SOPG: Bincike-Bisa Tsarin Samar da Kalmar Sirri Mai Tsari don Cibiyoyin Jijiyoyi na Autoregressive
Bincike kan SOPG, wata sabuwar hanyar samar da kalmar sirri da ke tsara sakamako bisa yiwuwa, wadda ke inganta ingantaccen harin sosai fiye da samfurin bazuwar kuma ta fi na zamani.
Gida »
Takaddun »
SOPG: Bincike-Bisa Tsarin Samar da Kalmar Sirri Mai Tsari don Cibiyoyin Jijiyoyi na Autoregressive
1. Gabatarwa
Kalmomin sirri sun ci gaba da zama babbar hanyar tabbatar da mai amfani saboda sauƙinsu da sassaucinsu. Saboda haka, zato kalmar sirri wani muhimmin sashi ne na binciken tsaron yanar gizo, wanda ke da mahimmanci ga duka gwajin tsaro na kai hari (misali, gwajin shiga, dawo da kalmar sirri) da kuma kimanta ƙarfin tsaro. Hanyoyin gargajiya, daga ƙididdiga na tushen ƙa'ida zuwa ƙirar ƙididdiga kamar sarƙoƙin Markov da PCFG, suna da iyakoki na asali a cikin bambance-bambance da inganci. Zuwan koyo mai zurfi, musamman cibiyoyin jijiyoyi na autoregressive kamar GPT, suna ba da hanya mai ban sha'awa don samar da ƙarin zato na kalmar sirri na gaskiya da inganci. Duk da haka, babban matsalar cikas ya ci gaba: daidaitaccen hanyar samfurin bazuwar yana haifar da sakamako masu maimaitawa kuma, mahimmanci, yana samar da kalmomin sirri a cikin tsari mara kyau, yana hana ingantaccen harin sosai. Wannan takarda ta gabatar da SOPG (Samuwar Kalmar Sirri Mai Tsari Bisa Bincike), wata sabuwar hanyar da aka ƙera don shawo kan wannan matsalar cikas.
2. Bayan Fage & Ayyukan Da Suka Danganta
2.1 Juyin Halitta na Zato Kalmar Sirri
Zato kalmar sirri ya samo asali ta matakai daban-daban. Hanyoyin farko sun dogara da hare-haren ƙamus da ƙirar ƙa'idodin ɓarna da hannu (misali, John the Ripper), waɗanda suka kasance na gwaji da dogaro da gogewa. Yaduwar ɓarkewar kalmomin sirri masu girma (misali, RockYou a 2009) ya ba da damar hanyoyin ƙididdiga na tushen bayanai. Model ɗin Markov da Nahawun Mahallin Kyauta na Yiwuwa (PCFG) sun wakilci manyan ci gaba, suna ba da tushe na ka'idar don ƙirar tsarin kalmomin sirri da yiwuwa. Duk da haka, waɗannan model ɗin sau da yawa suna fama da wuce gona da iri da iyakataccen iyawa don samar da babban, bambance-bambancen saitin 'yan takara masu yuwuwa.
2.2 Hanyoyin Bisa Cibiyoyin Jijiyoyi
An yi amfani da model ɗin koyo mai zurfi, ciki har da Cibiyoyin Jijiyoyi Masu Gabaɗaya (GANs) kamar PassGAN da Masu Karkatar da Kanta na Bambance-bambance (VAEs) kamar VAEPass, don samar da kalmar sirri. Kwanan nan, model ɗin autoregressive, musamman waɗanda suka dogara da tsarin Transformer (misali, PassGPT), sun nuna mafi girman aiki a kama dogon lokaci dangantaka a cikin jerin kalmomin sirri. Waɗannan model ɗin suna koyon rarraba yiwuwa $P(kalmar sirri)$ daga bayanan horo. Babban ƙalubale ba ya cikin ikon koyon model ɗin amma a cikin dabarar samuwa (samfurin) da ake amfani da ita don samar da zato daga wannan rarraba da aka koya.
3. Hanyar SOPG
3.1 Babban Ra'ayi & Dalili
Babban fahimtar SOPG shine cewa don harin karya kalmar sirri ya zama mai inganci, kalmomin sirri da aka samar ya kamata a gabatar da su a cikin kusan tsari na raguwa na yuwuwarsu kamar yadda model ɗin ya ƙiyasta. Daidaitaccen samfurin bazuwar (misali, samfurin kakanni) baya tabbatar da wannan tsari, yana haifar da ɓata ƙoƙarin lissafi akan zato maras yuwuwa da wuri a cikin harin. SOPG tana magance wannan ta hanyar maye gurbin samfurin bazuwar da algorithm na bincike mai jagora akan sararin samar da sakamako na model ɗin autoregressive.
3.2 Algorithm na Bincike & Samuwa Mai Tsari
SOPG tana ɗaukar model ɗin autoregressive a matsayin aikin maki. Tana amfani da dabarar bincike (a ra'ayi mai kama da binciken katako ko bincike mafi kyau-farko) don bincika bishiyar yuwuwar jerin haruffa bisa tsari. Algorithm ɗin ya ba da fifiko don faɗaɗa rassan (kalmomin sirri na ɓangare) tare da mafi girman yuwuwar tarawa, yana tabbatar da cewa an samar da cikakkun kalmomin sirri kuma ana fitar da su a cikin tsari kusan mafi kyau. Wannan tsari a zahiri yana kawar da maimaitawa kuma yana haɓaka damar buga kalmar sirri da aka yi niyya tare da mafi ƙarancin adadin zato da aka samar.
3.3 Tsarin Ginin Model ɗin SOPGesGPT
Marubutan sun aiwatar da hanyarsu akan tsarin ginin GPT, wanda ake kira SOPGesGPT. Wannan model ɗin yana koyon yuwuwar sharadi na kowane harafi a cikin kalmar sirri idan aka ba da haruffan da suka gabata: $P(x_t | x_{1}, x_{2}, ..., x_{t-1})$. Daga nan sai a yi amfani da algorithm ɗin SOPG yayin lokacin ƙididdiga/samuwa don samar da jerin zato na kalmar sirri mai tsari daga wannan model ɗin da aka horar.
4. Cikakkun Bayanai na Fasaha & Tsarin Lissafi
Ga model ɗin autoregressive, yuwuwar kalmar sirri $\mathbf{x} = (x_1, x_2, ..., x_T)$ an raba shi kamar haka:
$$P(\mathbf{x}) = \prod_{t=1}^{T} P(x_t | x_{
5. Sakamakon Gwaji & Bincike
Ƙimar Rufe (SOPGesGPT)
35.06%
Mafi girman da aka samu a gwajin wuri ɗaya.
Ci gaba akan PassGPT
81%
Ƙaruwa a cikin ƙimar rufe.
Ci gaba akan PassGAN
421%
Ƙaruwa a cikin ƙimar rufe.
5.1 Kwatanta: SOPG da Samfurin Bazuwar
Gwaje-gwajen sun nuna fa'idar asali ta SOPG akan samfurin bazuwar. Lokacin da ake nufin ɗaukar hoto iri ɗaya na kalmar sirri (ƙimar rufe) akan saitin gwaji, SOPG tana buƙatar ƙarancin ƙididdiga na model kuma tana samar da ƙarancin jimillar kalmomin sirri. Wannan saboda kowane zato daga SOPG na musamman ne kuma mai yuwuwa, yayin da samfurin bazuwar yana ɓata albarkatu akan maimaitawa da igiyoyi marasa yuwuwa. Wannan yana fassara kai tsaye zuwa babban ribar inganci don hare-hare na zahiri, yana rage lokaci da farashin lissafi.
5.2 Aiki Daidai da Model ɗin Zamani
An yi gwajin SOPGesGPT da manyan model ɗin: OMEN, FLA, PassGAN, VAEPass, da PassGPT na zamani. A cikin yanayin gwaji na wuri ɗaya, SOPGesGPT ya fi duk abokan hamayya sosai a cikin ingantacciyar ƙima da ƙimar rufe. Ƙimar rufe da aka ruwaito na 35.06% yana wakiltar ci gaba na 254% akan OMEN, 298% akan FLA, 421% akan PassGAN, 380% akan VAEPass, da 81% akan PassGPT. Wannan ya kafa SOPG ba kawai a matsayin mai samfurin inganci ba, amma a matsayin muhimmin sashi wanda ke ba da damar sabon matsayi na zamani a cikin aikin zato kalmar sirri.
Bayanin Chati: Chatin sanduna zai nuna "Ƙimar Rufe (%)" akan Y-axis da sunayen model (OMEN, FLA, PassGAN, VAEPass, PassGPT, SOPGesGPT) akan X-axis. Sandar SOPGesGPT za ta zama mai tsayi sosai (~35%) idan aka kwatanta da sauran (waɗanda suka kewayo daga kusan 7% zuwa 19%), yana jaddada mafi girman aikinsa a gani.
6. Tsarin Bincike & Misalin Lamari
Tsarin Kimanta Model ɗin Zato Kalmar Sirri:
Ƙarfin Ƙirƙira: Shin tsarin ginin zai iya koyon rarraba kalmomin sirri masu rikitarwa daidai? (misali, GPT da GAN).
Dabarar Samuwa: Yaya ake samun samfurin 'yan takara daga model? (Bazuwar da Tsari/Bisa bincike).
Ma'auni na Ingantaccen Hari:
Ƙimar Rufe: % na kalmomin sirri na gwaji da aka karya a cikin N zato.
Lambar Zato: Adadin zato da ake buƙata don karya X% na kalmomin sirri.
Ingantacciyar Ƙima: % na zato da aka samar waɗanda suke ingantattun kalmomin sirri na musamman.
Farashin Lissafi/Lokaci: Ƙididdiga ko lokaci kowane zato.
Misalin Lamari (Ba Code ba): Ka yi la'akari da masu kai hari guda biyu, Alice da Bob, suna amfani da irin wannan model ɗin PassGPT da aka horar. Alice tana amfani da daidaitaccen samfurin bazuwar. Bob yana amfani da hanyar SOPG da aka haɗa da PassGPT (wanda ya sa ya zama SOPGesGPT). Don karya 20% na jerin kalmar sirri da aka yi niyya, mai samfurin Alice na iya buƙatar samar da zato miliyan 5, tare da maimaitawa da yawa, yana ɗaukar sa'o'i 10. Tsarin Bob na tushen SOPG yana samar da kalmomin sirri a cikin tsari na yiwuwa, yana karya irin wannan 20% tare da zato na musamman 500,000 kawai, masu yuwuwa, yana kammala aikin a cikin sa'a 1. Harin Bob ya fi inganci sau 10 dangane da zato da lokaci, fa'ida mai mahimmanci.
7. Hangen Nesa na Aikace-aikace & Hanyoyin Gaba
Aikace-aikace Nan da Nan:
Gwajin Ƙarfin Kalmar Sirri Mai Ƙarfafawa: Ƙungiyoyin tsaro za su iya amfani da model ɗin da aka haɓaka SOPG don bincika manufofin kalmar sirri da inganci, gano raunin kalmomin sirri kafin masu kai hari su yi.
Binciken Dijital & Tilasta Bin Doka: Haɓaka dawo da kalmar sirri daga na'urorin da aka kwace a cikin binciken laifuka.
Ingantattun Jerin Baƙaƙen Kalmar Sirri: Samar da cikakkun jerin kalmomin sirri masu rauni da tsari na yiwuwa don ƙin tsarin yayin ƙirƙira.
Hanyoyin Bincike na Gaba:
Bincike Haɗaɗɗe & Mai Daidaitawa: Haɗa SOPG tare da wasu hasashe na bincike ko sanya shi ya dace bisa halayen manufa (misali, gidan yanar gizo, ƙididdiga na mai amfani).
Tsaro akan Zato Mai Tsari: Bincike cikin sabbin tsare-tsaren hashing na kalmar sirri ko ka'idojin tabbatarwa waɗanda ke da juriya musamman ga hare-haren yiwuwa mai tsari, suna motsawa bayan tsaro na tushen entropy.
Bayan Kalmomin Sirri: Yin amfani da ƙa'idodin samuwa mai tsari zuwa wasu yankuna na tsaro, kamar samar da maɓallan ɓoyewa masu yuwuwa ko tsarin kutsawa cibiyar sadarwa don gwaji.
Haɓaka Inganci: Rage ƙwaƙwalwar ajiya da ƙarin lissafi na algorithm ɗin bincike don sanya shi ya zama mai girma ga mafi girman model da saitin haruffa.
8. Nassoshi
M. J. Weir et al., "Karya Kalmar Sirri Ta Amfani da Nahawun Mahallin Kyauta na Yiwuwa," a cikin IEEE Symposium on Tsaro da Keɓantawa, 2009.
B. Hitaj et al., "PassGAN: Hanyar Koyo Mai Zurfi don Zato Kalmar Sirri," a cikin Babban Taro na Duniya akan Tsaro na Cryptography da Tsaron Cibiyar Sadarwa, 2019.
J. Goodfellow et al., "Cibiyoyin Jijiyoyi Masu Gabaɗaya," a cikin Ci gaba a Cibiyoyin Sarrafa Bayanai na Jijiyoyi, 2014. (Takardar tushen GAN)
A. Vaswani et al., "Hankali Shine Abinda Kake Bukata," a cikin Ci gaba a Cibiyoyin Sarrafa Bayanai na Jijiyoyi, 2017. (Takardar tushen Transformer)
D. P. Kingma da M. Welling, "Karkatar da Kanta-Variational Bayes," arXiv:1312.6114, 2013. (Takardar tushen VAE)
M. Dell'Amico da P. Filippone, "Ƙimar Ƙarfi na Monte Carlo: Saurin Gwajin Kalmar Sirri Mai Dogaro," a cikin Babban Taro na ACM akan Tsaron Kwamfuta da Sadarwa, 2015.
OpenAI, "Rahoton Fasaha na GPT-4," 2023. (Yana nuna iyawar manyan model ɗin autoregressive).
9. Bincike na Asali & Sharhin Kwararru
Babban Fahimta
Nasarar takardar ba sabon tsarin ginin jijiyoyi ba ne, amma sake fasalin matsalar asali. Shekaru da yawa, al'ummar zato kalmar sirri, kamar yadda fagen binciken GAN na farko ya mai da hankali sosai kan sabon abu na tsarin gini (kamar yadda aka gani a ci gaba daga GAN na asali zuwa CycleGAN don fassara hoto), sun kasance cikin sha'awar ƙarfin ƙirƙira. SOPG ta gano daidai cewa don harin aiki, dabarar samuwa ita ce hanyar mahimmanci. Fahimtar cewa model ɗin autoregressive ba kawai mai samarwa ba ne amma aikin maki don sararin bincike haɗaɗɗiya yana da ƙarfi kuma mai canzawa. Yana canza mayar da hankali daga "koyo mafi kyau" zuwa "bincike mai hikima," canjin tsari tare da sakamako nan da nan, mai ban mamaki.
Kwararar Hankali
Hankali yana da kyau kuma yana kwatanta mafi kyawun ayyuka a cikin inganta algorithm: 1) Gano Matsalar Cikas: Samfurin bazuwar bai dace ba (maimaitawa, tsari mara kyau). 2) Ayyana Manufa Mafi Kyau: Ya kamata a gwada kalmomin sirri a cikin tsari na raguwa na yiwuwa. 3) Zana Taswira zuwa Matsala da aka sani: Wannan bincike ne mafi kyau-farko akan bishiya inda farashin kumburi shine -log(yiwuwa). 4) Aiwatar & Tabbatar: Aiwatar da algorithm ɗin bincike (SOPG) zuwa ƙaƙƙarfan model ɗin tushe (GPT) kuma a nuna haɓakar ma'auni. Kwararar daga gano matsala ta hanyar maganin algorithm zuwa tabbatarwa na zahiri yana da tsabta kuma mai gamsarwa.
Ƙarfi & Kurakurai
Ƙarfi: Ribar aikin ba ta da ƙari; suna juyin juya hali, tare da haɓaka 80-400% akan matsayi na zamani. Hanyar tana da kyau a ra'ayi kuma ba ta da alaƙa da model—mai yiwuwa za a iya haɗa shi zuwa kowane model ɗin kalmar sirri na autoregressive. Kawar da maimaitawa fa'ida ce kyauta kuma mai mahimmanci.
Kurakurai & Tambayoyi: Takardar tana da sauƙi akan farashin lissafi na binciken kansa. Binciken katako ko A* na iya zama ƙwaƙwalwar ajiya da ƙarin lissafi. Yaya ma'aunin "ƙididdiga kowane kalmar sirri" ya daidaita da sauƙin samfurin bazuwar? Binciken na iya zama mai inganci a cikin ƙididdigar zato amma mai tsada a cikin lokacin bango kowane zato. Bugu da ƙari, hanyar tana da alaƙa ta asali da ƙididdigar yiwuwar model ɗin. Idan amincewar model ɗin ba ta da daidaito (matsala da aka sani a cikin manyan cibiyoyin jijiyoyi), "mafi kyau" tsari na iya zama mara kyau. Kwatanta, duk da yana da ban sha'awa, zai fi ƙarfi tare da ma'aunin "lokacin-karya" tare da lambar zato.
Fahimta Mai Aiki
Ga Masu Aikin Tsaro: Wasa ya canza. Tsaro na tushen "entropy na kalmar sirri" ko juriya ga tsoffin hare-haren tushen ƙa'ida yanzu sun fi lalacewa. Aikin nan da nan shine tilasta kuma tilasta amfani da dogon, jumlolin sirri na bazuwar ko tilasta masu sarrafa kalmar sirri. MFA ba shawarar ba ce; yana da mahimmanci.
Ga Masu Bincike: Wannan aikin ya buɗe hanyoyi da yawa. Na farko, bincika hanyoyin haɗaɗɗe waɗanda ke haɗa tsarin duniya na SOPG tare da saurin, samfurin gida don sauri. Na biyu, bincika tsaro da aka ƙera musamman don karya alaƙar tsakanin yiwuwar model da ainihin karya (misali, ta amfani da dabarun daga koyon injin abokin gaba don "guba" bayanan horo). Na uku, kamar yadda albarkatu kamar tsarin MITRE ATT&CK suka ba da shawarar, al'ummar tsaron yanar gizo suna buƙatar haɗa "zato mai tsari da aka haɓaka AI" a matsayin sabuwar dabara (Txxxx) don samun damar shaidar, yana haifar da amsa ta tsari.
A ƙarshe, Min Jin et al. sun ba da darasi mai tasiri a cikin bincike mai tasiri. Ba kawai sun gina model ɗin da ya fi kyau ba; sun gano kuma sun wargaza zato na asali, suna ba da haɓaka aikin-mataki. Wannan takarda za a ambaci shi a matsayin lokacin da zato kalmar sirri ya motsa daga ƙalubalen ƙirƙira zuwa ƙalubalen inganta algorithm.
Babban Fahimta
Nasarar takardar ba sabon tsarin ginin jijiyoyi ba ne, amma sake fasalin matsalar asali. Shekaru da yawa, al'ummar zato kalmar sirri, kamar yadda fagen binciken GAN na farko ya mai da hankali sosai kan sabon abu na tsarin gini (kamar yadda aka gani a ci gaba daga GAN na asali zuwa CycleGAN don fassara hoto), sun kasance cikin sha'awar ƙarfin ƙirƙira. SOPG ta gano daidai cewa don harin aiki, dabarar samuwa ita ce hanyar mahimmanci. Fahimtar cewa model ɗin autoregressive ba kawai mai samarwa ba ne amma aikin maki don sararin bincike haɗaɗɗiya yana da ƙarfi kuma mai canzawa. Yana canza mayar da hankali daga "koyo mafi kyau" zuwa "bincike mai hikima," canjin tsari tare da sakamako nan da nan, mai ban mamaki.
Kwararar Hankali
Hankali yana da kyau kuma yana kwatanta mafi kyawun ayyuka a cikin inganta algorithm: 1) Gano Matsalar Cikas: Samfurin bazuwar bai dace ba (maimaitawa, tsari mara kyau). 2) Ayyana Manufa Mafi Kyau: Ya kamata a gwada kalmomin sirri a cikin tsari na raguwa na yiwuwa. 3) Zana Taswira zuwa Matsala da aka sani: Wannan bincike ne mafi kyau-farko akan bishiya inda farashin kumburi shine -log(yiwuwa). 4) Aiwatar & Tabbatar: Aiwatar da algorithm ɗin bincike (SOPG) zuwa ƙaƙƙarfan model ɗin tushe (GPT) kuma a nuna haɓakar ma'auni. Kwararar daga gano matsala ta hanyar maganin algorithm zuwa tabbatarwa na zahiri yana da tsabta kuma mai gamsarwa.
Ƙarfi & Kurakurai
Ƙarfi: Ribar aikin ba ta da ƙari; suna juyin juya hali, tare da haɓaka 80-400% akan matsayi na zamani. Hanyar tana da kyau a ra'ayi kuma ba ta da alaƙa da model—mai yiwuwa za a iya haɗa shi zuwa kowane model ɗin kalmar sirri na autoregressive. Kawar da maimaitawa fa'ida ce kyauta kuma mai mahimmanci.
Kurakurai & Tambayoyi: Takardar tana da sauƙi akan farashin lissafi na binciken kansa. Binciken katako ko A* na iya zama ƙwaƙwalwar ajiya da ƙarin lissafi. Yaya ma'aunin "ƙididdiga kowane kalmar sirri" ya daidaita da sauƙin samfurin bazuwar? Binciken na iya zama mai inganci a cikin ƙididdigar zato amma mai tsada a cikin lokacin bango kowane zato. Bugu da ƙari, hanyar tana da alaƙa ta asali da ƙididdigar yiwuwar model ɗin. Idan amincewar model ɗin ba ta da daidaito (matsala da aka sani a cikin manyan cibiyoyin jijiyoyi), "mafi kyau" tsari na iya zama mara kyau. Kwatanta, duk da yana da ban sha'awa, zai fi ƙarfi tare da ma'aunin "lokacin-karya" tare da lambar zato.
Fahimta Mai Aiki
Ga Masu Aikin Tsaro: Wasa ya canza. Tsaro na tushen "entropy na kalmar sirri" ko juriya ga tsoffin hare-haren tushen ƙa'ida yanzu sun fi lalacewa. Aikin nan da nan shine tilasta kuma tilasta amfani da dogon, jumlolin sirri na bazuwar ko tilasta masu sarrafa kalmar sirri. MFA ba shawarar ba ce; yana da mahimmanci.
Ga Masu Bincike: Wannan aikin ya buɗe hanyoyi da yawa. Na farko, bincika hanyoyin haɗaɗɗe waɗanda ke haɗa tsarin duniya na SOPG tare da saurin, samfurin gida don sauri. Na biyu, bincika tsaro da aka ƙera musamman don karya alaƙar tsakanin yiwuwar model da ainihin karya (misali, ta amfani da dabarun daga koyon injin abokin gaba don "guba" bayanan horo). Na uku, kamar yadda albarkatu kamar tsarin MITRE ATT&CK suka ba da shawarar, al'ummar tsaron yanar gizo suna buƙatar haɗa "zato mai tsari da aka haɓaka AI" a matsayin sabuwar dabara (Txxxx) don samun damar shaidar, yana haifar da amsa ta tsari.
A ƙarshe, Min Jin et al. sun ba da darasi mai tasiri a cikin bincike mai tasiri. Ba kawai sun gina model ɗin da ya fi kyau ba; sun gano kuma sun wargaza zato na asali, suna ba da haɓaka aikin-mataki. Wannan takarda za a ambaci shi a matsayin lokacin da zato kalmar sirri ya motsa daga ƙalubalen ƙirƙira zuwa ƙalubalen inganta algorithm.