摘要: 目前对网络口令安全性的研究通常集中在通信协议和加密算法的安全性分析上,较少涉及用户设置口令行为本身。为此,提出一种新的口令分析方法。通过设置口令属性,对原始口令依次进行属性拆分、属性归类,采用Apriori算法对归类后的口令属性进行数据挖掘,获得用户设置口令的内在特征。实验结果表明,该方法能够有效地从CSDN泄露的口令中分析出真实用户设置口令的习惯。用户设置的口令中存在大量弱口令,纯数字口令占总量的45.03%,姓氏拼音与数字的组合构成口令的另一大部分,占13.79%。能够在24 min之内分析处理642万条口令,可有效应对海量口令数据。
关键词:
口令安全,
口令分析,
真实口令,
口令属性,
数据挖掘,
Apriori关联算法
Abstract: Researches about network passwords security mainly focus on the analysis of the communication protocols and the encryption algorithm. There are few researches analyzing the behaviour of how users set their passwords. This paper proposes a new password analysis method by analyzing the attributions of passwords, having attributes resolution on original password, classifying attributions and applying Apriori algorithm on the result set of attributions classification by data mining and so on. It obtains the inherent characteristics of the password setting. Experimental results show that this method can effectively analyze the habits of real password setting from the passwords leaked by CSDN. A large number of weak passwords exist. Pure digital passwords account for 45.03% of the total. Passwords composed of family-name pinyin and digital account for a great majority of total passwords, this is 13.79%. It also demonstrates that the method is able to analyze 6.42 million passwords within 24 minutes, which shows that this method can effectively deal with the massive password data.
Key words:
password security,
password analysis,
real password,
password attributes,
data mining,
Apriori association algorithm
中图分类号: