Robust password security: a genetic programming approach with imbalanced dataset handling

Abstract

Developing a method for determining password strength using artificial intelligence (AI) is crucial as it enhances cybersecurity by providing a more robust defense against unauthorized access. AI can analyze complex patterns and trends, allowing for the identification of weak passwords and potential vulnerabilities more effectively than traditional methods. This proactive approach helps users and organizations strengthen their security posture, reducing the risk of data breaches and unauthorized intrusions. In this paper, the genetic programming symbolic classifier (GPSC) was applied to the publicly available dataset to obtain a set of symbolic expressions for password strength classification with high classification accuracy. One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. The optimal GPSC hyperparameter values were found using the random hyperparameter value search method. The algorithm was trained using fivefold cross-validation (5FCV). One of the problems with the dataset was an imbalance between classes so various oversampling/undersampling techniques have been utilized. To evaluate obtained SEs, the evaluation metric accuracy, area under receiver operating characteristics curve, precision, recall, and f1-score were used. The obtained SEs on balanced dataset variations achieved high classification accuracy (0.99) and with the application of all SEs on the entire original imbalanced dataset achieved the same accuracy.

Appendix

1.1 Appendix A.1. The modified mathematical functions used in GPSC

In description of GPSC and RHVS method, it was mentioned that mathematical functions such as division, square root, natural logarithm, and logarithms with bases 2 and 10 had to be modified to avoid generating infinity or not a number values. The mathematical function of division can be written in the following form:

$$\begin{aligned} y_{\text {DIV}}(x)= & {} {\left\{ \begin{array}{ll}x_1/x_2 &{} |x_2| > 0.001\\ 1 &{} |x_2| < 0.001 \end{array}\right. } \end{aligned}$$

(8)

$$\begin{aligned} y_{\text {SQRT}}{x}= & {} {\left\{ \begin{array}{ll} \sqrt{|x|} &{} |x| > 0.001 \\ \end{array}\right. } \end{aligned}$$

(9)

The natural logarithm, logarithm with bases 2 and 10 can be defined as:

$$\begin{aligned} y_{i}(x) = {\left\{ \begin{array}{ll}\log _i |x| &{} |x| >0.001 \\ 0 &{} |x| < 0.001\end{array}\right. }, i = e, 2, 10 \end{aligned}$$

(10)

1.2 Appendix A.2. How to obtain and use the SEs from this research

Due to a large number of obtained SEs in this paper, the SEs are not shown. The SEs can be obtained from GitHub repository (web-link: https://github.com/nandelic2022/PasswordStrengthEquations.git). After downloading the SEs the procedure of using these consist of following steps:

1. 1.

   From initial dataset define input variables and output variable.

2. 2.

   use the input variables to calculate the output of each SEs.

3. 3.

   use the output generated from SEs to calculate the sigmoid function value, i.e., to determine whether the dataset sample belongs to class or not.

4. 4.

   use the previously mentioned evaluation metrics to calculate the SEs performance.