PassGAN for Honeywords: Evaluating the Defender and the Attacker Strategies
Chapter
Accepted version
Åpne
Permanent lenke
https://hdl.handle.net/11250/2733005Utgivelsesdato
2020Metadata
Vis full innførselSamlinger
Originalversjon
https://doi.org/10.1007/978-981-15-6048-4_34Sammendrag
The main challenge in a honeywords system is how to generate artificial passwords (honeywords) that are indistinguishable from the genuine password (sugarword). It is straightforward to consider the PassGAN for generating honeywords from the defender’s perspective. In this work, we analyze a game situation between the defender and the attacker assuming the two parties exploit the PassGAN for their own competing advantage, i.e., the defender uses the generator model of PassGAN to generate honeywords, and the attacker uses the discriminator model of PassGAN to detect the sugarword. In this game, we investigate the feasibility of PassGAN as a honeywords generation strategy and the possible strategies that can be used by the defender and the attacker to reach their goal. The best strategy for the attacker is to use a large number of iterations and to use the same dataset as the defender. From the defender’s point of view, the strategy of using many iterations is also beneficial to reduce the attacker’s success rate.