透過通行碼鑑別使用者身分是目前許多系統或網站的重要技術，雖然這幾年來人臉辨識、指紋辨識或虹膜辨識等生物特徵技術或OTP簡訊碼也逐步被採用來進行身分鑑別，但這些較新的技術有些只用在特殊環境或雙因子認證之一，通行碼還是目前採用最廣泛的身分鑑別技術，因此通行碼的強度對網路安全或資訊系統安全是非常重要的議題，而目前評估通行碼強度的方法與技術多以英文使用者為主要對象，本論文以研究評估華人使用者通行碼強度的技術為主要目標。本論文利用LSTM類神經網路模型技術建立猜測通行碼模型，並提升其猜測華人使用者通行碼的準確度，以華人為母語的使用者可以透過本論文設計的模型瞭解自己通行碼的強度。經多方的探索與分析評估，本論文提出以LSTM融合轉移學習訓練出來通行碼產生模型，可以藉以評估通行碼的強度。提供系統或使用者了解使用者設定之通行碼的強度。

Password authentication is the main technique for user authentication on many services. Although the usage of biometrics identification such as facial recognition, fingerprint recognition and iris recognition has increased progressively, these kinds of up-to-date technique is merely used in specific condition or as a part of two-factor authentication. Password authentication is still the most used technique for identification, so the strength of passwords is such an important issue for computer security and network security. This thesis set evaluating passwords strength of Chinese users as the main goal since related research was most designed for English users. In this thesis, LSTM models were constructed as the password-guessing model and were used to increase the guessed rate on Chinese passwords, letting Chinese users evaluate their passwords strength. After analyzing and exploring many aspects, this thesis proposed a model using LSTM with transference learning that could be used on evaluating passwords strength, providing information system, internet services and users a method to assess passwords.

第一章 研究背景與目的 1
第二章 相關研究 3
2.1 語言模型 3
2.2 RNN模型 4
2.3 LSTM模型 4
2.4 轉移學習 5
第三章 研究架構 7
3.1 建構Subword訓練集 8
3.2 預處理階段 14
3.3 模型訓練階段 17
3.3 通行碼強度與模型猜測能力評估 17
第四章 實驗結果與討論 20
4.1實驗環境 20
4.2資料集 20
4.3弱通行碼 21
4.4類神經網路架構 21
4.5神經網路模型與測試集 22
4.6小型測試集於各模型的測試結果 24
4.7完整測試集於各模型的測試結果 25
4.8通行碼安全強度評估 28
4.9討論 29
第五章 結論 31
參考資料	32
附錄一 英文論文 34


圖目錄
圖 1 RNN模型結構 4
圖 2 LSTM模型結構 5
圖 3 本論文使用之模型結構圖 22
圖 4 本論文之轉移學習架構	22


表1 預處理階段使用的變數與函數 14
表2 計算通行碼機率使用的變數與函數	17
表3 小型測試集於各模型的測試結果 24
表4 完整LY測試集於各模型的測試結果	26
表5 完整17173測試集於各模型的測試結果 27

[1] TeamsID (2019). Top 50 Worst Passwords of 2019. https://www.teampassword.com/blog/top-50-worst-passwords-of-2019.
[2] Melicher,W., Ur,B., Segreti,S.M., Komanduri,S., Bauer,L., Christin,N., Cranor,L.F. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. In Proc.Usenix Security (2016).
[3] Sunnia Ye(2018).A Study of Chinese Passwords. https://medium.com/@ye.sunnia/an-analysis-of-chinese-passwords-e49b97b91919.
[4]Margaret Rouse(2020).Language Modeling. https://searchenterpriseai.techtarget.com/definition/language-modeling.
[5] Jason Brownlee(2019). Gentle Introduction to Statistical Language Modeling and Neural Language Models. https://machinelearningmastery.com/statistical-language-modeling-and-neural-language-models/.
[6] Tomas Mikolov, Martin Karafiat, Lukas Burget, Jan “Honza” Cernocky, Sanjeev Khudanpur. Recurrent neural network based language model,2010.
[7] Zachary C. Lipton, John Berkowitz, Charles Elkan. A Critical Review of Recurrent Neural Networks for Sequence Learning,2015.
[8] Felix A. Gers, Jurgen Schmidhuber, Fred Cummins. Learning to Forget: Continual Prediction with LSTMs,1999.
[9] Razvan Pascanu, Tomas Mikolov, Yoshua Bengio. On the difficulty of training recurrent neural networks,2012.
[10] Ming Zuo Chen (2019). Transfer Learning. https://medium.com/%E6%88%91%E5%B0%B1%E5%95%8F%E4%B8%80%E5%8F%A5-%E6%80%8E%E9%BA%BC%E5%AF%AB/transfer-learning-%E8%BD%89%E7%A7%BB%E5%AD%B8%E7%BF%92-4538e6e2ffe4.
[11] Jason Brownlee(2017). A Gentle Introduction to Transfer Learning for Deep Learning. https://machinelearningmastery.com/transfer-learning-for-deep-learning/.
[12] Hashes.org, Shared Community Password Recovery(2020). Hashes.org.
[13] Catie Keck(2019). It's Time to Nervously Mock the 50 Worst Passwords of the Year. https://gizmodo.com/its-time-to-nervously-mock-the-50-worst-passwords-of-th-1840514905.
[14] Cara McGoogan(2017). The world's most common passwords revealed:Are you using them?. https://www.telegraph.co.uk/technology/2017/01/16/worlds-common-passwords-revealed-using/.
[15] Xu Lin(2011). Top 10 commonly used online passwords. http://www.china.org.cn/top10/2011-11/28/content_24023212_2.htm.
[16] Jenny Morrison(2018). Password Security: Top 20 most common passwords revealed. https://vpns.co.uk/the-20-most-common-passwords-by-keyboard-pattern/.