Utilize Machine Learning Methods to Detect Plaintext Passwords

International Journal of Machine Learning and Networked Collaborative Engineering

View Publication Info
 
 
Field Value
 
Title Utilize Machine Learning Methods to Detect Plaintext Passwords
 
Creator Alnoaimi, Nada
Al-Turaifi, Abdullah
Babateen, Sireen
 
Subject Machine Learning
plaintext password
 
Description Every company is a target today, no matter the type of business it does. Hackers and cybercriminals are after data which they can monetize in many ways. Being proactive and have a defensive and protective plan in place such as evaluating and assessing IT security is a great recipe for avoiding data breaches and consequently, business disasters. Passwords are the most popular authentication method, mainly because they are easy to implement, require no special hardware or software, and are familiar to users and developers. Unfortunately, most users store their sensitive information or credentials in plain-text that might be accessible to attackers. Since the information is not encrypted and stored or transferred in cleartext, attackers will be able to read it easily. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this attitude makes an attacker’s job easier. Good password management guidelines require that a password must never be stored in plaintext.
The question is why not utilizing a machine learning platform that can be trained to search text in a computer resource, detect a string of plaintext characters, and analyze the string of characters to predict or detect a plaintext password on a computer resource asset. Since plaintext passwords can be stored anywhere on a computer network, including on a computer resource asset, such as, for example, a file (for example, a configuration file), a router, a switch, a computer, a server, a database or source code, the solution can be arranged to target computer resource assets on the network and search those computer resource assets. 
The machine will be able to detect a plaintext password in a character string by analyzing plaintext character strings for common password complexity, such as, for example, including at least one uppercase letter, lowercase letter, number, special character, and text length (for example, minimum of eight characters).  Then check the similarity of the character string against a database comprising passwords, including, for example, passwords that were previously found or identified by the solution, or passwords that were input or loaded into the database from a list, table, record, file, or a computer resource that can input passwords to the database.  Also, it will predict a level of certainty that a character string includes a password and output a confidence score based on the predicted level of certainty. Finally, it will categorize the confidence score in any number of prediction certainty levels, including, for example, three levels – high, medium, or low. 
 
Publisher SR Informatics, New Delhi, India
 
Date 2020-10-24
 
Type info:eu-repo/semantics/article
info:eu-repo/semantics/publishedVersion
Peer-reviewed Article
 
Format application/pdf
 
Identifier http://www.mlnce.net/index.php/Home/article/view/141
 
Source International Journal of Machine Learning and Networked Collaborative Engineering; Vol. 4 No. 2 (2020): Volume No 04 Issue No 02 (2020); 63-71
2581-3242
 
Language eng
 
Relation http://www.mlnce.net/index.php/Home/article/view/141/81
 
Rights Copyright (c) 2020 International Journal of Machine Learning and Networked Collaborative Engineering
http://creativecommons.org/licenses/by-nc-nd/4.0
 

Contact Us

The PKP Index is an initiative of the Public Knowledge Project.

For PKP Publishing Services please use the PKP|PS contact form.

For support with PKP software we encourage users to consult our wiki for documentation and search our support forums.

For any other correspondence feel free to contact us using the PKP contact form.

Find Us

Twitter

Copyright © 2015-2018 Simon Fraser University Library