CN113411339B - Password file leakage detection method based on zero factor graph sequence - Google Patents
Password file leakage detection method based on zero factor graph sequence Download PDFInfo
- Publication number
- CN113411339B CN113411339B CN202110689419.2A CN202110689419A CN113411339B CN 113411339 B CN113411339 B CN 113411339B CN 202110689419 A CN202110689419 A CN 202110689419A CN 113411339 B CN113411339 B CN 113411339B
- Authority
- CN
- China
- Prior art keywords
- user
- password
- zero
- factor graph
- honeywords
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a password file leakage detection method based on a zero-factor graph sequence, which comprises a honeywords generation process and a DoS attack detection mechanism. According to the method for generating the honeywords, different numbers of zero-factor graph sequences are selected according to the length of the ASCII code corresponding to the user password. That is, each user has a different number of honeywords. According to the DoS attack detection method, according to a generation mechanism of the honeywords, a DoS attack detection strategy for using the honeywords is designed, an alarm threshold value for triggering registration of the honeywords is set, and the false alarm rate of detection of the honeywords is reduced. The detection method for leakage of the password file based on the zero-factor graph sequence optimizes the existing honeyword leakage detection system, designs the honey generation method based on the zero-factor graph sequence and the password file leakage detection method for resisting DoS attack, improves the security of the password file stored in the system, and can effectively enhance the DoS attack resistance of the system.
Description
Technical Field
The invention relates to the technical field of computer information security, in particular to a password file leakage detection method based on a zero-factor graph sequence.
Background
With the increase of network bandwidth and the decrease of expenses, people can realize remote office, shopping, entertainment, navigation and payment through the network. However, with the richness of application scenarios, the network security problem becomes more and more prominent. Among them, password leakage of identity authentication is the most concerned security problem. If the password is leaked, anyone can legally log in through the leaked password.
Since 2016, many known websites such as Yahoo, Facebook, Google, Bilibili, etc., have exposed the name and password of the registered user to leakage. After a period of time, the password manager may detect the vulnerability, which presents a significant security risk to the user and the service provider. Anyone can access the data over the internet due to unreasonable password protection mechanisms. For a plaintext password, once a password file is leaked, most of the plaintext passwords can be quickly analyzed by using the existing password cracking technology.
To solve this problem, one idea is to design an authentication method that replaces the text password. Windows and other typical image recognition authentication mechanisms, but shoulder surfing attack is the biggest defect faced by such authentication methods. Another idea is to design a password leak detection method, but many passwords are leaked for a period of time before being discovered. If the password can be found to be leaked in time and replaced or reset, the risk of attack can be effectively reduced, and the idea is relatively low in cost. At present, many scholars propose a password leak detection method, and a honeywords scheme is relatively promising.
In 2013, Juels and Rivest propose a password leakage detection technology based on the honeylanguage. The user's true password is mixed with k-1honeywords as the user's "password". If the generation method of the honeywords is flat enough, an adversary can hardly guess the true password of the user when the hash file of the user password is inverted. Meanwhile, the system can detect the honeywords by using the honeywords to log in the server by an attacker. Moreover, the honeywords scheme only requires relatively low deployment cost, which is very helpful for upgrading the existing authentication system. At present, many honeyword generation schemes have been proposed. The scheme is proposed based on two strategies: firstly, designing a honeypot account for improving the security of user registration information; another approach is to design honeywords (fake passwords) to generate k-1 fake passwords for each account, increasing the difficulty of an adversary in breaking a user's password. When an adversary logs in a server side by using the honeywords, the honeykey can detect the password leakage in time. And prompting the server to take proper safety measures. Erguer proposes to use the other user's password to construct the meld to improve the flatness/flatness of the meld. The key problem of the honeylanguage scheme is how to generate effective honeylanguages, namely, the honeylanguages are difficult to distinguish from the real passwords of users, and in addition, the generation space of the honeylanguages is large enough to resist brute force cracking.
Wans et al tested 4 honeylanguage generation schemes proposed by Juels and Rivest using a real cryptographic database, and the results showed that neither of these schemes provides sufficient security. Chakraborty et al proposed a honey generation scheme PDP (Pair Distance protocol), but this scheme is difficult to resist cross-attack based on multiple systems. Guo Yixu 261073 and the like put forward a matching attack model, and find that some Mandarin schemes meet the requirement of perfect flatness, but an attacker still can obtain higher attack success rate.
Publication number CN 109711173 a discloses a password file leakage detection method, which includes a self-adaptive honeywords generation process and a DoS attack detection process; the self-adaptive honeywords generation method can automatically adjust according to the real password distribution conditions of different websites, so that the generated honeywords are close to the real distribution of real passwords continuously. The DoS attack detection method can be used for detecting DoS attacks aiming at the honeywords, so that the false alarm rate of the honeywords detection is greatly reduced. However, the technical solution has the following problems in the detection process of password leakage: 1) in the process of generating the honeywords, the generation space of the honeywords is based on the passwords of the existing users as the honeywords, the existing user passwords are based on natural languages, such as behavior habits of the users, user preferences, privacy of the users and the like, and theoretical bases are provided for statistical analysis. The inherent defect of generating the honey language by using the natural language is difficult to solve by a honey language generation strategy, and meanwhile, the honey language is generated based on the existing user password, the generation space of the honey language is limited, and the possibility is brought to violent crack of an enemy. 2) In the DoS attack resisting process, aiming at an adversary, the adversary logs in with the honeywords to trigger the honeywords alarm, the detection of the honeywords is heuristic, and the threshold value for triggering the alarm by the system has the possibility of misjudgment.
Disclosure of Invention
Aiming at the technical problems, the invention provides a password file leakage detection method based on a zero-factor graph sequence, which optimizes the existing honeyword leakage detection system, designs a honeyword generation method based on the zero-factor graph sequence and a password file leakage detection method for resisting DoS attack, and improves the security of system storage password files.
In order to achieve the above purpose, the invention provides the following technical scheme:
in the method for detecting the leakage of the password file based on the zero-factor graph sequence, an auxiliary service end provides the zero-factor graph sequence in the user registration process, the service end converts the user password into an ASCII code, the ASCII code and the zero-factor graph sequence are operated to obtain sweet sequences, only one of the sequence sets is the real password of the user, and the rest are honeywords; in the user login process, a user inputs a real password, the server side passes authentication, and the server side identifies honeywords to detect password file leakage; according to the DoS attack detection method, the situation that honeywords are used for logging in the DoS attack process is eliminated, and the DoS attack resistance is achieved; wherein, the service end is added with a honeyhecker end, and the generation process of honeywords is as follows: the method comprises the steps that a honey rechecker end generates a plurality of zero factor graphs according to a zero factor graph algorithm, generates a zero factor graph matrix corresponding to a zero factor graph, converts the zero factor graph matrix into a zero factor graph sequence according to a generation rule of the zero factor graph sequence, sends the zero factor graph sequence to a server end, converts a password input by a user into a corresponding ASCII code by the server end, selects the zero factor graph sequence and the ASCII code to carry out operation, and generates sweet sequences.
Further, in the user registration process, the number of the zero-factor graph sequences is selected according to the length of the ASCII code corresponding to the user password.
Furthermore, the password length is more than 10 bits, the length range of the ASCII code corresponding to the user password is 10-30, and the number of the user honeywords is 20-40.
Further, in the user registration process, a user submits a user name and a user password to a server, the server generates a plurality of Honeywords for each user, the Honeywords are stored in the server, the zero-factor graph sequence position t where the user password is located and the identification code ID of the user are sent to a Honeyhecker, and in the login stage, the Honeyhecker detects the authenticity of the user password by checking whether the ID is consistent with the t.
Further, in the user login process, the server judges whether the user is a registered user, and if the user is not registered, the server prompts the user to register; the server firstly judges whether the user password is a honeywords or not according to the user name and the user password submitted by the user, if not, the server refuses to log in and prompts the user to re-input the password; if the password of the user corresponds to t 'previous honeywords, whether the t' th position is the position t where the user really locates is judged through the password checking end, if yes, login is allowed, and the login is recorded; otherwise, the submitted password is named as honeywords, and records are made for the logins, and the logins are used as reference values for setting the threshold value for resisting the DoS attack.
Further, the zero-factor graph algorithm is as follows: and determining N, solving a triad (x, y, z) set of a triad equation xyz [ identical to ] 0modN, and randomly selecting a plurality of triads to generate a zero factor graph.
Further, the DoS attack detection step includes: 1) in the user login process, the system records the use conditions of the following indexes: the node overall resource occupancy rate and the number of times of logging in the system in unit time are as follows: the times PN of logging in the system by the real password, the times HN of logging in the system by the honeywords and the times TN of inputting the logging in the system by other users; 2) when the server side authenticates the user, recording the condition of the index, and judging whether the DoS attack is performed or the password file is leaked; 3) if the times HN of login of the honeywords to the system and the times TN of other input login systems exceed the threshold value of the system, the system is considered to be attacked by DoS; 4) if the times PN of logging in the system by the real password and the times HN of logging in the system by the honeywords are rapidly increased in a short time, and the times TN of inputting other login systems are unchanged, the password file is considered to be leaked, and the system needs to take safety measures; 5) if the times PN of the true password login system, the times HN of the honeywords login system and the times TN of other input login systems are rapidly increased in a short time, the password file is considered to be leaked, an attacker adopts the leaked password file to login the system, and the system needs to take safety measures; 6) if the system judges that the password file is leaked, adopting safety measures; 7) and if the system judges that the system is the DoS attack, adopting a security measure aiming at the DoS attack.
Further, the overall resource occupancy rate of the node includes a CPU usage rate, a physical memory usage rate, a virtual memory/SWAP space usage rate, a disk space usage rate, a network bandwidth usage rate, a network connection usage rate, an uplink bandwidth usage rate, a downlink bandwidth usage rate, a process increase rate, a thread increase rate, a disk busy rate, a disk write-in rate, and a disk read rate.
Further, the safety measures are specifically as follows: the system is prompted to modify the login password for the affected user.
Further, the security measure for DoS attack specifically includes: by analyzing the web log or checking the number of network connections, when the number of concurrent connections of a certain IP is too large, a firewall command is called to seal off the corresponding IP.
Compared with the prior art, the invention has the beneficial effects that:
the invention discloses a password file leakage detection method based on a zero factor graph sequence, which is a method for generating honeylanguages by using a zero factor graph and graph labels and provides a zero factor graph sequence generation algorithm easy to deploy on a honeylanguage verification server. The invention designs a zero factor graph generation strategy aiming at the problems of computation overhead and storage overhead of the zero factor graph, and the existing hardware equipment can meet the two overheads. Through analysis on the aspects of safety, flatness, storage overhead and the like, the honeyword scheme provided by the invention has better advantages, and an attacker can be detected in time through randomly selecting a honeyword verification system constructed by a zero-factor graph.
Drawings
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a flowchart of a user registration phase in a honeywords detection system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a user login stage in the honeywords detection system according to the embodiment of the present invention.
Fig. 3 is a flowchart for generating the honeywords in the honeywords detection system according to the embodiment of the present invention.
Fig. 4 is a flowchart of a password modification phase in the honeywords detection system according to an embodiment of the present invention.
Detailed Description
The method for detecting the leakage of the password file based on the zero factor graph sequence comprises a honeywords generation process and a DoS attack detection mechanism. According to the method for generating the honeywords, different numbers of zero-factor graph sequences are selected according to the length of the ASCII code corresponding to the user password. That is, each user has a different number of honeywords. According to the DoS attack detection method, according to a generation mechanism of the honeywords, a DoS attack detection strategy for using the honeywords is designed, an alarm threshold value for triggering registration of the honeywords is set, and the false alarm rate of detection of the honeywords is reduced.
The invention improves the existing honeywords leakage detection scheme, overcomes the inherent semantic defect of honeywords generated by natural language, reduces the statistical characteristic of honeywords, improves the DoS attack resistance, and realizes the leakage detection of password files.
For a better understanding of the present invention, the method of the present invention is described in detail below with reference to the accompanying drawings.
The technical scheme provided by the invention is as follows:
a password file leakage detection method based on zero-factor graph sequences is characterized in that in a user registration stage, all passwords of a user are converted into corresponding ASCII (American standard code for information interchange) codes, the zero-factor graph sequences and the ASCII codes are combined to generate sweet sequences, only one of the sequence sets is a real password of the user, and the rest are honeywords; and eliminating the situation of using the honeywords for login in the DoS attack process according to a DoS attack detection mechanism, and realizing the DoS attack resistance.
First, system initialization procedure
And selecting the number of the zero factor graphs according to the length of the ASCII code corresponding to the user password. In order to improve the security of the user password, the password length set by the user should not be too short. The recommended user password length is more than 10 digits. Therefore, the length range of the ASCII code corresponding to the user password is 10-30, and the number of the user honeywords is 20-40.
Initializing a honeywords system, or adding a honeykey end to a traditional authentication service end.
Two, Honeywords generation process
The method comprises the steps that a honey rechecker end generates a plurality of zero factor graphs according to a zero factor graph algorithm, generates a zero factor graph matrix corresponding to a zero factor graph, converts the zero factor graph matrix into a zero factor graph sequence according to a generation rule of the zero factor graph sequence, sends the zero factor graph sequence to a server end, converts a password input by a user into a corresponding ASCII code by the server end, selects the zero factor graph sequence and the ASCII code to carry out operation, and generates sweet sequences. And randomly sequencing sweet sequences, and recording the zero factor graph sequence position of the user password.
The generation process of the honeywords is explained by specific examples below.
For example, the mathematical part:
X=(x1,x2,...,xq),E=(e1,e2,...,eq),Y=(y1,y2,...,yq)
xieiyi≡0mod N,i∈[1,q] (1)
randomly selecting a value of N, solving an equation (1) to obtain a triplet (x, e, y) set, randomly selecting a plurality of triples (for example, M is 6) to generate a zero factor graph, obtaining a corresponding zero factor graph matrix according to the combination condition of the triples, and obtaining a zero factor graph sequence according to the generation rule of the zero factor graph sequence.
For example: n100, M6, the triad sequence is: { (30,77,80), (84,85,95), (10,29,40), (40,50,80), (25,60,97), (34,60,85) }; { (14,24,75), (25,26,90), (70,72,75), (50,58,82), (16,30,95), (10,25,42) }; { (22,70,75), (24,25,96), (11,50,52), (20,22,25), (75,76,89), (32,34,50) }; {(10,70,93),(14,45,50),(29,55,60),(36,37,50),(40,75,96),(17,20,95)}.
A matrix generated from triples:
as the triples are arranged in different orders, the resulting matrix is also different.
The zero factor graph matrix can obtain several modes of the zero factor graph sequence, and the generation mode can be designed according to practical application.
Sequence of zero-factor graphs obtained from the way matrix (1) is generated:
……
……
is the user password angel #?
The user password corresponds to 971101031011083563 ASCII.
The ASCII corresponding to the user password is combined with the zero factor graph sequence to generate a new sequence as follows:
9:308410402534606059298577809540809785
97:142570501610293058722624759075829542
……
971101031011083563:222911207511340102503100151608235963
……
101429364017207537554570935060509695
a total of 25(ASCII length +7) zero-factor graph sequences, that is, the user has 25 sweet sequences, only one of which is the user's true password, 24 honeywords.
Third, user registration and login process
And in the processes of user registration and login, the honeywords are obtained according to the method for generating the honeywords in the step two, the server side judges the real password of the user, and the authentication is passed.
1) And in the registration stage, a user submits a user name and a user password to a server, the server generates a plurality of honeywords for each user according to the method in the step two, stores the plurality of honeywords in the server, and sends the zero-factor graph sequence position t where the user password is located and the identification code ID of the user to a honeykey (the authenticity of the user password is detected by checking whether the (ID, t) is consistent).
2) And in the login stage, the server judges whether the user is a registered user, and if the user is not registered, the server prompts the user to register. The server firstly judges whether the user password is a honeywords or not according to the user name and the user password submitted by the user, and if not, the server refuses to log in and prompts the user to re-input the password.
3) If the password of the user corresponds to t 'previous honeywords, the password checking terminal judges whether the t' th position is the position t where the user really locates the password, if yes, login is allowed, and the login is recorded.
4) Otherwise, the submitted password is named as the honeywords, the logins are recorded, and the logins are used as reference values for setting the threshold value of the DoS attack resistance.
5) In the above login behavior, the system detects and records the login behavior as a basis for judging whether the password is leaked.
Fourth, password file leakage detection method for resisting DoS attack
In the scheme for detecting password leakage of the honeywords, DoS attack resistance is the most important security problem to be solved by the system, and by setting a threshold value for triggering an alarm by an attacker through login of the honeywords, the sensitivity of the system during login of the honeywords is reduced, and the normal login environment of a legal user is maintained. The method for detecting the leakage of the password file against the DoS attack is as follows.
1) DoS attack detection method
Because DoS attacks do not necessarily act on the service process (i.e., the resource consumption of the service process is not increased), a better service denial effect can be obtained only by consuming the resources of the whole node to a certain degree, and therefore the resource consumption of the service process cannot be used as a basis for whether the DoS attacks are resource-depleted. The invention adopts the whole resource occupancy rate of the node when calculating the resource consumption of the node, and the resource importance of the node is obtained by the resource importance of each service on the node and the importance of the service.
In the user login process, the system records the use conditions of the following indexes. CPU utilization, physical memory utilization, virtual memory/SWAP space utilization, disk space utilization, network bandwidth utilization, network connection utilization, uplink bandwidth utilization, downlink bandwidth utilization, process increase, thread increase, disk busy, disk write-in rate, and disk read rate. The number of times the system is logged on per unit time. The method comprises the steps of PN times of logging in the system by a real password, HN times of logging in the system by a honeywords, and TN times of logging in the system by other inputs.
2) And when the server side authenticates the user, recording the condition of the index, and judging whether the DoS attack is performed or the password file is leaked.
3) A DoS attack is considered to have been encountered if the number HN of times a honeywords logs into the system and the number TN of times other inputs log into the system exceed a threshold value for the system.
4) If the times PN of the real password login system and the times HN of the honeywords login system are rapidly increased in a short time, and the times TN of other input login systems are unchanged, the password file is considered to be leaked, and the system needs to take safety measures.
5) If the times PN of the real password login system, the times HN of the honeywords login system and the times TN of other input login systems are rapidly increased in a short time, the password file is considered to be leaked, an attacker adopts the leaked password file to login the system, and the system needs to take safety measures.
6) And if the system judges that the password file is leaked, corresponding safety measures are adopted. For example, the system may be prompted to modify the login password for the affected user.
7) If the system judges that the IP address is the DoS attack, a safety measure aiming at the DoS attack is adopted, for example, a web log can be analyzed, or the number of network connections can be checked, and when the number of concurrent connections of a certain IP is too large, a firewall command is called to seal off the corresponding IP.
Based on the steps, a DoS attack resistant password file leakage detection mechanism generated by the honeywords based on the zero-factor graph sequence is realized.
The honey language scheme in the invention is constructed based on a zero factor graph sequence. Firstly, solving a ternary congruence equation xyz [ identical to ] 0modN to obtain a triplet (x, y, z), secondly, randomly selecting a plurality of triples from a triplet set to generate a zero-factor graph matrix, randomly selecting a plurality of triples from the generated zero-factor graph matrix to serve as a zero-factor graph sequence, and finally converting the zero-factor graph matrix into the zero-factor graph sequence according to a generation rule of the zero-factor graph sequence. Since the triples and the zero factor graph matrix are randomly selected in the process of generating the zero factor graph sequence, the set space of the zero factor graph sequence is undoubtedly increased, and brute force cracking can be well resisted. The number of honeywords generated for each user depends on the length of the ASCII code corresponding to the user password, and the system can flexibly select the number of zero-factor graph sequences according to the user password submitted by the user, and has no requirement on the number of registered users. In the design process of the DoS attack resisting strategy, in order to reduce the threshold value of the alarm which triggers the nectar checker when an attacker possibly adopts nectar login, the segmentation strategy of the ASCII code corresponding to the user password is designed, and the DoS attack resisting capability of the system can be effectively enhanced.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: it is to be understood that modifications may be made to the technical solutions described in the foregoing embodiments, or equivalents may be substituted for some of the technical features thereof, but such modifications or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (1)
1. The password file leakage detection method based on the zero-factor graph sequence is characterized in that in the user registration process, an auxiliary service end provides the zero-factor graph sequence, the service end converts a user password into an ASCII code, the number of the zero-factor graph sequence is selected according to the length of the ASCII code corresponding to the user password, the ASCII code and the zero-factor graph sequence are operated to obtain sweet sequences, only one of the sequence sets is a user true password, the rest are honeywords, the password length is more than 10 bits, the length range of the ASCII code corresponding to the user password is 10-30, and the number of the honeywords of the user is 20-40; in the user login process, a user inputs a real password, the server side passes authentication, and the server side identifies honeywords to detect password file leakage; according to the DoS attack detection method, the situation that honeywords are used for logging in the DoS attack process is eliminated, and the DoS attack resistance is achieved; wherein, the service end is added with a honeyhecker end, and the generation process of honeywords is as follows: the method comprises the following steps that a honeyhecker end generates a plurality of zero factor graphs according to a zero factor graph algorithm, a zero factor graph matrix corresponding to a zero factor graph is generated, the zero factor graph matrix is converted into a zero factor graph sequence according to a generation rule of the zero factor graph sequence, the honeyhecker end sends the zero factor graph sequence to a server end, the server end converts a password input by a user into a corresponding ASCII code, the zero factor graph sequence and the ASCII code are selected for operation, and sweet sequences are generated; the zero-factor graph algorithm is as follows: determining N, solving a triple (x, y, z) set of a ternary equation xyz [ identical to ] 0mod N, and randomly selecting a plurality of triples to generate a zero factor graph; in the user registration process, a user submits a user name and a user password to a server, the server generates a plurality of honey words for each user, the honey words are stored in the server, a zero factor graph sequence position t where the user password is located and an identification code ID of the user are sent to a honey tracker, and in a login stage, the honey tracker detects the authenticity of the user password by checking whether the ID is consistent with the t.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110689419.2A CN113411339B (en) | 2021-06-22 | 2021-06-22 | Password file leakage detection method based on zero factor graph sequence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110689419.2A CN113411339B (en) | 2021-06-22 | 2021-06-22 | Password file leakage detection method based on zero factor graph sequence |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113411339A CN113411339A (en) | 2021-09-17 |
CN113411339B true CN113411339B (en) | 2022-05-06 |
Family
ID=77682148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110689419.2A Active CN113411339B (en) | 2021-06-22 | 2021-06-22 | Password file leakage detection method based on zero factor graph sequence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113411339B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114338147B (en) * | 2021-12-28 | 2023-08-11 | 中国银联股份有限公司 | Password blasting attack detection method and device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111143812A (en) * | 2019-11-15 | 2020-05-12 | 南京航空航天大学 | Login authentication method based on graph |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8528060B2 (en) * | 2005-12-22 | 2013-09-03 | Telcordia Technologies, Inc. | Method and system for password protocols in the bounded retrieval mode with security dictionary attacks and intrusions |
CN109711173B (en) * | 2019-02-03 | 2020-10-09 | 北京大学 | Password file leakage detection method |
CN111181998B (en) * | 2020-01-09 | 2022-07-26 | 南京邮电大学 | Design method of honeypot capture system for terminal equipment of Internet of things |
CN112507306B (en) * | 2020-12-21 | 2023-04-25 | 南京航空航天大学 | Password protection method based on honeyword |
-
2021
- 2021-06-22 CN CN202110689419.2A patent/CN113411339B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111143812A (en) * | 2019-11-15 | 2020-05-12 | 南京航空航天大学 | Login authentication method based on graph |
Also Published As
Publication number | Publication date |
---|---|
CN113411339A (en) | 2021-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10554639B2 (en) | Systems and methods for managing resetting of user online identities or accounts | |
Preuveneers et al. | SmartAuth: dynamic context fingerprinting for continuous user authentication | |
US20040225899A1 (en) | Authentication system and method based upon random partial digitized path recognition | |
KR100745044B1 (en) | Apparatus and method for protecting access of phishing site | |
Chang et al. | Generation of secure and reliable honeywords, preventing false detection | |
Dionysiou et al. | Honeygen: Generating honeywords using representation learning | |
Tian et al. | Achieving flatness: Graph labeling can generate graphical honeywords | |
Guo et al. | Superword: A honeyword system for achieving higher security goals | |
CN106878335A (en) | A kind of method and system for login authentication | |
CN113411339B (en) | Password file leakage detection method based on zero factor graph sequence | |
Guan et al. | A novel verification scheme to resist online password guessing attacks | |
Revett et al. | Enhancing login security through the use of keystroke input dynamics | |
KR100927280B1 (en) | How to prevent secure string exposure using fake rounds | |
CN114374531B (en) | Access behavior control method, device, computer equipment and storage medium | |
EP4068125B1 (en) | Method of monitoring and protecting access to an online service | |
Nokovic et al. | API security risk assessment based on dynamic ML models | |
Wu et al. | A secure strong-password authentication protocol | |
WO2019159809A1 (en) | Access analysis system and access analysis method | |
Jain et al. | A literature review on machine learning for cyber security issues | |
CN117134999B (en) | Safety protection method of edge computing gateway, storage medium and gateway | |
CA2579826C (en) | Authentication system and method based upon random partial digitized path recognition | |
Walker | Importance of Secret Question Validation when Implementing Multi-Factor Authentication Protocols | |
Huang | Exploratory Analysis of Password and Login Security Methods | |
Rahim et al. | A survey on anti-phishing techniques: From conventional methods to machine learning | |
Suryawanshi et al. | Enhancing the Security Using Honeywords |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |