Brute force attack is a usual way to crack passwords based on a crafted dictionary. Traditionally, this dictionary is constructed using an existing pool, random words, meaningful words from a public website, or prior passwords, which makes the brute force attack take long time and consume a lot of resources. Lately, two interdisciplinary fields of Cyber Security and Artificial Intelligence (AI) converge together. On one hand, researchers apply artificial intelligence especially machine learning or pattern recognition to make offenses and defenses in cyber security smarter. On the other hand, cyber security technologies are used to protect artificial intelligence algorithms/modules, making them safer. Under this umbrella, we begin to think about next-generation password brute force attacks based on artificial intelligence. We propose to use an open-source machine learning algorithm called Torch-rnn, which is available from GitHub, to generate new potential passwords following a similar pattern based on prior passwords and insert them into the brute force dictionary in real time. Hence, our password brute force attacks become smarter and more efficient. Our experimental studies indicate that AI - based password brute force attacks have significantly higher success/hit rates to crack the correct passwords, compared with non AI - based (or traditional) password brute force attacks. In this paper, we also propose defensive strategies to protect our passwords against this new-generation and smarter AI-based password brute force attacks.
Trieu, Khoa and Yang, Yi, "Artificial Intelligence-Based Password Brute Force Attacks" (2018). MWAIS 2018 Proceedings. 39.