1. Gabatarwa

Kalmomin sirri sun kasance mafi yawan hanyar tabbatar da mai amfani saboda sauƙinsu da sassaucinsu. Duk da haka, tsaronsu koyaushe yana fuskantar ƙalubale daga yunƙurin karya kalmar sirri. Zato kalmar sirri, tsarin samar da zaɓaɓɓun kalmomin sirri don hare-haren ƙamus, shine ginshiƙi na duka gwajin tsaro na kai hari da kuma kimanta ƙarfin kalmar sirri na tsaro. Hanyoyin gargajiya, daga dabaru na tushen ƙa'ida zuwa tsarin ƙididdiga kamar sarƙoƙin Markov da PCFG, suna da iyakoki na asali a cikin bambance-bambance da inganci. Zuwan ilmantarwa mai zurfi, musamman cibiyoyin jijiyoyi na autoregressive, sun yi alƙawarin canza tsari. Duk da haka, wani muhimmin kuskure shine hanyar samarwa kanta. Daidaitaccen samfurin bazuwar daga waɗannan tsare-tsaren yana haifar da maimaitawa da fitarwa mara tsari, yana rage ingantaccen aikin harin kalmar sirri sosai. Wannan takarda ta gabatar da SOPG (Bincike-Bisa Tsarin Samar da Kalmar Sirri Mai Tsari), wata sabuwar hanyar da ke tilasta wa tsarin autoregressive ya samar da kalmomin sirri a cikin kusan cikakken tsari na raguwar yuwuwar, yana magance wannan gurbataccen gurbi na asali.

2. Bayanan Baya & Ayyukan Da Suka Danganta

2.1 Juyin Halittar Zato Kalmar Sirri

Fannin ya samo asali ta hanyar matakai daban-daban: Ƙididdiga na tushen ƙa'ida (misali, dokokin John the Ripper), waɗanda suka dogara da ƙwarewar hannu; Tsare-tsaren ƙididdiga kamar tsarin Markov (OMEN) da Nahawun Mahallin Mahallin Yuwuwar (PCFG), waɗanda ke koyon alamu daga bayanan da aka fallasa amma sau da yawa suna wuce gona da iri; da kuma zamani na Tsare-tsaren Koyon Zurfi.

2.2 Hanyoyin Da Suka Danganta da Cibiyar Jijiyoyi

Tsare-tsare kamar PassGAN (tushen Cibiyoyin Jijiyoyi na Gabaɗaya), VAEPass (Masu Karkatar da Karkatattu), da PassGPT (tushen tsarin GPT) suna amfani da cibiyoyin jijiyoyi masu zurfi don koyon rarraba kalmar sirri mai rikitarwa. Duk da yake suna kama da ƙananan bayyani fiye da tsarin ƙididdiga, samarwar su na asali ta hanyar samfurin bazuwar bai dace ba don yanayin harin inda gwada kalmomin sirri a cikin tsari na yuwuwar yake da mahimmanci.

3. Hanyar SOPG

3.1 Babban Manufa

SOPG ba sabon tsarin cibiyar jijiyoyi ba ne, amma algorithm na samarwa da aka yi amfani da shi a saman wani tsarin autoregressive da ya wanzu (misali, GPT). Manufarsa ita ce ta bi sararin samarwar tsarin da hankali, yana samar da mafi yuwuwar kalmomin sirri da farko, ba tare da maimaitawa ba.

3.2 Algorithm na Bincike & Samuwa Mai Tsari

Maimakon samun samfurin alamomi ba da gangan ba a kowane mataki, SOPG yana amfani da dabarun bincike (a zahiri yayi kama da binciken katako amma an inganta shi don cikakken samar da kalmar sirri). Yana kiyaye jerin ginshiƙi na gabaɗayan kalmar sirri, koyaushe yana faɗaɗa ginshiƙin tare da mafi girman yuwuwar tarawa. Wannan yana tabbatar da cewa an samar da cikakkun kalmomin sirri a cikin kusan tsari na raguwa.

3.3 Cikakkun Bayanai na Fasaha & Tsarin Lissafi

Idan aka ba da tsarin autoregressive wanda ke ayyana rarraba yuwuwar akan kalmomin sirri $P(\mathbf{x})$, inda $\mathbf{x} = (x_1, x_2, ..., x_T)$ jerin alamomi (haruffa) ne, tsarin yana rarraba yuwuwar kamar haka: $$P(\mathbf{x}) = \prod_{t=1}^{T} P(x_t | x_1, ..., x_{t-1})$$ Samfurin bazuwar yana samar da $x_t$ daga $P(x_t | x_1, ..., x_{t-1})$ a kowane mataki $t$. SOPG, a maimakon haka, don wani ginshiƙi da aka bayar $\mathbf{x}_{binciken mafi kyau-da farko akan bishiyar yuwuwar jerin alamomi.

4. Tsarin SOPGesGPT

Marubutan sun aiwatar da ainihin tsarin zato kalmar sirri mai suna SOPGesGPT. Yana amfani da tsarin transformer irin na GPT a matsayin ainihin tsarin autoregressive, wanda aka horar da shi akan manyan tarin ainihin kalmomin sirri da aka fallasa. Babban abin da ya bambanta shi ne cewa ana yin samar da kalmar sirri ta amfani da algorithm ɗin SOPG maimakon daidaitaccen samfurin, yana mai da shi tsari na farko da ya haɗa samarwa mai tsari a asali.

5. Sakamakon Gwaji & Bincike

Adadin Rufe

35.06%

SOPGesGPT akan saitin gwaji

Inganci akan PassGPT

81%

Mafi girman rufewa

Inganci akan OMEN

254%

Mafi girman rufewa

5.1 Kwatantawa da Samfurin Bazuwar

Takardar ta fara nuna fifikon SOPG akan samfurin bazuwar akan ainihin tsarin ɗaya. Mahimman Binciken:

  • Sifili Maimaitawa: SOPG yana samar da jerin abubuwa na musamman, mai tsari.
  • Mafi Girman Ingantacciyar Aiki: Don cimma irin wannan adadin rufewa (misali, 10%), SOPG yana buƙatar ƙananan ƙididdiga na tsari da kalmomin sirri da aka samar. Samfurin bazuwar yana ɓata lissafi akan maimaitawa da kalmomin sirri masu ƙarancin yuwuwa.
Wannan kai tsaye yana fassara zuwa saurin karya kalmar sirri a cikin yanayin duniya na gaske.

5.2 Ma'auni da Mafi Kyawun Fasaha na Zamani

An kwatanta SOPGesGPT a cikin "gwajin rukunin yanar gizo ɗaya" (horarwa da gwaji akan bayanai daga wannan keta) da manyan tsare-tsare: OMEN, FLA, PassGAN, VAEPass, da kuma PassGPT na zamani.

5.3 Fassarar Sakamako & Jaridu

Sakamakon yana da ban mamaki. Dangane da adadin rufewa (kashi na kalmomin sirri na saitin gwaji da aka karya a cikin takamaiman iyakar zato), SOPGesGPT ya kai 35.06%. Wannan yana wakiltar babban ci gaba akan waɗanda suka gabace shi:

  • 254% mafi girma fiye da OMEN (Markov na ƙididdiga).
  • 298% mafi girma fiye da FLA.
  • 421% mafi girma fiye da PassGAN (tushen GAN).
  • 380% mafi girma fiye da VAEPass (tushen VAE).
  • 81% mafi girma fiye da PassGPT (GPT tare da samfurin bazuwar).
Bayanin Jarida: Jaridar sandar za ta nuna "Adadin Rufewa (%)" akan Y-axis da sunayen tsare-tsare akan X-axis. Sandar SOPGesGPT za ta yi girma akan duk sauran. Wani jadawalin layi na biyu, "Adadin Kalmomin Sirri da Aka Karya vs. Adadin Zato," zai nuna layin SOPGesGPT yana tashi da sauri da farko, yana nuna ingantaccen aikinsa wajen karya kalmomin sirri da yawa tare da ƴan yunƙuri, yayin da layukan sauran tsare-tsaren zasu tashi a hankali.

6. Tsarin Bincike & Misalin Lamari

Tsari: Kimanta tsarin zato kalmar sirri yana buƙatar bincike mai fuskoki da yawa: 1) Ingantaccen Tsarin Gine-gine (zaɓin tsari), 2) Ingantaccen Aikin Samarwa (zato a kowane daƙiƙa, maimaitawa), 3) Ingantaccen Aikin Hari (adadin rufewa vs. lanƙwasa na adadin zato), da kuma 4) Gabaɗaya (aiki akan alamu na bayanai da ba a gani ba). Yawancin bincike suna mai da hankali kan (1) da (3). SOPG yana ƙirƙira yanke shawara akan (2), wanda kai tsaye yana inganta (3).

Misalin Lamari - Kimanta Ƙarfin Kalmar Sirri: Wani kamfani na tsaro yana son duba sabon tsarin kalmar sirri. Ta amfani da daidaitaccen tsarin PassGPT tare da samfurin bazuwar, samar da zato miliyan 10 na iya ɗaukar sa'o'i X kuma ya karya Y% na ƙamus na gwaji. Ta amfani da SOPGesGPT (irin tsarin gine-gine, samarwar SOPG), don karya irin wannan Y%, yana iya buƙatar samar da zato miliyan 2 kawai, yana kammala binciken a cikin ɗan lokaci. Bugu da ƙari, jerin abubuwa mai tsari yana ba da taswirar zafi bayyananne: kalmomin sirri na SOPG 100,000 na farko suna wakiltar "mafi yuwuwar" saitin bisa ga tsarin, yana ba da cikakkiyar fahimta game da raunin tsarin ga hare-haren da ke da yuwuwa mai girma.

7. Aikace-aikacen Gaba & Hanyoyin Bincike

Aikace-aikace:

  • Binciken Kalmar Sirri Mai Ƙarfafawa: An haɗa shi cikin kayan aikin kamfani don gwajin tsarin da sauri, mafi inganci.
  • Ayyukan Maido da Kalmar Sirri: Ingiza ingantaccen nasara da sauri don ayyukan dawo da ɗabi'a.
  • Ingantaccen Tsarin Barazana: Ba da ƙungiyoyin ja da ingantattun na'urori na kwaikwayon hari.
  • Ma'aunin Ƙarfin Kalmar Sirri: Injunan baya na iya amfani da samuwa mai tsari kamar SOPG don kimanta ainihin yuwuwar zato na kalmar sirri daidai fiye da sauƙaƙan binciken ƙa'ida.
Hanyoyin Bincike:
  • Tsare-tsaren Haɗin kai: Haɗa samuwa mai tsari na SOPG tare da sauran ci gaban gine-gine (misali, tsarin watsawa).
  • SOPG Mai Daidaitawa/Kan layi: Daidaita bincike bisa ga martani daga sakamakon harin ɓangare.
  • Tsaro akan SOPG: Bincike cikin tsarin ƙirƙirar kalmar sirri wanda ke rage aikin samuwa mai tsari na hare-hare musamman.
  • Bayan Kalmomin Sirri: Yin amfani da tsarin samuwa mai tsari ga sauran ayyukan samar da jerin abubuwa inda tsarin yuwuwar yake da mahimmanci (misali, wasu ayyukan samar da lamba ko gano magani).

8. Nassoshi

  1. M. Jin, J. Ye, R. Shen, H. Lu, "Bincike-Bisa Tsarin Samar da Kalmar Sirri Mai Tsari na Cibiyoyin Jijiyoyi na Autoregressive," Rubutun Hannu.
  2. A. Narayanan da V. Shmatikov, "Hare-haren Ƙamus Mai Sauri akan Kalmomin Sirri Ta Amfani da Musayar Sarari-Lokaci," a cikin Proceedings of CCS 2005.
  3. J. Ma, W. Yang, M. Luo, da N. Li, "Nazarin Tsarin Kalmomin Sirri na Yuwuwar," a cikin Proceedings of IEEE S&P 2014.
  4. B. Hitaj, P. Gasti, G. Ateniese, da F. Perez-Cruz, "PassGAN: Hanyar Koyon Zurfi don Zato Kalmar Sirri," a cikin Proceedings of ACNS 2019.
  5. D. Pasquini, G. Ateniese, da M. Bernaschi, "Saki Tiger: Hare-haren Zato akan Rarraba Koyo," a cikin Proceedings of CCS 2021 (ya gabatar da PassGPT).
  6. J. Goodfellow da sauransu, "Cibiyoyin Jijiyoyi na Gabaɗaya," arXiv:1406.2661, 2014. (Takardar GAN ta asali, tushen PassGAN).
  7. OpenAI, "Rahoton Fasaha na GPT-4," arXiv:2303.08774, 2023. (Mahallin tsarin transformer na autoregressive).
  8. Gidauniyar OWASP, "Takardar Zamba na Tabbatarwa," https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html.

9. Binciken Kwararru & Fahimtar Jigo

Fahimtar Jigo

Hazakar takardar tana cikin harin ta na tiyata akan wani muhimmin toshe amma wanda aka yi watsi da shi. Shekaru da yawa, al'ummar zato kalmar sirri, masu sha'awar tsalle-tsalle na gine-gine daga GANs zuwa Transformers, sun ɗauki matakin samarwa a matsayin matsalar da aka warware—kawai samfurin daga rarraba. Jin da sauransu sun gano wannan daidai a matsayin rashin inganci mai haɗari ga amfani da harin. SOPG yana sake fasalin matsalar: ba game da koyon rarraba mafi kyau ba ne, amma game da bi ta mafi kyau. Wannan yayi kama da samun cikakkiyar taswira na wuraren taska (cibiyar jijiyoyi) amma a baya ana amfani da tafiya ba da gangan ba don nemo su, sabanin SOPG wanda ke ba da jerin abubuwa da aka ba da fifiko. Babban ci gaban 81% akan PassGPT, wanda ke amfani da irin wannan tsarin GPT, ya tabbatar da batu: algorithm ɗin samarwa na iya zama mafi mahimmanci fiye da tsarin kansa don aikin ƙarshe.

Kwararar Hankali

Hujja tana da gamsarwa kuma ta layi daya: 1) Hare-haren kalmar sirri suna buƙatar gwada zato a cikin tsari na yuwuwar don inganci. 2) Tsare-tsaren autoregressive suna koyon wannan rarraba yuwuwar. 3) Samfurin bazuwar daga waɗannan tsare-tsaren ya kasa samar da jerin abubuwa mai tsari kuma yana cike da ɓarna. 4) Don haka, muna buƙatar algorithm na bincike wanda ke amfani da tsarin tsarin don samar da jerin abubuwa mai tsari. 5) SOPG shine wannan algorithm, wanda aka aiwatar ta hanyar binciken mafi kyau-da farko akan bishiyar alama. 6) Sakamakon ya tabbatar da hasashe tare da cikakkiyar shaida na ƙididdiga. Kwararar tana kama da tsarin matsalar-magani-tabbatarwa na gargajiya, an aiwatar da shi da daidaito.

Ƙarfi & Aibobi

Ƙarfi: Manufar tana da sauƙi kuma yana da tasiri mai ƙarfi. Ƙirar gwaji tana da ƙarfi, tana kwatanta da duk mahimman tushe. Ribar inganci ba ta gefe ba ce; suna canza wasa don yanayin karya na zahiri. Aikin ya buɗe sabon ƙaramin fanni: inganta samarwa don tsare-tsaren tsaro.
Aibobi & Tambayoyi: Takardar ta nuna amma ba ta bincika zurfin ƙididdiga na binciken SOPG kansa ba akan sauƙaƙan samfurin. Duk da yake yana rage jimillar ƙididdiga da ake buƙata don takamaiman rufewa, kowane mataki na ƙididdiga a cikin binciken yana da rikitarwa (kiyaye tulin). Ana buƙatar binciken rikitarwa. Bugu da ƙari, "gwajin rukunin yanar gizo ɗaya" ma'auni ne amma yana da iyaka. Ta yaya SOPG ke gabaɗaya a cikin saitin "ƙetare rukunin yanar gizo" (horarwa akan fallasa LinkedIn, gwaji akan RockYou), inda rarraba ke canzawa? Samuwa mai tsari na iya zama ƙasa da tasiri idan matsayin yuwuwar tsarin yana da ƙarancin aiki akan bayanai marasa rarraba. A ƙarshe, kamar yadda marubutan suka lura a cikin aikin gaba, wannan ingantaccen aikin yana buƙatar martani na tsaro—SOPG kansa zai haifar da bincike cikin tsarin hashing na kalmar sirri na gaba da dabarun ƙarfafawa.

Fahimta Mai Aiki

Ga Masu Aikin Tsaro: Nan da nan sake kimanta kayan aikin gwajin tsarin kalmar sirri. Duk wani kayan aiki da ke amfani da cibiyoyin jijiyoyi ba tare da samuwa mai tsari ba yana yiwuwa yana aiki ƙasa da yuwuwar ingancinsa. Bukatar fasali irin na SOPG a cikin masu binciken kalmar sirri na kasuwanci da buɗe tushe.
Ga Masu Bincike: Wannan kira ne na tsaye don daina ɗaukar samarwa a matsayin abin da za a yi tunani bayan haka. Ya kamata a yi amfani da tsarin SOPG kuma a gwada shi akan sauran tsare-tsaren tsaro na autoregressive (misali, don samar da malware, samar da rubutu na yaudara). Bincika musayar tsakanin zurfin bincike (faɗin katako) da aiki.
Ga Masu Tsaro & Masu Tsara Manufofi: Yanayin hari kawai ya canza. Lokacin-karya na yawancin hashes na kalmar sirri, musamman masu rauni, kawai ya ragu yadda ya kamata. Wannan yana haɓaka gaggawar amincewa da MFA mai jure wa yaudara (kamar yadda NIST da CISA suka ba da shawarar) da kuma ƙin amfani da kalmomin sirri a matsayin kawai abin tabbatarwa. SOPG ba kawai mafi kyawun mai karya ba ne; yana da ƙarfi hujja don zamani bayan kalmar sirri.