Identification of Exploited Unreliable Account Passwords in the Information Infrastructure Using Machine Learning Methods

Abstract

Accounts are an integral part of most modern information systems and provide their owners with the ability to authenticate within the system. This paper presents an analysis of existing methods for detecting simple account passwords in automated systems. Their advantages and disadvantages are listed. A method was developed to detect simple exploitable passwords that administrators can use to supplement other existing methods to increase the overall security of automated systems against threats from accounts potentially compromised by attackers. The method was based on the analysis of commands executed in automated or manual modes with the indication of credentials in plain text. Minimum password strength requirements are provided based on the security level. A special case was considered in which all passwords analyzed in this way were found explicitly in the system logs. We developed a unified definition of the classification of passwords into simple and strong, and also developed machine learning technology for their classification. The method offers a flexible adaptation to a specific system, taking into account the level of significance of the information being processed and the password policy adopted, expressed in the possibility of retraining the machine learning model. The experimental method using machine learning algorithms, namely the ensemble of decision trees, for classifying passwords into strong and potentially compromised by attackers based on flexible password strength criteria, showed high results. The performance of the method is also compared against other machine learning algorithms, specifically XGBoost, Random Forest, and Naive Bayes. The presented approach also solves the problem of detecting events related to the use and storage of credentials in plain text. We used the dataset of approximately 770,000 passwords, allowing the machine learning model to accurately classify 98% of the passwords by their significance levels.