dc.contributor.author | Fauzi, Muhammad Ali | |
dc.contributor.author | Yang, Bian | |
dc.contributor.author | Martiri, Edlira | |
dc.date.accessioned | 2021-03-08T08:45:22Z | |
dc.date.available | 2021-03-08T08:45:22Z | |
dc.date.created | 2020-12-07T15:12:20Z | |
dc.date.issued | 2020 | |
dc.identifier.isbn | 978-1-7281-7303-0 | |
dc.identifier.uri | https://hdl.handle.net/11250/2732039 | |
dc.description.abstract | The legacy-UI honeywords generation approach is more favored due to its high usability compared to the modified-UI approach that sometimes becomes unusable in practice. However, several prior arts on legacy-UI based honeywords generation methods often fail to obtain the security standard, especially the flatness criterion. In this work, we propose two legacy-UI honeywords generation strategies based on two password guessing methods: PassGAN and Probabilistic Context-Free Grammar (PCFG). Besides, we also introduce two hybrid strategies by combining PassGAN, PCFG, and random-based methods. We empirically examine the flatness of the proposed honeywords generation strategy against Top Password (Top-PW) attack using real-world datasets, instead of only providing heuristic security arguments. The experiment results show that three of the proposed methods (the PassGAN-based and the two hybrid methods) have lower flatness value than all previous legacy-UI methods and able to meet the "perfectly flat" criterion. | en_US |
dc.language.iso | eng | en_US |
dc.publisher | IEEE | en_US |
dc.relation.ispartof | 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC) | |
dc.title | Password Guessing-Based Legacy-UI Honeywords Generation Strategies for Achieving Flatness | en_US |
dc.type | Chapter | en_US |
dc.description.version | acceptedVersion | en_US |
dc.source.pagenumber | 1610-1615 | en_US |
dc.identifier.doi | 10.1109/COMPSAC48688.2020.00-25 | |
dc.identifier.cristin | 1857049 | |
dc.description.localcode | © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | en_US |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
cristin.qualitycode | 1 | |