Hybrid Deep Learning Models for Enhanced Password Security Assessment
摘要
Passwords have long been instrumental in guaranteeing that access to system resources is limited to authorized users. They play a pivotal role in establishing accountability for all transactions and modifications to system resources, encompassing data. It is imperative that each user is responsible for the selection and confidentiality of their passwords, ensuring that they are constructed with sufficient strength in accordance with established guidelines. The critical concern behind password strength prediction is how easily are they to be cracked which can put the entire system at risk. The main focus in this research is to predict the strength of the password on the basis of some basic metrics. Our study comprises of assessing and providing a comprehensive comparison of strengths and weakness of passwords. This research is based on the massive password strength classifier dataset, which is specially designed for research in password security and classification. Seven transformer-based deep learning models are used to classify passwords in three strength levels- Weak, Medium, and Strong using the seven transformer-based models. After evaluating the performance of these models this research also employs various hybrid learning models to compare the efficiency with the standalone ones. This research will showcase a comparison table, which will serve as a DataFrame that summarizes the accuracy, precision, recall, and F1 scores for each model. Additionally, it will present a detailed visual representation on a bar plot that compares the performance of all models based on important metrics. The study finally compares both the standard transformer-based models and hybrid models and provides insights into their respective strengths and weaknesses. In this paper, we compare different transformer models, i.e., BERT, RoBERTa, DeBERTa, ALBERT, DistilBERT, ELECTRA, and XLNet, for password strength prediction in different strength groups. From our analysis, we determine that DistilBERT and ALBERT lead other models in terms of maximum accuracy (1.00 and 0.99, respectively) combined with precision-recall metrics in a balanced manner. Further, we also explore hybrid models, i.e., merging CNNs, BiLSTMs, GRUs, Graph Neural Networks (GNNs), and Reinforcement Learning (RL) with transformers to improve predictive precision. Amongst hybrid models, BERT + CNN and BERT + BiLSTM provide better accuracy (0.99) and F1 score (0.98), making them potential candidates for practical password analysis systems. This research will enhance password security assessment methodologies contributing to the broader discourse on security and will provide beneficial insights for developing more robust authentication practices. Furthermore, this research demonstrates the importance of model selection in security applications.