{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T16:45:21Z","timestamp":1778258721811,"version":"3.51.4"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031355035","type":"print"},{"value":"9783031355042","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-35504-2_5","type":"book-chapter","created":{"date-parts":[[2023,6,9]],"date-time":"2023-06-09T08:01:47Z","timestamp":1686297707000},"page":"89-108","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Honey, I Chunked the\u00a0Passwords: Generating Semantic Honeywords Resistant to\u00a0Targeted Attacks Using Pre-trained Language Models"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6461-5720","authenticated-orcid":false,"given":"Fangyi","family":"Yu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8169-6836","authenticated-orcid":false,"given":"Miguel Vargas","family":"Martin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,6,10]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"IBM security: Cost of a data breach report 2021 (2021). https:\/\/www.ibm.com\/security\/data-breach. Accessed 01 Jan 2022","DOI":"10.12968\/S1353-4858(22)70049-9"},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1007\/978-3-642-15497-3_18","volume-title":"Computer Security \u2013 ESORICS 2010","author":"H Bojinov","year":"2010","unstructured":"Bojinov, H., Bursztein, E., Boyen, X., Boneh, D.: Kamouflage: loss-resistant password management. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 286\u2013302. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15497-3_18"},{"key":"5_CR3","doi-asserted-by":"publisher","unstructured":"Bonneau, J., Herley, C., Oorschot, P.C.V., Stajano, F.: The quest to replace passwords: a framework for comparative evaluation of web authentication schemes. In: 2012 IEEE Symposium on Security and Privacy (S &P), pp. 553\u2013567 (2012). https:\/\/doi.org\/10.1109\/SP.2012.44","DOI":"10.1109\/SP.2012.44"},{"key":"5_CR4","unstructured":"Brown, T., et al.: Language models are few-shot learners. In: Advances in Neural Information Processing Systems, vol. 33, pp. 1877\u20131901. Curran Associates, Inc. (2020). https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2020\/file\/1457c0d6bfcb4967418bfb8ac142f64a-Paper.pdf"},{"key":"5_CR5","doi-asserted-by":"publisher","unstructured":"Camenisch, J., Lehmann, A., Neven, G.: Optimal distributed password verification. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS \u201915, pp. 182\u2013194. Association for Computing Machinery, New York, NY, USA (2015). https:\/\/doi.org\/10.1145\/2810103.2813722","DOI":"10.1145\/2810103.2813722"},{"key":"5_CR6","unstructured":"Chen, M., et al.: Evaluating large language models trained on code. arXiv preprint arXiv:2107.03374 (2021)"},{"key":"5_CR7","doi-asserted-by":"publisher","unstructured":"Chintagunta, B., Katariya, N., Amatriain, X., Kannan, A.: Medically aware GPT-3 as a data generator for medical dialogue summarization. In: Proceedings of the Second Workshop on Natural Language Processing for Medical Conversations, pp. 66\u201376. Association for Computational Linguistics, Online, June 2021). https:\/\/doi.org\/10.18653\/v1\/2021.nlpmc-1.9","DOI":"10.18653\/v1\/2021.nlpmc-1.9"},{"key":"5_CR8","doi-asserted-by":"publisher","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp. 4171\u20134186. Association for Computational Linguistics, Minneapolis, Minnesota, June 2019. https:\/\/doi.org\/10.18653\/v1\/N19-1423","DOI":"10.18653\/v1\/N19-1423"},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Dionysiou, A., Vassiliades, V., Athanasopoulos, E.: HoneyGen: generating honeywords using representation learning. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. ASIA CCS \u201921, pp. 265\u2013279. Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3433210.3453092","DOI":"10.1145\/3433210.3453092"},{"key":"5_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101689","volume":"103","author":"Y Guo","year":"2021","unstructured":"Guo, Y., Zhang, Z., Guo, Y.: Superword: a honeyword system for achieving higher security goals. Comput. Secur. 103, 101689 (2021). https:\/\/doi.org\/10.1016\/j.cose.2019.101689","journal-title":"Comput. Secur."},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Jagadeesh, N., Vargas Martin, M.: Alice in passphraseland: assessing the memorability of familiar vocabularies for system-assigned passphrases (2021). https:\/\/doi.org\/10.48550\/ARXIV.2112.03359","DOI":"10.48550\/ARXIV.2112.03359"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"Joudaki, Z., Thorpe, J., Vargas Martin, M.: Reinforcing system-assigned passphrases through implicit learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201918, pp. 1533\u20131548. Association for Computing Machinery, New York, NY, USA (2018). https:\/\/doi.org\/10.1145\/3243734.3243764","DOI":"10.1145\/3243734.3243764"},{"key":"5_CR13","doi-asserted-by":"publisher","unstructured":"Juels, A., Rivest, R.L.: Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201913, pp. 145\u2013160. Association for Computing Machinery, New York, NY, USA (2013). https:\/\/doi.org\/10.1145\/2508859.2516671","DOI":"10.1145\/2508859.2516671"},{"key":"5_CR14","unstructured":"Kojima, T., Gu, S.S., Reid, M., Matsuo, Y., Iwasawa, Y.: Large language models are zero-shot reasoners. arXiv preprint arXiv:2205.11916 (2022)"},{"key":"5_CR15","doi-asserted-by":"publisher","unstructured":"Liu, P., Yuan, W., Fu, J., Jiang, Z., Hayashi, H., Neubig, G.: Pre-train, prompt, and predict: a systematic survey of prompting methods in natural language processing. ACM Comput. Surv. 55(9) (2023). https:\/\/doi.org\/10.1145\/3560815","DOI":"10.1145\/3560815"},{"key":"5_CR16","unstructured":"Liu, Y., et al.: RoBERTa: a robustly optimized BERT pretraining approach. arXiv preprint arXiv:1907.11692 (2019)"},{"key":"5_CR17","doi-asserted-by":"publisher","unstructured":"Pasquini, D., Gangwal, A., Ateniese, G., Bernaschi, M., Conti, M.: Improving password guessing via representation learning. In: 2021 IEEE Symposium on Security and Privacy (S &P, pp. 1382\u20131399 (2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00016","DOI":"10.1109\/SP40001.2021.00016"},{"key":"5_CR18","unstructured":"Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., Sutskever, I.: Language models are unsupervised multitask learners (2018). https:\/\/d4mucfpksywv.cloudfront.net\/better-language-models\/language-models.pdf"},{"key":"5_CR19","unstructured":"Ramesh, A., et al.: Zero-shot text-to-image generation. In: International Conference on Machine Learning, pp. 8821\u20138831. PMLR (2021)"},{"issue":"3","key":"5_CR20","doi-asserted-by":"publisher","first-page":"614","DOI":"10.1147\/sj.403.0614","volume":"40","author":"NK Ratha","year":"2001","unstructured":"Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Syst. J. 40(3), 614\u2013634 (2001)","journal-title":"IBM Syst. J."},{"key":"5_CR21","doi-asserted-by":"publisher","unstructured":"Reynolds, L., McDonell, K.: Prompt programming for large language models: beyond the few-shot paradigm. In: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. CHI EA \u201921, Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3411763.3451760","DOI":"10.1145\/3411763.3451760"},{"key":"5_CR22","unstructured":"Roche, T., Lomn\u00e9, V., Mutschler, C., Imbert, L.: A side journey to Titan. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 231\u2013248. USENIX Association, August 2021. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/roche"},{"key":"5_CR23","unstructured":"Song, K., Tan, X., Qin, T., Lu, J., Liu, T.Y.: MPNet: masked and permuted pre-training for language understanding. In: Advances in Neural Information Processing Systems, vol. 33, pp. 16857\u201316867. Curran Associates, Inc. (2020). https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2020\/file\/c3a690be93aa602ee2dc0ccab5b7b67e-Paper.pdf"},{"key":"5_CR24","doi-asserted-by":"publisher","unstructured":"Tan, J., Bauer, L., Christin, N., Cranor, L.F.: Practical recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blocklist requirements. CCS \u201920, pp. 1407\u20131426. Association for Computing Machinery, New York, NY, USA (2020). https:\/\/doi.org\/10.1145\/3372297.3417882","DOI":"10.1145\/3372297.3417882"},{"key":"5_CR25","doi-asserted-by":"publisher","unstructured":"Thomas, K., et al.: Data breaches, phishing, or malware? Understanding the risks of stolen credentials. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201917, pp. 1421\u20131434. Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3133956.3134067","DOI":"10.1145\/3133956.3134067"},{"key":"5_CR26","doi-asserted-by":"publisher","unstructured":"Wang, D., Cheng, H., Wang, P., Yan, J., Huang, X.: A security analysis of honeywords. In: Network and Distributed System Security (NDSS) Symposium 2018, pp. 1\u201316, October 2018. https:\/\/doi.org\/10.14722\/ndss.2018.12345","DOI":"10.14722\/ndss.2018.12345"},{"key":"5_CR27","unstructured":"Wang, D., Wang, P., He, D., Tian, Y.: Birthday, name and bifacial-security: understanding passwords of Chinese web users. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1537\u20131555. USENIX Association, Santa Clara, CA, August 2019. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/wang-ding"},{"key":"5_CR28","doi-asserted-by":"publisher","unstructured":"Wang, D., Zhang, Z., Wang, P., Yan, J., Huang, X.: Targeted online password guessing: an underestimated threat. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201916, pp. 1242\u20131254. Association for Computing Machinery, New York, NY, USA (2016). https:\/\/doi.org\/10.1145\/2976749.2978339","DOI":"10.1145\/2976749.2978339"},{"key":"5_CR29","doi-asserted-by":"publisher","unstructured":"Wang, D., Zou, Y., Dong, Q., Song, Y., Huang, X.: How to attack and generate honeywords. In: 2022 IEEE Symposium on Security and Privacy (S &P), pp. 966\u2013983 (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833598","DOI":"10.1109\/SP46214.2022.9833598"},{"key":"5_CR30","doi-asserted-by":"publisher","unstructured":"Weir, M., Aggarwal, S., Medeiros, B.d., Glodek, B.: Password cracking using probabilistic context-free grammars. In: 2009 30th IEEE Symposium on Security and Privacy (S &P), pp. 391\u2013405 (2009). https:\/\/doi.org\/10.1109\/SP.2009.8","DOI":"10.1109\/SP.2009.8"},{"key":"5_CR31","unstructured":"Wheeler, D.L.: zxcvbn: Low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 157\u2013173. USENIX Association, Austin, TX, August 2016. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/wheeler"},{"key":"5_CR32","doi-asserted-by":"publisher","unstructured":"Xu, M., Wang, C., Yu, J., Zhang, J., Zhang, K., Han, W.: Chunk-level password guessing: towards modeling refined password composition representations. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. CCS \u201921, pp. 5\u201320. Association for Computing Machinery, New York, NY, USA (2021). https:\/\/doi.org\/10.1145\/3460120.3484743","DOI":"10.1145\/3460120.3484743"},{"key":"5_CR33","unstructured":"Yang, Z., Dai, Z., Yang, Y., Carbonell, J., Salakhutdinov, R.R., Le, Q.V.: XLNet: generalized autoregressive pretraining for language understanding. In: Advances in Neural Information Processing Systems, vol. 32. Curran Associates, Inc. (2019). https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2019\/file\/dc6a7e655d7e5840e66733e9ee67cc69-Paper.pdf"},{"key":"5_CR34","unstructured":"Yu, F.: Raising the bar for password crackers: improving the quality of honeywords with deep neural networks. Master\u2019s thesis, Ontario Tech University, Oshawa, Canada (2022). https:\/\/ir.library.ontariotechu.ca\/bitstream\/handle\/10155\/1593\/Yu_Fangyi.pdf?sequence=1 &isAllowed=y"},{"key":"5_CR35","doi-asserted-by":"publisher","unstructured":"Yu, F., Vargas Martin, M.: GNPassGAN: improved generative adversarial networks for trawling offline password guessing. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 10\u201318 (2022). https:\/\/doi.org\/10.1109\/EuroSPW55150.2022.00009","DOI":"10.1109\/EuroSPW55150.2022.00009"},{"key":"5_CR36","doi-asserted-by":"publisher","unstructured":"Yu, F., Vargas Martin, M.: HoneyGAN: creating indistinguishable honeywords with improved generative adversarial networks. In: Lenzini, G., Meng, W. (eds.) STM 2022. LNCS, vol. 13867, pp. 189\u2013198. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-29504-1_11","DOI":"10.1007\/978-3-031-29504-1_11"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-35504-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,4]],"date-time":"2023-07-04T23:04:03Z","timestamp":1688511843000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-35504-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031355035","9783031355042"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-35504-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"10 June 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hamburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva2023.de\/org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"43","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}