PESrank: Kima ta Kan layi na Yiwuwar Bayanin Sirri ta hanyar Kima Mai Girma Mai Sauƙi

1. Gabatarwa

Wannan takarda ta gabatar da PESrank, sabon na'urar kima ƙarfin bayanin sirri da aka ƙera don daidaitaccen ƙirar halayen mai fasa bayanin sirri mai ƙarfi ta hanyar lissafin matsayin bayanin sirri a cikin tsari mafi kyau na yuwuwa. Tana magance buƙatu mai mahimmanci na saurin, daidaitaccen, da bayyana amsoshin ƙarfin bayanin sirri a cikin tsarin kan layi.

1.1. Bayanan Baya

Duk da raunin su, bayanan sirri na rubutu sun kasance babbar hanyar tabbatar da asali. Na'urorin kima ƙarfi na gama-gari (misali, dokokin LUDS) ba su da daidaito. Na'urorin kima na tushen mai fasa ta amfani da samfuran Markov, PCFGs, ko hanyoyin sadarwar jijiyoyi suna ba da mafi kyawun daidaito amma sau da yawa suna fama da dogon lokacin horo ko rashin aikin ainihi da bayyanawa.

1.2. Gudunmawa

Babban gudunmawar PESrank shine sabon aikace-aikacen tsarin kima matsayi na binciken gefen hanya zuwa bayanan sirri, yana ba da damar kima matsayi cikin ƙasa da dakika ba tare da ƙidayawa ba, gajarta lokacin horo sosai, ingantaccen keɓance samfurin ba tare da sake horarwa ba, da kuma bayyanawa na asali don amsoshin mai amfani.

2. Hanyar PESrank

PESrank ya sake tsara kima ƙarfin bayanin sirri a matsayin matsalar kima matsayi mai girma mai sauƙi, yana ɗaukar wahayi daga dabarun binciken harin gefen hanya da ake amfani da su a cikin sirri.

2.1. Wakilcin Bayanin Sirri Mai Girma Mai Sauƙi

Ana rarraba bayanin sirri zuwa wani batu a cikin sararin bincike mai girma d. Girman yana wakiltar halaye masu zaman kansu kamar kalmar tushe (misali, "bayanin sirri"), tsarin babban harafi (misali, "Bayanin Sirri"), ƙari na ƙarshe (misali, "bayaninsirri123"), ko canje-canjen leet-speak (misali, "b@yaninsirri0rd"). Ana koyon rarraba yuwuwar kowane girma daban daga bayanan bayanan sirri.

2.2. Tsarin Kima Matsayi

Maimakon ƙidaya duk yuwuwar bayanan sirri, PESrank yana kima matsayin takamaiman haɗin bayanin sirri ta hanyar lissafin adadin haɗin bayanan sirri waɗanda suka fi yuwuwa (watau suna da haɗin yuwuwa mafi girma) fiye da bayanin sirri da aka bayar. Wannan yayi kama da kima matsayin maɓallin ɓoyewa a cikin harin gefen hanya.

3. Aiwarta na Fasaha & Tsarin Lissafi

3.1. Babban Algorithm da Tsari

Babban PESrank ya ƙunshi lissafin haɗin yuwuwar bayanin sirri da wakilcin vector na ƙimar girma $\vec{x} = (x_1, x_2, ..., x_d)$. Da zaton girma suna zaman kansu (sauƙaƙe don inganci), yuwuwar ita ce: $$P(\vec{x}) = \prod_{i=1}^{d} P_i(x_i)$$ inda $P_i(x_i)$ shine yuwuwar ƙimar $x_i$ a cikin girma $i$, wanda aka koya daga bayanan horo. Matsayi $R(\vec{x})$ ana kima ta hanyar taƙaita yuwuwar duk vectors $\vec{y}$ inda $P(\vec{y}) > P(\vec{x})$. Ana amfani da ingantattun algorithms daga wallafe-wallafen gefen hanya, kamar hanyar bounding, don lissafin ƙaƙƙarfan iyaka na sama da ƙasa don wannan jimla ba tare da cikakken ƙidayawa ba.

3.2. Bayyanawa da Keɓancewa

Samfurin mai girma mai sauƙi yana da bayyanawa na asali. Tsarin zai iya ba da rahoton wane girma (misali, "kalmar tushe da aka saba sosai" ko "ƙari mai hasashe kamar '123'") ya fi ba da gudummawa sosai ga ƙananan matsayin bayanin sirri (babban yiwuwar zato). Keɓancewa (misali, haɗa sunan mai amfani ko shekarar haihuwa a matsayin kalmar tushe da aka haramta) ana iya samun ta hanyar daidaita yuwuwar $P_i(x_i)$ don girma masu dacewa zuwa kusan sifili, yana shafar lissafin matsayi nan take ba tare da sake horar samfurin ba.

4. Sakamakon Gwaji & Aiki

4.1. Ma'auni na Daidaito da Sauri

An kimanta aiwartar Python sosai. Babban sakamako ya haɗa da:

Sauri: Lokacin amsa ƙasa da dakika don kima matsayi, ko da tare da samfurin da aka horar akan bayanan sirri miliyan 905.
Daidaito: Iyakokin matsayin da aka kima sun kasance koyaushe a cikin factor na 2 (iyakar 1-bit) na ainihin matsayi, yana nuna babban daidaito.
Lokacin Horo: Gajarta sosai fiye da hanyar sadarwar jijiyoyi ko samfuran PCFG masu rikitarwa, suna buƙatar ƙananan lissafi sosai.

Waɗannan ma'auni suna nuna yuwuwar aikace-aikace don aiwarta kan layi.

4.2. Aiwarta a Duniyar Gaske

An haɗa PESrank cikin shafin rajistar darasi na jami'a. Ya ba da amsoshin ainihi, masu bayyanawa ga masu amfani waɗanda ke ƙirƙirar bayanan sirri, yana nuna amfani da aikinsa a ƙarƙashin yanayin kaya na ainihi. Amsoshin sun taimaka wajen karkatar da masu amfani daga ƙaƙƙarfan tsarin bayanin sirri mai hasashe.

5. Tsarin Bincike & Misalin Hali

Hangen Nesa na Manazarcin: Babban Fahimta, Tsarin Ma'ana, Ƙarfi & Kurakurai, Fahimta Mai Aiki

Babban Fahimta: PESrank ba wani ƙarin ci gaba ne kawai a cikin mitocin bayanin sirri ba; canji ne na tsari na asali. Ya yi nasarar dasa ingantaccen tsari, tsarin ƙididdiga na kima matsayi na gefen hanya—mafi mahimmanci a cikin kimanta kayan aikin sirri mai haɗari—cikin duniyar bayanan sirri da mutum ya zaɓa. Wannan motsi daga zato na tunani zuwa binciken sirri na yuwuwa babban fasaha ne. Yana ɗaukar fasa bayanin sirri ba a matsayin matsalar harshe ko daidaita tsari ba, amma a matsayin matsalar bincike a cikin sararin yuwuwar da aka tsara, yana daidaitawa daidai da yadda masu fasa zamani kamar Hashcat da John the Ripper ke aiki da ainihi tare da dokokin mangling da sarƙoƙin Markov.

Tsarin Ma'ana: Ma'ana tana da kyau sosai. 1) Rushe bayanan sirri zuwa siffofi masu zaman kansu, masu dacewa da mai fasa (kalmomin tushe, canje-canje). 2) Koya samfurin yuwuwa mai sauƙi don kowane siffa daga bayanan keta. 3) Sake gina yiwuwar zato na bayanin sirri ta hanyar lissafin yawan ƙarin haɗin yuwuwa da ke wanzu. Wannan yana ƙetare buƙatar samfuran guda ɗaya, marasa bayyanawa na hanyoyin sadarwar jijiyoyi (kamar waɗanda ke cikin [30, 37]) ko kuma wasu tsarin dokoki marasa ƙarfi na PCFGs [41]. Zaton 'yancin kai tsakanin girma shine babban tsalle-tsalle mai sauƙaƙa, yana cinikin wasu daidaiton ƙirar don babban riba a cikin sauri da bayyanawa—ciniki wanda ya bayyana yana da fifiko sosai a aikace.

Ƙarfi & Kurakurai: Ƙarfinsa yana da ƙarfi: sauri mai zafi da bayyanawa na asali siffofi ne masu kisa don karɓar duniyar gaske, suna magance manyan matsaloli biyu na samfuran ilimi. Dabarar keɓancewa tana da wayo da aikace-aikace. Duk da haka, babban aibi yana cikin zaton 'yancin kai. Duk da inganci, yana yin watsi da alaƙa (misali, wasu tsarin babban harafi suna da yuwuwa tare da wasu kalmomin tushe). Wannan zai iya haifar da rashin daidaiton matsayi don bayanan sirri masu rikitarwa, masu alaƙa. Bugu da ƙari, daidaitonsa yana da alaƙa ta asali da inganci da faɗin bayanan horo na kowane girma, dogaro da yake raba tare da duk samfuran da ke da alaƙa da bayanai. Yana iya fama da sabbin dabarun ƙirƙirar bayanin sirri da ba a gani a cikin ketare da suka gabata.

Fahimta Mai Aiki: Ga ƙungiyoyin tsaro, saƙon yana bayyana: watsar da mitocin LUDS. PESrank ya nuna cewa daidaitaccen mai fasa, amsoshin ainihi yanzu yana yiwuwa a aikace. Hanyar haɗawa da aka nuna—saka shi a cikin tashar rajista—tsari ne. Ga masu bincike, gaba yana cikin samfuran haɗin gwiwa. Haɗa ingantaccen tsari, tsarin bayyanawa na PESrank tare da ɓangaren jijiyoyi mai haske don ƙirar alaƙar tsakanin girma, kama da yadda samfuran hangen nesa kamar CycleGAN ke amfani da janareta daban-daban don canje-canjen yanki daban-daban yayin riƙe ingantaccen tsari. Gaba na gaba shine keɓancewa mai daidaitawa wanda ke koyo daga shawarwarin bayanin sirri da mai amfani ya *ƙi* don inganta samfurinsa a ainihin lokacin, yana motsawa bayan jerin toshe na tsaye.

6. Aikace-aikace na Gaba & Hanyoyin Bincike

Farautar Barazana Mai Ƙarfafawa: Bayan mitocin da ke fuskantar mai amfani, babban algorithm na PESrank zai iya duba bayanan bayanan sirri da suka wanzu (tare da hashing da ya dace) don gano da tuta asusun da ke da bayanan sirri masu yuwuwar zato sosai, yana ba da damar tilasta sake saiti.
Ingantattun Injunan Keɓancewa: Tsarin gaba zai iya haɗawa da kundayen ƙungiya (misali, LDAP) don keɓance samfurin ta atomatik tare da sunayen ma'aikata, sunayen aikin aikin, da kalmomin cikin gida, ƙirƙirar samfurin barazana na musamman na ƙungiya mai motsi.
Ma'auni da Daidaitawa: Hanyar kima matsayi tana ba da ma'auni mai ƙarfi, ƙididdiga. Wannan zai iya zama tushen ma'auni na ƙimar ƙarfin bayanin sirri a cikin masana'antu, yana motsawa bayan lakabi maras tabbas na "ƙarfi" ko "rauni".
Tabbatar da Samfurin Tsakanin: Ana iya amfani da PESrank a matsayin tacewa na "farko mai sauri, mai bayyanawa", tare da bayanan sirri da ake tuhuma don zurfafa bincike ta samfuran da ke da ƙarfin lissafi (misali, RNNs), ƙirƙirar kariya mai matakai.
Bincike kan Haɗin Kai na Girma: Babbar hanyar bincike ita ce sassauta zaton 'yancin kai. Bincika samfuran alaƙa masu haske (misali, hanyoyin sadarwar Bayesian akan girma) zai iya inganta daidaito don bayanan sirri masu rikitarwa ba tare da yin hasarar babban fa'idar sauri ba.

7. Nassoshi

L. David da A. Wool, "Online Password Guessability via Multi-Dimensional Rank Estimation," arXiv preprint arXiv:1912.02551v2, 2020.
J. Bonneau, "The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords," IEEE Symposium on Security and Privacy, 2012.
M. Weir, S. Aggarwal, B. de Medeiros, da B. Glodek, "Password Cracking Using Probabilistic Context-Free Grammars," IEEE Symposium on Security and Privacy, 2009.
W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin, da L. F. Cranor, "Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks," USENIX Security Symposium, 2016.
D. Wang, H. Cheng, P. Wang, X. Huang, da G. Jian, "A Security Analysis of Honeywords," NDSS, 2018. (Misali na zurfafa bincike mai alaƙa da bayanin sirri)
P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, da J. Lopez, "Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms," IEEE Symposium on Security and Privacy, 2012.
Cibiyar Ƙididdiga ta Ƙasa (NIST), "Jagororin Asalin Dijital," NIST Special Publication 800-63B, 2017. (Don mahallin ma'auni na tabbatar da asali)