Multi-armed bandit approach to password guessing
Hazel Murray, David Malone
TL;DR
This paper proposes a novel framework applying multi-armed bandit algorithms to optimize password guessing strategies by balancing exploration of different password sources and exploitation of the most promising ones.
Contribution
It introduces a new approach that models password guessing as a multi-armed bandit problem, enabling adaptive and potentially more effective guessing strategies.
Findings
Bandit-based approach improves guessing efficiency
Framework adapts to different password sources
Potential for higher success rates in password cracking
Abstract
The multi-armed bandit is a mathematical interpretation of the problem a gambler faces when confronted with a number of different machines (bandits). The gambler wants to explore different machines to discover which machine offers the best rewards, but simultaneously wants to exploit the most profitable machine. A password guesser is faced with a similar dilemma. They have lists of leaked password sets, dictionaries of words, and demographic information about the users, but they don't know which dictionary will reap the best rewards. In this paper we provide a framework for using the multi-armed bandit problem in the context of the password guesser and use some examples to show that it can be effective.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Advanced Malware Detection Techniques · Spam and Phishing Detection