Teburin Abubuwan Ciki
1. Gabatarwa
Kalmomin sirri sun kasance babbar hanyar tabbatar da mai amfani saboda sauƙinsu da sassauci. Saboda haka, zato kalmar sirri wani muhimmin sashi ne na binciken tsaro na dijital, wanda ke da mahimmanci ga duka gwajin tsaro na kai hari (misali, gwajin shiga, dawo da kalmar sirri) da kuma kimanta ƙarfin tsaro. Hanyoyin gargajiya, daga hare-haren tushen ƙa'ida zuwa samfuran ƙididdiga kamar sarƙoƙin Markov da PCFG, suna da iyakoki na asali a cikin iyawa da daidaitawa.
Zuwan ilmantarwa mai zurfi, musamman cibiyoyin jijiyoyi masu gudanar da kai kamar GPT, sun yi alƙawarin canza tsari ta hanyar koyon rarraba kalmomin sirri masu rikitarwa kai tsaye daga bayanai. Duk da haka, wani muhimmin kuskure shine dabarun samarwa. Hanyoyin samfurin da aka saba (misali, samfurin bazuwar, top-k) suna samar da kalmomin sirri a cikin tsari na bazuwar, wanda ke haifar da rashin inganci mai yawa: yawan adadin kwafi da gazawar fifita kalmomin sirri masu yuwuwar girma (don haka mafi yuwuwa) da wuri a cikin harin. Wannan takarda ta gabatar da SOPG (Samar da Kalmar Sirri Mai Tsari Tushen Bincike), wata sabuwar hanya wacce ke tilasta samfurin mai gudanar da kai ya samar da kalmomin sirri a cikin kusan tsari mai saukowa na yuwuwar, don haka yana ƙara ingantaccen ingancin hare-haren zato kalmar sirri.
2. Bayan Fage & Ayyukan Da Suka Danganta
2.1 Juyin Halittar Zato Kalmar Sirri
Zato kalmar sirri ya samo asali ta hanyar matakai daban-daban:
- Hare-haren Tushen Ƙa'ida & Ƙamus: Sun dogara da ƙa'idodin hannu da jerin kalmomi. Suna dogara sosai da ilimin ƙwararru kuma suna da saurin rasa sabbin alamu.
- Samfuran Ƙididdiga (misali, Markov, PCFG): Sun gabatar da tsarin yuwuwar. Samfura kamar OMEN da FLA sun nuna ingantaccen aiki amma sun yi gwagwarmaya da gama gari da rarraba wutsiya mai tsayi.
- Zamanin Ilmantarwa Mai Zurfi: Samfura kamar PassGAN (tushen GANs), VAEPass (tushen VAEs), da PassGPT (tushen GPT) suna amfani da cibiyoyin jijiyoyi don ƙirƙirar rarraba kalmomin sirri masu rikitarwa, masu girma mai girma ba tare da injiniyan fasali na hannu ba.
2.2 Hanyoyin Cibiyar Jijiyoyi
Samfuran masu gudanar da kai, kamar GPT, sun dace musamman don samar da kalmar sirri yayin da suke ƙirƙirar yuwuwar jeri ta hanyar alama zuwa alama: $P(kalmar sirri) = \prod_{t=1}^{T} P(c_t | c_1, ..., c_{t-1})$. Wannan yana ba da damar samar da kalmomin sirri masu tsayi daban-daban kuma yana ɗaukar abubuwan dogaro na mahallin yadda ya kamata.
2.3 Matsalar Tsarin Samarwa
Babban rashin inganci da marubutan suka gano ba iyawar samfura ba ne amma tsarin samarwa. Samfurin bazuwar daga samfurin da aka horar da shi yana samar da kalmomin sirri ba tare da la'akari da yuwuwarsu ba. Don nasarar harin ƙamus, samar da kalmomin sirri masu yuwuwar girma da farko shine mafi mahimmanci. SOPG tana magance wannan ta hanyar maye gurbin samfurin bazuwar da algorithm na bincike mai jagora.
3. Hanyar SOPG
3.1 Ka'idar Tsakiya
SOPG tana canza samar da kalmar sirri daga tsari mai sauyi zuwa matsalar bincike mafi kyau da farko. Manufar ita ce a bi sararin samun yuwuwar jerin kalmomin sirri (bishiya) a cikin tsari wanda ke fitar da jerin abubuwa daga mafi girman yuwuwar zuwa mafi ƙanƙanta.
3.2 Algorithm na Bincike
Hanyar tana amfani da jerin gwanon fifiko (misali, bambancin binciken katako ko algorithm na faɗaɗa yuwuwar). A kowane mataki, jerin ɓangaren da ke da mafi girman yuwuwar tarawa ana faɗaɗa shi da alama ɗaya. Yuwuwar jerin ɓangaren $s = (c_1, ..., c_k)$ ana ƙidaya ta samfuran: $P(s) = \prod_{t=1}^{k} P(c_t | c_1, ..., c_{t-1})$. Binciken yana ci gaba har sai an cika sharuɗɗan ƙarewa (misali, alamar ƙarshen jeri), yana fitar da cikakkiyar kalmar sirri. Ana samar da kalmar sirri ta gaba ta hanyar ci gaba da bincike daga jerin ɓangaren mafi kyau na gaba a cikin jerin gwanon.
Mahimman Tsari don Faɗaɗa Jeri: Lokacin faɗaɗa kumburi (jerin ɓangare), fifikon don sabon jerin ɗan takara $s'$ (wanda aka kafa ta hanyar haɗa alamar $c$ zuwa $s$) shine yuwuwarsu haɗin gwiwa: $Priority(s') = P(s) \cdot P(c | s)$. Binciken koyaushe yana faɗaɗa kumburin da ke da fifikon yanzu mafi girma.
3.3 Haɗawa da Samfuran Masu Gudanar da Kai (Autoregressive Models)
SOPG ba ta da alaƙa da samfura. Tana amfani da samfurin mai gudanar da kai da aka riga aka horar (misali, bambancin GPT) kawai a matsayin mai ƙididdige yuwuwar $P(c_t | mahallin)$. Algorithm na bincike yana tsara kiran wannan mai ƙididdigewa don bincika sararin jeri bisa tsari.
4. Aiwarta na Fasaha: SOPGesGPT
4.1 Tsarin Samfura
Marubutan sun aiwatar da SOPGesGPT, samfurin zato kalmar sirri da aka gina akan tsarin GPT (misali, tubalan mai fassara Transformer) kuma an horar da shi akan ƙungiyoyin kalmomin sirri da aka ɓoye. Samfurin yana koyon rarraba haruffa/ matakin byte na ainihin kalmomin sirri.
4.2 Kiyasin Yuwuwar & Bincike
Yayin samarwa, SOPGesGPT ba kawai yana ɗaukar samfuri ba. A maimakon haka, don wani jerin ɓangaren da aka bayar, yana ƙididdige rarraba yuwuwar akan dukan ƙamus don alamar ta gaba. Algorithm na SOPG yana amfani da waɗannan yuwuwar don daraja da sarrafa iyakar bincike a cikin jerin gwanon fifikon sa.
Ma'auni Mafi Muhimmanci na Aiki (Ra'ayi)
Kashi na kalmomin sirri da aka fasa daga saitin gwaji.
Adadin kalmomin sirri na musamman, ingantattu da aka samar.
Adadin kiran samfura/ zato da ake buƙata don isa ga wani rufewa.
5. Sakamakon Gwaji & Bincike
5.1 Tsarin Gwaji
An gudanar da gwaje-gwaje akan saitin bayanan kalmomin sirri na ainihin duniya (misali, RockYou). An horar da samfurin akan wani ɓangare na bayanan, kuma an kimanta aikin zato nasa da saitin gwaji da aka keɓe.
5.2 Kwatantawa da Samfurin Bazuwar
Sakamako: SOPG vs. Samfurin Bazuwar na Daidaituwa daga samfurin GPT na tushe ɗaya.
- Kawar da Kwafi: SOPG ta asali tana samar da kalmomin sirri na musamman; samfurin bazuwar yana samar da kwafi da yawa.
- Ingantaccen Tsari: Don cimma irin wannan ƙimar rufewa (misali, 10%), SOPG ta buƙaci ƙananan fahimta sosai kuma ta samar da ƙananan jimillar kalmomin sirri fiye da samfurin bazuwar. Wannan saboda tsarin samarwa na SOPG yana "buga" kalmomin sirri masu yuwuwa da wuri sosai.
Ma'anar Ginshiƙi: Zanen rufewa-da-adadin-zato zai nuna lanƙwan SOPG yana tashi da sauri da wuri, yayin da lanƙwan samfurin bazuwar zai tashi a hankali kuma a layi daya, yana nuna ingantaccen ingancin harin.
5.3 Ma'auni da Mafi Kyawun Fasaha a Halin Yanzu
Sakamako: An kwatanta SOPGesGPT da OMEN, FLA, PassGAN, VAEPass, da PassGPT a cikin gwajin wuri ɗaya.
- Ƙimar Rufe: SOPGesGPT ta cimma ƙimar rufewa na 35.06%.
- Haɓaka Dangane: Wannan yana wakiltar haɓaka na 254% akan OMEN, 298% akan FLA, 421% akan PassGAN, 380% akan VAEPass, da 81% akan PassGPT.
- Ƙimar Tasiri: SOPGesGPT kuma ta jagoranci ƙimar tasiri na samar da kalmar sirri.
Ma'anar Ginshiƙi: Ginshiƙin kwatancen ƙimar rufewa na duk samfuran zai nuna ginshiƙin SOPGesGPT ya fi duk sauran tsayi sosai, yana tabbatar da ingantaccen aikinsa ta hanyar gani.
5.4 Ma'auni Mafi Muhimmanci na Aiki
Gwaje-gwajen sun nuna cikakkiyar cewa SOPG tana magance babban rashin inganci na zato kalmar sirri na jijiyoyi. Ribar aikin ba ta fito ne daga mafi kyawun samfurin tushe ba (ko da yake GPT yana da ƙarfi), amma daga dabarun samarwa mai tsari wanda ke tabbatar da kowane zato yana da tasiri gwargwadon yiwuwa.
6. Tsarin Bincike & Misalin Lamari
Yanayi: Wani kamfani na tsaro an ba shi aikin tantance ƙarfin kalmar sirri na tsarin kamfani. Suna da samfurin kalmar sirri mai gudanar da kai da aka horar.
Hanyar Gargajiya (Samfurin Bazuwar): Mai binciken yana samar da kalmomin sirri miliyan 10. Saboda bazuwar da kwafi, kalmar sirri mai yuwuwar girma "SunanKamfani2023!" na iya bayyana bayan zato miliyan 5 kawai, yana ɓata lokaci da albarkatun lissafi.
Hanyar Ingantacciyar SOPG: Ta amfani da samfurin ɗaya tare da SOPG, mai binciken yana samar da kalmomin sirri a cikin tsari mai saukowa na yuwuwar. "SunanKamfani2023!" da sauran alamu na gama gari suna bayyana a cikin zato 100,000 na farko. Binciken ya kai ga cikakkiyar kimanta rauni (misali, "30% na kalmomin sirri na masu amfani ana iya fasa su da zato 1M") cikin sauri da ƙarancin lissafi.
Abin Da Aka Ɗauka Daga Tsarin: SOPG tana ba da tsari mai tsari, ingantaccen tsari don canza samfurin yuwuwar zuwa kayan aikin harin mai yawan amfanin ƙasa, yana ƙara dawowar saka hannun jari ga kowane fahimtar samfura.
7. Aikace-aikace na Gaba & Hanyoyin Bincike
- Masu Duba Ƙarfin Kalmar Sirri Mai Ƙarfafawa: Haɗawa cikin tsarin ƙirƙirar kalmar sirri na ainihin lokaci don yin kwaikwayon hare-haren tushen SOPG da kin kalmomin sirri marasa ƙarfi nan take.
- Horon Tsaro Mai Ƙarfafawa: Yin amfani da jerin abubuwan da SOPG ta samar don ƙirƙirar "kalmomin sirri na gama gari" masu yawa na baƙar fata ga masu gudanar da tsarin.
- Ilmantarwa na Mashahuran Machine: Nazarin ingancin SOPG na iya haifar da mafi kyawun tsaro, kamar ƙirƙirar manufofin kalmar sirri ko algorithms na hashing waɗanda suka fi jurewa ga zato mai tsari, mai hankali.
- Bayan Kalmomin Sirri: Ka'idar SOPG za a iya amfani da ita ga wasu ayyukan samarwa masu gudanar da kai inda fitarwa mai tsari ta hanyar yuwuwar ke da amfani, kamar samar da gwaje-gwaje don gwajin software ko bincika sararin mahadi na sinadarai a cikin gano magunguna.
- Bincike akan Ingantaccen Bincike: Ƙarin inganta algorithm na bincike da kansa (misali, ta amfani da dabaru masu rikitarwa, daidaitawa) don ɗaukar maɓuɓɓugar kalmomin sirri mafi girma.
8. Nassoshi
- M. Jin, J. Ye, R. Shen, H. Lu, "Samar da Kalmar Sirri Mai Tsari Tushen Bincike na Cibiyoyin Jijiyoyi Masu Gudanar da Kai," Rubutun da ke Ƙarƙashin Bita.
- J. T. G. H. M. Weir, "Yin Amfani da Nahawu na Mahallin Yuwuwar don Zato Kalmar Sirri," a cikin Proceedings of the 5th USENIX conference on Offensive technologies, 2009.
- A. Radford, da sauransu, "Samfuran Harshe Masu Koyon Ayyuka da Yawa ba tare da Kulawa ba," OpenAI Blog, 2019. (Takardar tushen GPT)
- B. Hitaj, da sauransu, "PassGAN: Hanyar Ilmantarwa Mai Zurfi don Zato Kalmar Sirri," a cikin Proceedings of the 16th International Conference on Applied Cryptography and Network Security, 2019.
- M. Pasquini, da sauransu, "PassGPT: Ƙirƙirar Kalmar Sirri da Kimanta (Ƙarfafawa) ta Amfani da Manyan Samfuran Harshe," arXiv preprint arXiv:2306.01745, 2023.
- P. G. Kelley, da sauransu, "Yi Zato Kuma (Kuma Kuma Kuma): Auna Ƙarfin Kalmar Sirri ta hanyar Yin Kwaikwayon Algorithms na Fasa Kalmar Sirri," a cikin IEEE Symposium on Security and Privacy, 2012.
9. Bincike na Asali & Hasashen Kwararre
Hasashen Tsakiya: Kyawun takardar ba ya cikin ƙirƙirar sabon tsarin jijiyoyi ba, amma a gano da gyara wani muhimmin, amma aka yi watsi da shi, lahani na tsarin a cikin aikace-aikace na samfuran AI masu ƙarfi. Ta gane cewa ga zato kalmar sirri, tsarin samarwa ba wani cikakken bayani ne kawai na aiwatarwa ba—shi ne mahimmin abu tsakanin samfura mai ƙarfi a ka'ida da makami mai inganci a aikace. Wannan yana canza mayar da hankalin bincike daga cikakkiyar iyawar samfura (tsere na makamai tare da raguwar dawowa, kamar yadda aka gani a ci gaba daga PassGAN zuwa PassGPT) zuwa inganta dabarun samarwa, ingantacciyar ingantacciyar algorithm da mafi mahimmanci.
Kwararar Ma'ana: Hujjar tana da sauƙi mai ban sha'awa: 1) Samfuran masu gudanar da kai sun yi fice wajen koyon rarraba kalmomin sirri. 2) Samfurin bazuwar daga wannan rarraba yana da rashin inganci sosai ga harin. 3) Don haka, dole ne mu ɗauki samfura cikin hikima. Maganin SOPG—kula da samarwa a matsayin bincike mafi kyau da farko akan bishiyar yuwuwar—wani kyakkyawan kuma kai tsaye fassara ne na wannan ma'ana zuwa algorithm. Yana amfani da ƙwarewar tsakiya na samfura (ƙididdige yuwuwar) don jagorantar bincikensa, yana haifar da zagaye mai inganci na inganci.
Ƙarfi & Kurakurai: Ƙarfin ba shakka ne: haɓakar 81-421% akan zamani nasara ce mai girma a cikin fage mai girma, yana tabbatar da mahimmanci na ra'ayin. Hanyar kuma tana da kyau ba ta da alaƙa da samfura, yana mai da shi haɓaka haɗawa don kowane samfurin kalmar sirri mai gudanar da kai da ya wanzu. Duk da haka, wani lahani mai yuwuwa, wanda aka yarda da shi a kaikaice, shine kudin lissafi kowane kalmar sirri. Kiyayewa da tambayar jerin gwanon fifiko yana da tsada fiye da matakin samfurin ɗaya. Takardar daidai take ta hanyar nuna raguwar jimillar kalmomin sirri da ake buƙata don rufewa, yana mai da ciniki ya zama mai kyau sosai. Wani zurfin aibi ga masu kai hari na ainihin duniya shine zaton samun damar yuwuwar kai tsaye zuwa rarraba fitarwa na samfuran, wanda bazai yi riƙe da tsarin da aka ƙarfafa ta amfani da hashing mai ci gaba (kamar Argon2) ko barkono ba. Kamar yadda aka lura a cikin binciken 2012 na Kelley da sauransu akan yin kwaikwayon algorithms na fasa, samfurin barazanar ainihin duniya yana da rikitarwa.
Hasashe Mai Aiki: Ga ƙwararrun tsaro na dijital, wannan takarda umarni ce: nan take daina duk wani kimanta ƙarfin kalmar sirri wanda ke amfani da samfurin butulci daga samfuran AI. Kayan aiki dole ne su haɗa samarwa mai tsari kamar SOPG don ba da kimanta haɗari na ainihi. Ga masu bincike, hanya a bayyane take: iyakar gaba ita ce haɗakar hanyoyi. Haɗa bincike mai tsari na SOPG tare da fa'idodin kaucewa rugujewar yanayi na GANs ko binciken sararin ɓoye na VAEs. Bugu da ƙari, yayin da manyan samfuran harshe (LLMs) suka zama nau'i-nau'i, "zato kalmar sirri" na gaba na iya haɗawa da samar da jimlolin sirri masu ma'ana dangane da bayanan mutum na mai amfani da aka tattara daga kafofin watsa labarun, tare da SOPG tana jagorantar samarwa. Al'ummar tsaro dole ne su mayar da martani iri ɗaya, suna motsawa bayan ƙa'idodin abun da ke ciki don haɓaka amfani da masu sarrafa kalmomin sirri da yaduwar ƙa'idodin FIDO2/WebAuthn, kamar yadda jagororin NIST suka ba da shawarar, don sanya ko da mafi ingantaccen hare-haren zato ya zama tsoho.