Disclosure of Invention
An object of the present invention is to solve the problems of the simple way of generating a password, the difficulty of encryption, and the single form rule, so that the algorithm used for analysis cannot be advanced over time, resulting in inefficient cryptanalysis, and to provide at least the advantages described later.
It is still another object of the present invention to provide an intelligent analysis process, which can use the Gene Expression Programming (GEP) technique to make multiple successful analysis results exist as new analysis rules, and automatically abandon the long-term invalid rules according to the accumulated analysis experiences of the system, so as to optimize the inference rule base, improve the analysis accuracy, and successfully obtain the possible password combinations of the router.
The invention also aims to realize automatic password generation by adopting GEP technology, and has less manual intervention and strong real-time property.
To achieve these objects and other advantages in accordance with the purpose of the invention, there is provided a wireless router cryptanalysis method programmed based on gene expressions, comprising: the method comprises the following steps: providing a password host computer, wherein the password host computer is loaded with a knowledge base, a database, a rule base, a gene expression programming analysis module, a scheduling controller and an inference machine, wherein the knowledge base is prestored with a plurality of rules comprising preconditions and conclusions, each rule corresponds to a wireless router password combination, the rule base is prestored with a calculation model and a calculation method of cryptography, and the gene expression programming analysis module is used for setting custom parameters by a user;
step two: intercepting data packets related to passwords in a user network and a local system through a network sniffer, and storing data in the data packets into a database;
step three: the scheduling controller acquires a characteristic fact related to a wireless router password in the database according to the user type, acquires a corresponding wireless router password calculation method or calculation model in the rule base according to the process information, combines the characteristic fact related to the wireless router password with the wireless router password calculation method or model, intelligently analyzes a wireless router password combination based on a gene expression programming algorithm, stores the wireless router password combination into the database, and meanwhile, the scheduling controller also sends the wireless router password combination to the inference machine;
step four: the inference machine matches the wireless router password combination with the rules in the knowledge base, if the precondition can be matched, the conclusion of the successfully matched rules is obtained, and the conclusion is returned to the dispatching controller, wherein the conclusion is the password combination possibly appearing in the wireless router;
step five: the scheduling controller compares the conclusion with the existing characteristic facts in the database, if the characteristic facts identical to the conclusion do not exist in the database, the conclusion is taken as a new characteristic fact, and the steps from the third step to the fifth step are executed again; if the characteristic fact identical to the conclusion exists in the database, outputting the conclusion as an inference result to a password combination which possibly occurs in the wireless router, stopping calculation, and storing the result as a rule in a knowledge base.
Preferably, in the second step, the data needs to be denoised before being stored in the database, and is uniformly transcoded into binary data.
Preferably, in the third step, the intelligent analysis based on the gene expression programming algorithm specifically includes:
step a: defining initialization parameters according to the self-defined parameter pair, wherein the initialization parameters comprise a population size N, a maximum evaluation time MAXNO, a probability pt, a probability pr, a mutation operation probability and a mutation operation probability;
step b: calculating through the wireless router password calculation method or model to obtain a password combination, generating an initial group Pt (X1, X2, …, XN) according to the obtained password combination, initially setting t (0), wherein each individual represents one password combination, and calculating the fitness of each individual, wherein the fitness of Xi in the initial group Pt is defined as fi, and i is any numerical value between 1 and N;
step c: randomly selecting an individual Xr from Pt, recombining the individual Xr with the Xi in the Pt to generate new individuals X 'r and X' i, and calculating fitness values f 'r and f' i of the individuals, if f 'r is larger than fr, assigning the Xr as X' r, otherwise, not changing the numerical value of the Xr, if f 'i is larger than fi, assigning the Xi as X' i, otherwise, not changing the numerical value of the Xi;
operating A on Xi by using the probability pt to generate a new individual X 'i, calculating the fitness value f' i of the new individual, if f 'i is larger than fi, assigning the Xi to be X' i, otherwise, not changing the numerical value of the Xi;
b, operating the Xr by the probability pr to generate a new individual X 'r, calculating the fitness value f' r of the new individual, if f 'r is larger than fr, assigning the Xr as X' r, otherwise, not changing the numerical value of the Xr;
wherein i takes all values between 1 and N in sequence;
step d: randomly selecting an individual Xr from Pt, carrying out mutation operation on the Xr to generate N new individuals, calculating the fitness of the N individuals, finding out the individual Xr-best with the maximum fitness, if fr-best is greater than fr, assigning the Xr as the Xr-best, otherwise, not changing the numerical value of the Xr;
step e: and judging whether the number of generations of the optimal individual which are not updated is larger than MAXNO, if so, carrying out mutation operation on the individual with the lowest fitness of 10% in the population to produce pt, wherein the value of t is assigned as t +1, repeating the steps c-d, and if not, outputting the obtained password combination and the initial fact characteristic.
Preferably, wherein the scheduling controller is implemented by means of programming.
Preferably, the knowledge base is a set composed of a plurality of rules, each rule is abstracted into a precondition, a conclusion and a reliability, and is respectively assigned with a value, the precondition is assigned with a value P, the conclusion is assigned with a value C, and the reliability is assigned with a value CF, wherein the reliability CF is obtained through a way of combining a password with expert research of criminal psychology and system repeated experiments, the reliability CF is a certain value assigned to the reliability of each rule, an interval [0, 1] is defined, and the reliability CF is more than 0.5 when matching is performed in the fourth step to obtain the conclusion.
Preferably, the method further comprises the following steps: after one operation is finished, a computing method or a rule related to cryptoanalysis in the network is obtained through the network sniffer, the computing method or the rule is analyzed and screened through the gene expression programming analysis module and is respectively stored in the knowledge base and the rule base, and if the matched computing method or rule is not triggered in hundreds of operations, the computing method or the rule is deleted.
Preferably, the genetic expression programming analysis module is used for analyzing and screening the calculation method and the rule, and specifically comprises the following steps:
step S1: defining initialization parameters for analysis according to the custom parameters, wherein the initialization parameters comprise a population size N, a new individual number M and a maximum evaluation time MAXNO;
step S2: the calculation method or rule related to the wireless router code analysis is defined as an initial population, Pt(xvi) { X1, X2, …, XN }, and calculating a fitness formula of each individual in the initial population;
step S3: performing selection, variation, string insertion and recombination of gene expression programming on N individuals in the initial population to generate M new individuals, forming the M new individuals into a sub-population, and calculating the fitness of each individual in the sub-population, wherein the individual with the maximum fitness is the optimal individual;
step S4: forming a temporary population P ' by the N individuals in the initial population and the M individuals in the sub-population, calculating the fitness of each individual in the temporary population P ', and then deleting the first M individuals with the maximum fitness in the temporary population P ', so as to obtain a new generation population O consisting of the N individuals;
step S5: repeating the steps S3 and S4 until the cycle number reaches MAXNO, and obtaining a new generation population P at the endt+1And taking the new generation population obtained at the end as a new calculation method or rule.
The invention at least comprises the following beneficial effects:
(1) the password generation mode is various, so that the data can be encrypted and decrypted;
(2) the router password combination analysis method has a learning function, and multiple successful analysis results can be used as new analysis rules to be stored, so that the purpose of improving the analysis accuracy is achieved, and the possible password combination of the router is successfully obtained;
(3) the analysis speed is high, and the calculation speed of the wireless router cryptanalysis algorithm added with the gene expression programming algorithm is improved by 54% compared with the traditional differential wireless router cryptanalysis algorithm.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Detailed Description
The present invention is further described in detail below with reference to examples to enable those skilled in the art to practice the invention with reference to the description.
One embodiment of the present invention, as shown in FIG. 2, includes the following steps:
the method comprises the following steps: providing a password host computer, wherein the password host computer is loaded with a knowledge base, a database, a rule base, a gene expression programming analysis module, a scheduling controller and an inference machine, wherein the knowledge base is prestored with a plurality of rules comprising preconditions and conclusions, each rule corresponds to a wireless router password combination, the rule base is prestored with a calculation model and a calculation method of cryptography, and the gene expression programming analysis module is used for setting custom parameters by a user;
step two: intercepting data packets related to passwords in a user network and a local system through a network sniffer, denoising, uniformly transcoding into binary data, and storing the binary data into a database;
step three: the scheduling controller acquires a characteristic fact related to a wireless router password in the database according to the user type, acquires a corresponding wireless router password calculation method or calculation model in the rule base according to the process information, combines the characteristic fact related to the wireless router password with the wireless router password calculation method or model, intelligently analyzes a wireless router password combination based on a gene expression programming algorithm, stores the wireless router password combination into the database, and simultaneously sends the wireless router password combination to the inference machine;
step four: the inference machine matches the wireless router password combination with the rules in the knowledge base, if the precondition can be matched, the conclusion of the successfully matched rules is obtained, and the conclusion is returned to the dispatching controller, wherein the conclusion is the password combination possibly appearing in the wireless router;
step five: the scheduling controller compares the conclusion with the existing characteristic facts in the database, if the characteristic facts identical to the conclusion do not exist in the database, the conclusion is taken as a new characteristic fact, and the steps from the third step to the fifth step are executed again; if the characteristic fact identical to the conclusion exists in the database, outputting the conclusion as an inference result to a password combination which possibly occurs in the wireless router, stopping calculation, and storing the result as a rule in a knowledge base.
The wireless router password analysis method based on gene expression programming extracts initialized data vectors by acquiring and intercepting data packets related to passwords in a user network and a local system, calculates by using a wireless router password calculation method or model according to the acquired data packets, analyzes possible password combinations of a wireless router by using a gene expression programming algorithm (GEP algorithm), and finally cracks an actual key of the wireless router. Compared with the traditional differential cryptanalysis algorithm, the cryptanalysis method of the wireless router based on gene expression programming improves the computing speed by 54 percent in cryptanalysis.
Specifically, the method for analyzing the user behavior in the invention comprises the following steps: an intelligent, integrated and coordinated expert system is established to analyze the router password by utilizing the powerful function discovery function of the intelligent analysis technology of the GEP and the IF-THEN rule generation function. The system establishes a multi-library cooperation model, establishes a complex IF-THEN rule and a classification model, analyzes the collected data packets in real time according to the characteristics of the data packets, the past data packets, the use habits of a user using a computer and the like, analyzes the possible password combinations of the wireless router passwords, and has the basic function flow as shown in figure 2.
The system adopts a multi-library cooperation mode to establish a database, a rule library and a knowledge library, wherein the database stores related data and results, the rule library stores some related computing models, methods and programs of cryptography, and the knowledge library stores some knowledge about the expert and regularity in the field of cryptography. The scheduling controller establishes a cooperative strategy among multiple bases and between a knowledge base and an inference engine. Therefore, the input and output forms are fixed for each specific item, the reasoning relationships are the same, and the difference is the specific content in the reasoning process, so each behavior basic information item has its own scheduling control mode. The dispatching controller is a hub for connecting each information base and the functional module and is realized mainly by a programming means.
In the method of the present invention, knowledge matching expression and reasoning process are the most core contents, and the following is detailed:
knowledge matching expression:
the knowledge base is an important component of the system. The knowledge base of the system is a set consisting of a plurality of evaluation rules, each rule is abstracted into a premise (P), a conclusion (C) and a Credibility (CF) assignment, and the programming is realized in the form that:
IF<P>THEN<C>WITH<CF=?>
wherein:
n is the number of preconditions for each rule, { AND, OR }, Pi is an element in the set of rule preconditions { P1, P2, … Pn }, CF? A certain value is assigned to the trustworthiness of each rule.
The introduction of the credibility is to better express the ambiguity and uncertainty of knowledge, the credibility interval of the system is defined as [0, 1], and the credibility is obtained by combining the password with expert research of criminal psychology and repeated experiments of the system.
Regular production of the system adopts GEP technology to carry out automatic production, and has the characteristics of less manual intervention, high automation degree and high precision.
The process of automatic production by the GEP technology specifically comprises the following steps:
step S1: defining initialization parameters for analysis according to the custom parameters, wherein the initialization parameters comprise a population size N, a new individual number M and a maximum evaluation time MAXNO;
step S2: the rule related to the wireless router code analysis is defined as an initial population, Pt(xvi) { X1, X2, …, XN }, and calculating a fitness formula of each individual in the initial population;
step S3: performing selection, variation, string insertion and recombination of gene expression programming on N individuals in the initial population to generate M new individuals, forming the M new individuals into a sub-population, and calculating the fitness of each individual in the sub-population, wherein the individual with the maximum fitness is the optimal individual;
step S4: forming a temporary population P ' by the N individuals in the initial population and the M individuals in the sub-population, calculating the fitness of each individual in the temporary population P ', and then deleting the first M individuals with the maximum fitness in the temporary population P ', so as to obtain a new generation population O consisting of the N individuals;
step S5: repeating the steps S3 and S4 until the cycle number reaches MAXNO, and obtaining a new generation population P at the endt+1The new generation population obtained at the end is used as a new rule.
The knowledge matching expression process is to match the wireless router password combination with the rules in the knowledge base, if the preconditions can be matched, and the reliability CF required for obtaining the conclusion is more than 0.5, the conclusion of the successfully matched rules is obtained, and the conclusion is returned to the dispatching controller, wherein the conclusion is the password combination possibly appearing in the wireless router.
And (3) reasoning process:
the reasoning process of the system can be described as firstly utilizing the GEP technology to classify the password mode, establishing a related classification model (which can be stored off-line and called later), and THEN utilizing the IF-THEN rule generated by the GEP and the password type to carry out reasoning, thereby improving the application instantaneity of the GEP technology and achieving the purpose of real-time analysis.
The reasoning process adopts a data-driven and forward uncertainty reasoning strategy, and the essence of reasoning is to link knowledge rules to form one or more reasoning chains. The system analyzes and extracts results according to the data packets, and after data denoising processing, corresponding information characteristics are stored in a database form and used as input facts for an inference engine. The main process is as follows:
1. and the scheduling controller acquires the characteristic fact corresponding to the password in the database according to the acquired data packet, and acquires a corresponding calculation method from the rule base.
2. The dispatching controller processes the password-related characteristic fact and the calculation method through GEP intelligent analysis and calculation method to obtain new fact characteristics, and then stores the new characteristic fact into a database on one hand and sends the new characteristic fact to an inference machine on the other hand.
3. The inference machine reads the relevant characteristic facts of the password, matches the characteristic facts with the preconditions of the rules in the knowledge base, returns the conclusion of the successfully matched rules to the scheduling controller, and then stores the conclusion in the database.
4. And (4) taking the intermediate conclusion generated in the last step and stored in the database as the password-related new characteristic fact, and repeating the steps.
5. When no new feature facts are generated, the scheduling controller reaches a stable state, at which point the inference process ends and outputs a possible combination of passwords for the wireless router.
And the scheduling controller acquires the characteristic fact corresponding to the password in the database according to the acquired data packet, and acquires the corresponding calculation method in the rule base.
The scheduling controller obtains new fact characteristics after the password related characteristic fact and the calculation method are processed by the GEP intelligent analysis and calculation method:
the intelligent analysis and calculation processing is programmed as follows:
setting parameters: an initial population P0 is generated { X1, X2, …, XN }, and fitness fi of each individual is calculated
t=0
while (T < maximum algebra T) ready pocket
for(i=0;i<N;i++){
Randomly selecting an individual Xr from Pt to recombine with Xi to generate new individual X' r and
x ' i, calculating the fitness values f ' r and f ' i
if(f′r>fr)Xr=X′r,if(f′i>fi)Xi=X′i
Performing IS transformation operation on Xi by using probability pt to generate a new individual X 'i, and calculating the fitness value f' i, if (f 'i > fi) Xi ═ X' i
The probability pr is used for carrying out inversion operation on the Xi to generate a new individual X 'i, and the fitness value of the new individual X' i is calculated
f′i,if(f′i>fi)Xi=X′i
}
Randomly selecting an individual Xr from Pt, and carrying out mutation operation on the Xr to generate N new ones
Calculating the fitness of the N individuals, finding out the individual Xr-best with the maximum fitness,
if(fr-best>fr)Xr=Xr-best
and judging whether the number of the unedited generations of the optimal individuals is larger than MAXNO. If the ratio is larger than the above range, the mutation operation t + +is carried out on the poorer part of individuals (accounting for 10 percent of the population)
}
The intelligent analysis and calculation processing is an algorithm based on Gene Expression Programming (GEP), and the method comprises the following specific steps:
step a: defining initialization parameters for analysis according to user-defined parameters, wherein the initialization parameters comprise a population size N, a maximum evaluation time MAXNO, a probability pt, a probability pr, a mutation operation probability and a mutation operation probability;
step b: generating an initial population Pt ═ { X1, X2, …, XN }, initially setting t ═ 0, and calculating the fitness of each individual, wherein the fitness of Xi in the initial population Pt is defined as fi, and i is any value between 1 and N;
step c: randomly selecting an individual Xr from Pt, recombining the individual Xr with the Xi in the Pt to generate new individuals X 'r and X' i, and calculating fitness values f 'r and f' i of the individuals, if f 'r is larger than fr, assigning the Xr as X' r, otherwise, not changing the numerical value of the Xr, if f 'i is larger than fi, assigning the Xi as X' i, otherwise, not changing the numerical value of the Xi;
carrying out IS transformation operation on Xi by using probability pt to generate a new individual X 'i, calculating a fitness value f' i of the new individual, if f 'i IS larger than fi, assigning the Xi to be X' i, otherwise, not changing the numerical value of the Xi;
inverting the Xr by the probability pr to generate a new individual X 'r, calculating the fitness value f' r of the new individual, if f 'r is larger than fr, assigning the Xr as X' r, otherwise, not changing the numerical value of the Xr;
wherein i takes all values between 1 and N in sequence;
step d: randomly selecting an individual Xr from Pt, carrying out mutation operation on the Xr to generate N new individuals, calculating the fitness of the N individuals, finding out the individual Xr-best with the maximum fitness, if fr-best is greater than fr, assigning the Xr as the Xr-best, otherwise, not changing the numerical value of the Xr;
step e: and (4) judging whether the number of generations of the optimal individual which are not updated is larger than MAXNO, if so, carrying out mutation operation on the individual with the lowest fitness of 10% in the population to produce pt, wherein the value of t is assigned to t +1, and repeating the steps c-d.
Preferably, after one operation is finished, a computing method or rule related to cryptoanalysis in the network is obtained through the network sniffer, the computing method or rule is analyzed and screened through the gene expression programming analysis module and is respectively stored in the knowledge base and the rule base, and if the computing method or rule matched with the computing method or rule is not triggered in hundreds of operations, the computing method or rule is deleted.
In the technical scheme, the intercepted data can be matched with different rules, and the optimization result is continuously and circularly calculated, compared with the traditional difference algorithm, the operation rule is more flexible, because the GEP intelligent analysis module has a learning function, the analysis result which is successful for many times can be used as a new analysis rule, and even a long-term invalid rule can be automatically abandoned according to the analysis experience accumulated by the system, so that the purposes of optimizing a reasoning rule base and improving the analysis accuracy are achieved.
In the technical scheme, through the synergistic effect among the modules, the intercepted data are matched with different rules, and the optimization result is continuously and circularly calculated.
One specific example is provided below:
the test network comprises 1 password host and a wireless router; the cipher host is loaded with a knowledge base, a database, a rule base, a scheduling controller, an expression programming analysis module and an inference machine, wherein the knowledge base generates a series of IF-THEN rules by using GEP technology.
1. Setting custom parameters, wherein the population size N is 50, the maximum evaluation times MAXNO is 150, the probability pt is 50%, the probability pr is 75%, the mutation operation probability is 25% and the mutation operation probability is 45%;
2. the method comprises the following steps that a password host acquires a data packet in a test network, and inputs the data packet which occurs in the test network and is subjected to denoising into a scheduling controller;
3. the scheduling controller acquires a characteristic fact corresponding to the wireless router password in the database according to the user type;
4. the scheduling controller acquires a corresponding wireless router password calculation method in the rule base according to the process information;
5. the scheduling controller combines the characteristic fact with the calculation method, and combines the passwords which may appear in the wireless router through GEP intelligent analysis;
6. the scheduling controller stores the password combination in a database;
7. the dispatching controller sends the password combination to the inference machine;
8. the inference machine matches the obtained password combination with the precondition in the knowledge base and returns the conclusion of the successfully matched rule to the scheduling controller;
9. and the scheduling controller compares the obtained conclusion with the characteristic facts existing in the database, and outputs the conclusion as an inference result to the possible password combination of the wireless router if the conclusion is recorded in the same way.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
While embodiments of the invention have been described above, it is not limited to the applications set forth in the description and the embodiments, which are fully applicable to various fields of endeavor for which the invention may be embodied with additional modifications as would be readily apparent to those skilled in the art, and the invention is therefore not limited to the details given herein and to the examples shown and described without departing from the generic concept as defined by the claims and their equivalents.