A Pelican Algorithm-Based Method for Secure Honeyword Generation

Numerous studies in recent years have proposed various methods for generating honeywords, and several asymptotic research efforts have been conducted in this field. 

Erguler [14] proposed several methods for creating honeywords, including modifying passwords, using a dictionary, adding extra characters, utilizing system-generated honeywords, allowing user-generated honeywords, and combining these approaches. Based on user interface impact, they categorized these methods into two groups: Legacy-UI, which includes ChaIng-by-tail-tweaking and Hybrid generation methods, and Modified UI, featuring techniques like Take-a-tail and Random Pick.

Chakraborty and Mondal [15] introduced the Paired Distance Protocol (PDP), facilitating honeyword creation with an updated user interface. Users log in by providing a password and a username, which must consist of more than one character (t > 1) chosen from two digits (0-9) and letters (a-z).

In the study by Chang et al. [16], a " storage-index " method was proposed for generating honeywords using the actual passwords of current users, creating realistic honeywords that mimic existing system passwords.

In the study by Akif et al. [17], a method for creating honeywords includes the "evolving-password model," "user-profile model," and "append-secret model". The model of evolving passwords analyzes the frequency of password patterns to generate honeywords. The user-profile model uses various types of user data to create unique token sets. In the append-secret model, the user provides their username, password, and an additional secret to generate a random string, with H(password | result) stored in the password file.

Catuogno et al. [18] proposed using four approaches to create honeywords. The first set derives from user information, utilizing public personal questions to create a character and number database. The second set replicates a dictionary attack by altering the original password with three digits or characters. The third set consists of random honeywords from 500 common weak passwords, while the fourth set rearranges characters from the user ID to generate new honeywords.

Yasser et al. [19] proposed a honeyword generation method based on the music-inspired Harmony Search Algorithm (HSA), which improves the generation process and its properties. However, if the initial population lacks diversity, the method may require repeated executions, leading to wasted time and storage. Similarly, Brindtha et al. [20] introduced a swarm-based metaheuristic approach using the Meerkat Clan Algorithm to enhance the honeyword generation process and improve honeyword characteristics.

This part outlines the motivation and mathematical framework of the PA algorithm, which employs a group of "pelicans" representing potential solutions to an optimization problem. As Eq. (1) indicates, each pelican begins with a random position within the defined limits.

$x_{i j}=l_j+\operatorname{rand} \bullet u_j-l_j ; i=1, \ldots, N ; j=1, \ldots, m$                     (1)

where, $\mathrm{x}_{\mathrm{ij}}$ represents the jth variable value defined by the ith candidate solution, m signifies the count of problem variables, N denotes the total number of members in the population, $\mathrm{l}_{\mathrm{j}}$ is the lower limit for the jth variable, and $\mathrm{u}_{\mathrm{j}}$ is the upper limit for the jth variable in the problem, a rand is a random number ranging from [0, 1].

The pelican population in the proposed protected area is identified using a matrix with rows for potential solutions and columns for problem variable values, Eq. (2).

$X_{N \times m}=\left[\begin{array}{ccccc}X_{1,1} & \cdots & X_{1, j} & \cdots & X_{1, m} \\ \vdots & \ddots & \vdots & \ddots & \vdots \\ X_{i, 1} & \cdots & X_{i, j} & \cdots & X_{i, m} \\ \vdots & \ddots & \vdots & \ddots & \vdots \\ X_{N, 1} & \cdots & X_{N, j} & \cdots & X_{N, m}\end{array}\right] N \times m$           (2)

X represents the population matrix of the pelican species, while Xi refers to the ith individual pelican. The objective function results are derived by means of the objective function vector in Eq. (3).

$F=\left[\begin{array}{c}F 1 \\ \vdots \\ F i \\ \vdots \\ F N\end{array}\right] N \times 1=\left[\begin{array}{c}F(X 1) \\ \vdots \\ F(X i) \\ \vdots \\ F(X N)\end{array}\right] N \times 1$           (3)

The vector objective function is denoted by F, and F_i represents the objective function value of the ith candidate solution. These concepts, together with the pelican’s target-approaching strategy, are expressed in the corresponding Eq. (4).

$X_{i j}^{P i}=\left\{\begin{array}{lr}X i+\operatorname{rand} \cdot(P i-I \cdot X i, j), & \text { if } F p<F i \\ X i, j+\operatorname{rand} \cdot(X i j-P i), & \text { else }\end{array}\right.$              (4)

where, $\mathrm{X}_{\mathrm{ij}}^{P_1}$ represents the updated state of pelican I in the dimension j during phase $1 . \mathrm{I}$ is a random variable that can be set to one or two, $p_j$ denotes the target position in dimension $j$, and Fp indicates the value of the objective function. Effective updating helps the algorithm avoid moving into suboptimal regions by employing the updating type. This procedure is described using Eq. (5).

$X i=\left\{\begin{array}{l}X_i^{P 1} \\ X i, \quad \text { else }\end{array}\right. , F_i^{P i}<F_i$                  (5)

$\mathrm{X}_{\mathrm{i}}^{\mathrm{P}_1}$ is the ith pelican's updated status, while $\mathrm{F}_{\mathrm{i}}^{\mathrm{P}_1}$ Denotes the value of its objective function. The algorithm explores the nearby points around the pelican's position to find an improved solution. This hunting actions of pelicans is represented in Eq. (6).

$X_{i j}^{P 2}=X_{i j}+R \cdot\left(1-\frac{t}{T}\right) \cdot(2 \cdot$ rand -1$) \cdot X_{i j}$            (6)

The term $\mathrm{X}_{\mathrm{ij}}^{\mathrm{P}_2}$, refers to the updated position of the pelican (i) in dimension (j) during Phase 2. R is a constant with a value of 0.2, and the neighborhood radius around $\mathrm{xi}, \mathrm{j}$ is defined by R• (1-t/T), where T is the total allowed number of iterations, and t is the current iteration count. The term "R• (1-t/T)" indicates the radius of neighborhood population members, which is used for local searching near each member to achieve improved solutions. As the algorithm progresses, the coefficient "R• (1-t/T)" decreases, resulting in smaller neighborhood radii for each member.

In this phase, an efficient update mechanism is applied to accept or reject the pelican’s new position, as shown in Eq. (7).

$X_i=\left\{\begin{array}{l}X_i^{P 2} \\ X i, \quad \text { else }\end{array}\right. , F_i^{P 2}<F_i$             (7)

where, $\mathrm{X}_{\mathrm{i}}^{\mathrm{P} 2}$ is the pelican I in the new status e, and $\mathrm{F}_{\mathrm{i}}^{\mathrm{P} 2}$ is the value of the objective function.

Table 1. A sample of the generated tokens

6.5 The findings and discussions

Table 2 shows the values of the parameters, the experiments' outcomes, and an evaluation of the proposed honeyword generation technique and earlier approaches. The proposed system uses several significant parameters that impact its efficiency.

Table 2. The proposed system parameters range

To further validate the proposed system's flattening property, a security interpretation based on the honeyword distribution is provided. For each sugar word, the system generates 49 tokens, including one real password and 48 honeywords, all constructed to exhibit comparable similarity characteristics. Because each token is indistinguishable in structure and likelihood, an attacker selecting a token at random has a success probability of 1/49 (about 2%), which corresponds to ideal flatness. Furthermore, even if an attacker obtains partial knowledge of a token group, each candidate appears with equal frequency, limiting the probability of identifying the correct sugar word to 1/7 (about 14%). This analytical evaluation confirms that the proposed method achieves unconditional flatness without restrictive assumptions, in contrast to earlier honeyword generation techniques.