Recent advances in generative machine learning models rekindled research interest in the area of password guessing. Data-driven password guessing approaches based on GANs, language models, and deep latent variable models have shown impressive generalization performance and offer compelling properties for the task of password guessing.This paper proposes PassFlow, a flow-based generative model approach to password guessing. Flow-based models allow for precise log-likelihood computation and optimization, which enables exact latent variable inference. Additionally, flow-based models provide meaningful latent space representation, which enables operations such as exploration of specific subspaces of the latent space and interpolation. We demonstrate the applicability of generative flows to the context of password guessing, departing from previous applications of flow-networks which are mainly limited to the continuous space of image generation. We show that PassFlow is able to outperform prior state-of-the-art GAN-based approaches in the password guessing task while using a training set that is orders of magnitudes smaller than that of prior art. Furthermore, a qualitative analysis of the generated samples shows that PassFlow can accurately model the distribution of the original passwords, with even non-matched samples closely resembling human-like passwords.
PassFlow: Guessing Passwords with Generative Flows / Pagnotta, G.; Hitaj, D.; De Gaspari, F.; Mancini, L. V.. - (2022), pp. 251-262. (Intervento presentato al convegno IEEE/IFIP International Conference on Dependable Systems and Networks tenutosi a Baltimore, USA) [10.1109/DSN53405.2022.00035].
PassFlow: Guessing Passwords with Generative Flows
Pagnotta G.Membro del Collaboration Group
;Hitaj D.Membro del Collaboration Group
;De Gaspari F.Membro del Collaboration Group
;Mancini L. V.Membro del Collaboration Group
2022
Abstract
Recent advances in generative machine learning models rekindled research interest in the area of password guessing. Data-driven password guessing approaches based on GANs, language models, and deep latent variable models have shown impressive generalization performance and offer compelling properties for the task of password guessing.This paper proposes PassFlow, a flow-based generative model approach to password guessing. Flow-based models allow for precise log-likelihood computation and optimization, which enables exact latent variable inference. Additionally, flow-based models provide meaningful latent space representation, which enables operations such as exploration of specific subspaces of the latent space and interpolation. We demonstrate the applicability of generative flows to the context of password guessing, departing from previous applications of flow-networks which are mainly limited to the continuous space of image generation. We show that PassFlow is able to outperform prior state-of-the-art GAN-based approaches in the password guessing task while using a training set that is orders of magnitudes smaller than that of prior art. Furthermore, a qualitative analysis of the generated samples shows that PassFlow can accurately model the distribution of the original passwords, with even non-matched samples closely resembling human-like passwords.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
