Zaɓi Harshe

Koyon Injin Adawa don Ƙarfafa Ƙimar Ƙarfin Kalmar Sirri: Nazari da Fahimta

Nazarin takarda bincike da ke amfani da koyon injin adawa don inganta daidaiton rarraba ƙarfin kalmar sirri a kan hare-haren kalmar sirri na yaudara.
computationalcoin.com | PDF Size: 0.5 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - Koyon Injin Adawa don Ƙarfafa Ƙimar Ƙarfin Kalmar Sirri: Nazari da Fahimta
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » Koyon Injin Adawa don Ƙarfafa Ƙimar Ƙarfin Kalmar Sirri: Nazari da Fahimta

1. Gabatarwa & Bayyani

Wannan binciken ya magance wata muhimmiyar rauni a cikin tsaron sirri na zamani: saukin masu ƙididdige ƙarfin kalmar sirri ga hare-haren adawa. Masu duba ƙarfin kalmar sirri na gargajiya sun dogara da tsarin ƙa'idodi na tsaye (misali, tsayi, bambancin haruffa) kuma ana iya yaudarar su cikin sauƙi ta hanyar sauya haruffa masu sauƙi (misali, 'password' da 'p@ssword'). Takardar ta ba da shawarar amfani da Koyon Injin Adawa (AML) don horar da masu rarraba mafi ƙarfi. Ta hanyar horar da tsare-tsare da gangan akan bayanan da ke da fiye da 670,000 na ƙirƙirar kalmomin sirri na adawa, marubutan suna nufin fallasa da ƙarfafa tsare-tsaren a kan irin waɗannan shigarwar yaudara, suna wucewa daga daidaita tsarin al'ada na banza don fahimtar ainihin ma'anar ƙarfin kalmar sirri.

Babbar Matsala

Mita na ƙarfin kalmar sirri na tsaye ya kasa gudanar da hare-haren yaudara masu daidaitawa, suna haifar da tunanin tsaro na ƙarya.

Shawarar Magani

Yi amfani da horon adawa—wata dabara da aka yi wahayi daga binciken ƙarfi a cikin hangen nesa na kwamfuta (misali, misalan adawa don hanyoyin sadarwar jijiyoyi da Goodfellow da sauransu suka tattauna)—zuwa fagen tsaron kalmar sirri ta rubutu.

2. Hanyoyi & Tsarin Fasaha

Babban hanyar tana ƙunshe da tsari mai matakai biyu: ƙirƙirar cikakken bayanan kalmar sirri na adawa da amfani da shi don horarwa da kimanta masu rarraba koyon inji da yawa.

2.1. Ƙirƙirar Kalmar Sirri ta Adawa

An gina bayanan adawa ta hanyar aiwatar da sauye-sauye na tsarin zuwa raunin kalmomin sirri na tushe. Waɗannan sauye-sauye suna kwaikwayon halayen amfani na gama gari da dabarun mahara:

  • Sauyin Haruffa: Maye gurbin haruffa da lambobi ko alamomi masu kama da juna (a->@, s->$, e->3).
  • Tsarin Ƙara/Bayan Gaba: Ƙara lambobi masu tsinkaya ("123") ko alamomi ("!") zuwa gajerun kalmomin sirri.
  • Bambance-bambancen Harshen Leet: Amfani da tsarin sauye-sauyen harshen 'leet'.
  • Haɗuwa na Gama Gari: Haɗa kalmomi ko sunaye masu sauƙi tare da kwanan wata.

Wannan tsari ya haifar da bayanan da kowane samfurin kalmar sirri ne da aka ƙera da gangan don ƙetare masu duba na tushen ƙa'ida yayin da suke da rauni a zahiri ga dabarun fashe kamar ƙamus ko hare-haren haɗe-haɗe.

2.2. Tsarin Koyon Injin

An yi amfani da algorithms daban-daban guda biyar na rarrabuwa don tabbatar da ƙarfi a cikin tsare-tsaren tsarin samfurin daban-daban:

  1. Koma Bayan Logistic: Samfurin tushe na layi.
  2. Injin Tallafawa Vector (SVM): Mai inganci don sararin samaniya mai girma.
  3. Gandun Daji na Bazuwar: Hanyar haɗin gwiwa don ɗaukar alaƙar da ba ta layi ba.
  4. Haɓakawa Gradient (XGBoost): Dabarar haɗin gwiwa mai ƙarfi don ƙirar rikitarwa.
  5. Hanyar Sadarwar Jijiyoyi (Multilayer Perceptron): Don ƙirar hulɗar fasali mai zurfi, matakai.

An horar da samfuran akan bayanan kalmar sirri na yau da kullun da kuma bayanan adawa. Ƙirar fasali mai yiwuwa ta haɗa da ƙididdiga na n-gram, rarraba nau'in haruffa, ma'aunin shiga, da binciken jerin kalmomin sirri da aka haramta.

3. Sakamakon Gwaji & Nazari

Babban ma'auni don kimantawa shine daidaiton rarrabuwa—ikin samfurin don lakafta kalmar sirri daidai a matsayin 'rauni' ko 'ƙarfi'.

3.1. Ma'aunin Aiki

Babban binciken shine samfuran da aka horar da misalan adawa sun nuna ingantacciyar haɓaka a daidaito—har zuwa 20%—lokacin da aka kimanta su akan saitin gwaji mai ɗauke da kalmomin sirri na adawa, idan aka kwatanta da samfuran da aka horar da su kawai akan bayanan al'ada. Wannan yana nuna nasarar canja wurin ilimin tsarin adawa.

Taƙaitaccen Sakamako

Ƙarfin Aiki: +20% Daidaito

Girman Bayanai: >670,000 samfuran adawa

Samfurin Aiki Mafi Kyau: Haɓakawa Gradient / Hanyar Sadarwar Jijiyoyi (dogaro da mahallin)

3.2. Nazarin Kwatance

Takardar tana nuna matsayi na aiki a tsakanin samfuran. Duk da yake duk sun amfana daga horon adawa, hanyoyin haɗin gwiwa (Gandun Daji na Bazuwar, Haɓakawa Gradient) da Hanyar Sadarwar Jijiyoyi mai yiwuwa sun sami mafi girman daidaito na ƙarshe saboda ikon su na koyon iyakokin yanke shawara masu rikitarwa, waɗanda ba su layi ba waɗanda ke raba ainihin kalmomin sirri masu ƙarfi daga waɗanda aka ɓoye da wayo. Samfuran layi (Koma Bayan Logistic) sun nuna haɓaka amma mai yiwuwa sun kai iyaka saboda ƙuntatawa na gine-gine.

Bayanin Ginshiƙi (An fayyace): Taswirar sanduna tana kwatanta daidaiton gwajin nau'ikan samfura biyar a cikin yanayi biyu: "Horon Al'ada" da "Horon Adawa". Duk sandunan "Horon Adawa" sun fi tsayi sosai, tare da Haɓakawa Gradient da Hanyar Sadarwar Jijiyoyi suna da sanduna mafi tsayi, suna nuna mafi girman ƙarfi.

4. Cikakkun Bayanai na Fasaha & Tsarin Aiki

4.1. Tsarin Lissafi

Ana iya tsara tsarin horon adawa a matsayin rage haɗarin a cikin mafi munin yanayi na tashin hankali. Bari $D$ ya zama rarraba bayanan kalmomin sirri, $x \sim D$ kalmar sirri, da $y$ alamar ƙarfinta na gaskiya. Samfurin al'ada $f_\theta$ yana rage yawan hasara $\mathbb{E}_{(x,y)\sim D}[L(f_\theta(x), y)]$.

Horon adawa yana neman samfuri mai ƙarfi ga tashin hankali $\delta$ a cikin saiti $\Delta$ (wakiltar sauya haruffa, da sauransu):

$$\min_\theta \mathbb{E}_{(x,y)\sim D} \left[ \max_{\delta \in \Delta} L(f_\theta(x + \delta), y) \right]$$

A aikace, ana kiyasin $\delta$ ta hanyar misalan adawa da aka ƙirƙira yayin ƙirƙirar bayanai. Babban haɓakawa yana gano bambance-bambancen yaudara, kuma ragewa na waje yana horar da samfurin don zama maras canzawa gare shi.

4.2. Misalin Tsarin Nazari

Yanayi: Kimanta sabuwar kalmar sirri 'S3cur1ty2024!'.

Mai Duba na Tushen Ƙa'ida na Gargajiya:
Shigarwa: 'S3cur1ty2024!'
Ƙa'idodi: Tsayi > 12? ✓. Yana da babba? ✓. Yana da lamba? ✓. Yana da alama? ✓.
Fitarwa: ƘARFI.

Samfurin ML da aka Horar da Adawa:
Shigarwa: 'S3cur1ty2024!'
Nazarin Fasali:

  • Kalmar tushe 'Security' an gano ta ta hanyar warware leet-speak (3->e, 1->i).
  • Shekara da aka ƙara '2024' tsari ne mai yiwuwa sosai.
  • '!' na biye abu ne na gama gari, ƙarancin shiga.
  • Gabaɗayan tsarin ya dace da samfuri na adawa mai yawan mita: [Kalmar Gama Gari + Leet] + [Shekara] + [Alama ta Gama Gari].
Ƙididdigar Samfurin: Duk da cewa yana da rikitarwa, kalmar sirri ta samo asali ne daga abubuwan da ake iya tsinkaya da sauye-sauye. Yana da rauni ga hare-haren haɗe-haɗe da aka yi niyya.
Fitarwa: MATSKAITA ko RAUNI, tare da martani: "Ku guji sauƙaƙan kalmomi tare da sauya haruffa sannan kuma lambobi masu tsinkaya."

Wannan yana nuna motsin samfurin daga nahawu zuwa ma'ana a cikin ƙimar ƙarfi.

5. Nazari Mai Zurfi & Ra'ayi na Kwararru

Babban Fahimta: Wannan takarda ba kawai game da mafi kyawun mita na kalmar sirri ba ne; shi ne yarda da dabara cewa tseren makamai na tsaron sirri ya shiga cikin matakin AI. Ainihin fahimtar shine cewa ƙarfin kalmar sirri ba kaddara ce ta tsaye ba amma mai motsi ne wanda aka ayyana shi a kan abokin gaba mai daidaitawa. Haɓakar daidaito na 20% ba ƙari ne kawai ba—shi ne bambanci tsakanin samfurin da za a iya yaudarar shi ta hanyar tsari da wanda ba za a iya ba, wanda ke wakiltar mahimmin bakin kofa a cikin amfani mai amfani.

Kwararar Hankali & Matsayin Dabarun: Marubutan sun gano daidai aibi a cikin tsarin gado (ƙa'idodin tsaye) kuma sun shigo da mafita daga yanki mafi girma na AML (hangen nesa na kwamfuta). Hankali yana da kyau: idan za ku iya yaudarar mai rarraba hoto tare da tashin hankali na pixel, za ku iya yaudarar mai rarraba kalmar sirri tare da tashin hankali na haruffa. Amfani da samfura daban-daban guda biyar yana da wayo—yana nuna ribar ƙarfi canjin tsari ne na algorithm, ba wani abu na nau'in samfurin guda ɗaya ba. Wannan yana sanya aikin a matsayin takarda na hanyoyin tushe don AI-tsaro, kamar yadda aikin farko akan misalan adawa na Goodfellow da sauransu (2014) suka tsara matsalar don ayyukan fahimta.

Ƙarfi & Kurakurai:

  • Ƙarfi (Aiki): Mayar da hankali kan tsarin adawa na zahiri, na ɗan adam (leet magana, ƙara) maimakon hare-haren tushen gradient kawai ya sa binciken ya zama mai amfani nan take. Yana magance ainihin samfurin barazana.
  • Ƙarfi (Ma'auni): Bayanan da ke da 670k+ samfuran adawa yana ba da nauyin gwaji mai yawa, yana motsawa fiye da tabbacin ra'ayi.
  • Aibi (Zurfin Kimantawa): Nazarin, kamar yadda aka gabatar, da alama ya fi mayar da hankali kan daidaito. A cikin tsaro, korau mara kyau (lakafta kalmar sirri mai rauni a matsayin ƙarfi) suna da bala'i, yayin da ingantattun korau kawai suna da ban haushi. Zurfafa cikin tunawa/daidaito don ajin 'rauni', ko ma'auni kamar FPR/FNR, yana da mahimmanci. Ta yaya samfurin yake aiki a kan sababbin, tsarin adawa na sifili-sifili da ba a cikin saitin horonsa ba?
  • Aibi (Motsin Abokin Gaba na Gaba): Takardar tana horarwa akan saitin sauye-sauye na tsaye. Abokin gaba mai ƙware, sanin irin wannan samfurin da aka tura, zai yi amfani da tsarin ƙirƙira (misali, tsarin kamar GAN kamar yadda aka bincika a cikin ayyuka kamar "PassGAN" na Hitaj da sauransu) don ƙirƙirar sabbin kalmomin sirri na yaudara. Hanyar yanzu bazai iya ƙarfi ga wannan abokin gaba mai daidaitawa, mai ƙirƙira ba.

Fahimta Mai Aiki:

  1. Ga Manajoji na Samfura (PMs): Nan take rage darajar kowane mita na kalmar sirri na tushen ƙa'ida a cikin sabis ɗinku. Farashin fashewar bayanai daga mai amfani da aka tabbatar da ƙarya ya fi girman farashin haɓaka na haɗa samfurin da aka horar da adawa. Wannan ya kamata ya zama sabuntawa mara sasantawa a cikin gudu na gaba.
  2. Ga Masu Zane na Tsaro: Ku ɗauki mai ƙididdige ƙarfin kalmar sirri ba a matsayin kayan aiki mai sauƙi ba, amma a matsayin ainihin, abin da za a iya sabuntawa na AI. Aiwatar da bututun horon adawa na ci gaba inda sabbin tsarin yaudara daga bayanan keta ko gwaje-gwajen shiga ana ciyar dasu akai-akai don sake horar da samfurin. Wannan yana motsawa daga "saita-da-manta" zuwa "ci gaba da haɓaka" tsaro.
  3. Ga Masu Bincike: Mataki na gaba a bayyane yake: matsar daga bayanan adawa na tsaye zuwa wuraren kwaikwayon adawa. Haɓaka tsare-tsare inda mai ƙididdige ƙarfi da wakilin fashe kalmar sirri (kamar John the Ripper ko Hashcat) aka saita a kan juna a cikin madauki na ƙarfafawa. Za a sami ainihin ƙarfi lokacin da kimantawar samfurin ta yi daidai da ainihin lokacin fashewa a kan masu fashewa na zamani, ba kawai bayanan da aka lakafta ba.
Wannan aikin mataki ne na farko mai mahimmanci, amma masana'antu dole ne su duba shi a matsayin farkon yaƙin AI na adawa mai gudana, ba magani na lokaci ɗaya ba.

6. Aikace-aikace na Gaba & Jagorori

  • Haɗawa da Manufofin Kalmar Sirri Mai Ƙarfafawa: Bayan ba da martani kawai, tsarin gaba zai iya amfani da mai rarraba mai ƙarfi don tilasta manufofin ƙirƙirar kalmar sirri waɗanda aka sabunta su da ƙarfi bisa sabbin yanayin adawa, suna motsawa daga jerin toshewa zuwa kin amincewa na AI na lokaci-lokaci na tsarin rauni masu tsinkaya.
  • Haɓaka Gano Phishing: Dabarun gano kalmomin sirri na yaudara na iya daidaitawa don gano URLs na yaudara ko rubutun imel a cikin yunƙurin phishing, inda abokan gaba su ma ke amfani da sauya haruffa da ɓarna.
  • Tsaron Cushewar Shaidar Shaidar: Samfuran da aka horar da adawa za a iya amfani da su don duba bayanan kalmar sirri na mai amfani da ke akwai (a cikin sigar da aka yi hashe, tare da yardar mai amfani) don gano masu amfani da ke da raunin kalmomin sirri masu canzawa da tilasta sake saiti kafin fashewar ta faru.
  • Koyon Adawa na Tarayya: Don yaƙar matsalar abokin gaba mai ƙirƙira, ƙungiyoyi za su iya haɗin gwiwa ta hanyar kiyaye sirri (ta amfani da dabarun koyon tarayya) don raba ilimin sabbin tsarin kalmar sirri na adawa ba tare da fallasa ainihin bayanan mai amfani ba, suna haifar da hankali na tsaro na gama gari.
  • Bayan Kalmomin Sirri: Babban hanyar yana aiki ga kowane binciken manufofin tsaro na rubutu, kamar kimanta ƙarfin tambayoyin tsaro ko gano raunin maɓɓɓan ɓoyayyen da aka samo daga jimlolin abin tunawa.

7. Nassoshi

  1. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and Harnessing Adversarial Examples. arXiv preprint arXiv:1412.6572.
  2. Hitaj, B., Gasti, P., Ateniese, G., & Perez-Cruz, F. (2017). PassGAN: A Deep Learning Approach for Password Guessing. In International Conference on Applied Cryptography and Network Security (pp. 217-237). Springer, Cham.
  3. Microsoft. (n.d.). Microsoft Password Checker. [Kayan aiki na Kan layi].
  4. Google. (n.d.). Password Checkup. [Kayan aiki na Kan layi].
  5. Melicher, W., Ur, B., Segreti, S. M., Komanduri, S., Bauer, L., Christin, N., & Cranor, L. F. (2016). Fast, lean, and accurate: Modeling password guessability using neural networks. In 25th USENIX Security Symposium (pp. 175-191).
  6. National Institute of Standards and Technology (NIST). (2017). Digital Identity Guidelines: Authentication and Lifecycle Management (NIST Special Publication 800-63B).