciki don rage darajar siffofi waɗanda ake iya yin wasa da su cikin sauƙi. Ya koyi gano mahallin alama (misali, '@' a cikin 'p@ssword' da a cikin kirtani na bazuwar).
Tabbatarwa: Sabbin kalmomin sirri kamar 'S3cur1ty!!' (kalmar tushe mai rauni da aka cushe sosai) yanzu an rarraba su daidai a matsayin 'Matsakaici' ko 'Mai rauni' ta samfurin AML, yayin da mai duba na al'ada har yanzu yana kiransa 'Mai ƙarfi'.

Wannan tsarin yana nuna sauyi daga kimanta ƙa'ida ta tsaye zuwa gane salon aiki, wanda ke da mahimmanci don magance abokan adawar daidaitawa.

6. Aikace-aikace & Jagorori na Gaba

Tasirin wannan binciken ya wuce masu duba kalmar sirri:

Masu Duba Daidaitawa na Ainihi: Haɗawa cikin hanyoyin rajistar mai amfani waɗanda ke ci gaba da sabuntawa bisa sabbin salon kai hari da aka lura daga cibiyoyin bayanan barazana.
Keɓance Manufofin Kalmar Sirri: Matsawa bayan manufofin da suka dace da kowa zuwa manufofin aiki waɗanda ke ƙalubalantar masu amfani bisa takamaiman bayanan haɗarinsu (misali, masu riƙe asusun daraja mai girma suna samun gwaje-gwaje masu tsauri, masu sanin AML).
Gano Phishing: Ana iya daidaita dabarun don gano URLs na adawa ko rubutun imel da aka ƙera don ƙetare tacewa na al'ada.
Tsarin Tabbatar da Ainihi na Haɗaka: Haɗa ƙarfin kalmar sirri na tushen AML tare da ilimin halayyar ɗan adam don siginar tabbatar da ainihi mai yawan matakai, dangane da haɗari, kamar yadda aka ba da shawara a cikin sabbin jagororin NIST akan ainihin dijital.
Koyon Tarayya don Sirri: Horar da samfura masu ƙarfi akan bayanan kalmar sirri masu rarrabuwa (misali, a cikin ƙungiyoyi daban-daban) ba tare da raba bayanan danye ba, yana haɓaka sirri yayin haɓaka ƙarfin samfurin a kan dabarun adawa na duniya.
Daidaituwa & Ƙididdiga: Aikin gaba dole ne ya kafa ma'auni daidaitattun ma'auni da bayanan gwaji don ƙididdige ƙarfin kalmar sirri na adawa, kama da ma'auni na GLUE a cikin NLP, don tafiyar da bincike mai maimaitawa da amfani da masana'antu.

7. Nassoshi

Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Zhu, J. Y., Park, T., Isola, P., & Efros, A. A. (2017). Unpaired image-to-image translation using cycle-consistent adversarial networks. Proceedings of the IEEE international conference on computer vision (pp. 2223-2232).
National Institute of Standards and Technology (NIST). (2023). Digital Identity Guidelines (SP 800-63B).
Melicher, W., Ur, B., Segreti, S. M., Komanduri, S., Bauer, L., Christin, N., & Cranor, L. F. (2016). Fast, lean, and accurate: Modeling password guessability using neural networks. USENIX Security Symposium (pp. 175-191).
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., & Swami, A. (2016). The limitations of deep learning in adversarial settings. IEEE European symposium on security and privacy (EuroS&P) (pp. 372-387).

8. Nazarin Kwararru: Fahimtar Jiki & Shawarwari Masu Aiki

Fahimtar Jiki

Wannan takarda ba kawai game da mafi kyawun mitocin kalmar sirri ba ne; har ma ta zama zargi mai tsanani na tsarin tsaro na tsaye, mai tushen ƙa'ida a cikin yanayin barazana mai aiki. Haɓakar daidaito na 20% ba ƙarin riba ba ce—ita ce bambanci tsakanin tsarin da za a iya yaudara shi da tsari da wanda ke da juriya na asali. Babban fahimtar shine cewa AI na tsaro dole ne a horar da shi a cikin yanayin adawa don haɓaka ƙarfi na gaskiya. Dogaro da bayanan tarihi masu tsabta kamar horar da ɗan dambe kawai akan jakar nauyi; za su ruguje a cikin faɗan gaske. Aikin ya yi hujja cewa misalan adawa ba kurakurai ba ne da za a gyara su amma bayanai masu mahimmanci don gwajin damuwa da ƙarfafa samfuran tsaro.

Kwararar Hankali

Hankali yana da gamsarwa kuma yana kwaikwayon mafi kyawun ayyuka a cikin binciken tsaro na AI na zamani. Ya fara ne da rauni mai ma'ana (masu duba na tsaye), yana amfani da ingantaccen dabarar kai hari (ƙirƙirar misalan adawa) don amfani da shi, sannan kuma yana amfani da wannan dabarar a matsayin tsaro (horar da adawa) don rufe madauki. Amfani da masu rarrabawa daban-daban guda biyar ya ƙarfafa da'awar cewa amfanin ya fito ne daga tsarin horar da adawa da kansa, ba sabon abu na takamaiman algorithm ba. Tsalle na hankali daga GANs na tushen hoto (kamar CycleGAN) zuwa ƙirƙirar kalmar sirri yana da wayo musamman, yana nuna dacewar yankuna daban-daban na ra'ayoyin adawa.

Ƙarfi & Kurakurai

Ƙarfi: Girman bayanan gwaji (>670K samfuran) babban ƙarfi ne, yana ba da amincin ƙididdiga. Kwatancen kai tsaye, mai ƙima tsakanin horarwa na al'ada da na adawa a cikin samfura da yawa yana da inganci ta hanyar aiki. Mayar da hankali kan matsala ta gaske, mai tasiri mai girma (tsaron kalmar sirri) yana ba shi dacewa ta aiki nan take.

Kurakurai Masu Muhimmanci & Gibobi: Nazarin, duk da haka, ya tsaya gaban ƙarshen tseren. Wani babban gibi shi ne farashin lissafi na horar da adawa da hasashe. A cikin sabis na yanar gizo na ainihi, za mu iya iya farashin jinkiri? Takardar ba ta yi shiru ba. Bugu da ƙari, samfurin barazana yana iyakance ga salon sauye-sauye da aka sani. Me game da sabon dabarar adawa, sifili, ba a wakilta a cikin bayanan horarwa ba? Ƙarfin samfurin yana yiwuwa bai yi gabaɗaya daidai ba. Haka nan babu tattaunawa game da cinikin amfani. Shin samfurin mai ƙarfi sosai zai iya bacin rai masu amfani ta hanyar ƙin kalmomin sirri masu rikitarwa amma na halatta? Waɗannan abubuwan aiki da dabaru ba a magance su ba.

Fahimta Masu Aiki

Ga CISOs da Jagororin Tsaro na Samfura:

Dokar POC Nan Take: Ba da umarnin tabbacin ra'ayi don maye gurbin mai duba kalmar sirri na gado da samfurin da aka horar da adawa don aikace-aikacen ciki masu haɗari mai girma. Dawowar kuɗin shiga don hana kutsawar tushen shaida yana yiwuwa girma.
Haɗin Ƙungiyar Jan: Tsara tsarin. Sanya aikin ƙungiyar jan ku don ci gaba da ƙirƙirar sabbin misalan kalmar sirri na adawa. Ciyar da waɗannan kai tsaye cikin hanyar sake horarwa don mai ƙididdige ƙarfinku, ƙirƙirar madauki na adawa mai ci gaba.
Tambayar Tantance Mai Sayarwa: Sanya "Yaya kuke gwada ƙarfin adawa na AI ɗinku na tsaro?" tambaya marar sasantawa a cikin RFP ɗinku na mai sayarwa na gaba don kowane kayan aikin tsaro da ke da'awar iyawar AI.
Kasafin Kuɗi don Lissafi: Yi kira ga rabon kasafin kuɗi da aka keɓe don ƙarin albarkatun lissafi da ake buƙata don horar da AI mai ƙarfi da turawa. Tsara shi ba azaman farashin IT ba, amma a matsayin saka hannun jari kai tsaye na rage haɗari.
Duba Bayan Kalmomin Sirri: Aiwatar da wannan ruwan tabarau na adawa ga sauran masu rarrabawa na tsaro a cikin tarin ku—tace spam, gano zamba, injunan sa hannun IDS/IPS. A duk inda akwai mai rarrabawa, akwai yiwuwar makafin ido na adawa.

A ƙarshe, wannan binciken yana ba da zanen aiki mai ƙarfi amma kuma yana nuna yanayin farko na aiwatar da tsaron AI mai ƙarfi. Ƙalubalen masana'antu na gaba shine matsawa daga nunin ilimi masu ban sha'awa zuwa turawa masu iyawa, masu inganci, da masu dacewa da masu amfani waɗanda za su iya jurewa ba kawai hare-haren jiya ba, amma hazakar gobe.