PassRVAE: Improved Trawling Attacks via Recurrent Variational Autoencoder

The prevalence of offline password guessing attacks, also known as trawling, continues to challenge authentication systems. To quantify the threat posed by trawling, existing strategies leverage deep learning to model password habits and predict likely user password choices. We propose PassRVAE, merging Variational Autoencoders (VAEs) and Gated Recurrent Unit (GRU) networks to augment the accuracy and efficiency of trawling attacks. We further break down the problem by composition policy to evaluate how models fare against specific types of passwords. We evaluate our solution against state-of-the-art models including PassGAN, VAEPass, and VAE-GPT2, on recent password datasets. PassRVAE demonstrates better overall performance as well as per password composition policy, achieving 21.32% higher accuracy with 109 guesses in the RockYou dataset, and 2.74%.27.46% higher accuracy with 108 guesses in six different policies of 4iQ.