Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished th...Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas,including captchas from tencent.com, google.com, and 12306.cn. Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services. Our evaluation results show that(1) each of the popular image captchas that we study is vulnerable to our attacks;(2) our attacks yield the highest captcha-breaking success rate compared with state-of-the-art methods in almost all scenarios; and(3) our attacks achieve almost as high a success rate as human labor while being much faster.Based on our evaluation, we identify some design flaws in these popular schemes, along with some best practices and design principles for more secure captchas. We also examine the underground market for captcha-solving services, identifying 152 such services. We then seek to measure this underground market with data from these services. Our findings shed light on understanding the scale, impact, and commercial landscape of the underground market for captcha solving.展开更多
CAPTCHA is an acronym that stands for Completely Automated Public Turing Test to tell Computers and Humans Apart(CAPTCHA),it is a good example of an authentication system that can be used to determine the true identit...CAPTCHA is an acronym that stands for Completely Automated Public Turing Test to tell Computers and Humans Apart(CAPTCHA),it is a good example of an authentication system that can be used to determine the true identity of any user.It serves as a security measure to prevent an attack caused by web bots(automatic programs)during an online transaction.It can come as text-based or image-based depending on the project and the programmer.The usability and robustness,as well as level of security,provided each of the varies and call for the development of an improved system.Hence,this paper studied and improved two different CAPTCHA systems(the text-based CAPTCHA and image-based CAPTCHA).The textbased and image-based CAPTCHAwere designed using JavaScript.Response time and solving time are the two metrics used to determine the effectiveness and efficiency of the two CAPTCHA systems.The inclusion of response time and solving time improved the shortfall of the usability and robustness of the existing system.The developed system was tested using 200 students from the Federal College of Animal Health and Production Technology.The results of each of the participants,for the two CAPTCHAs,were extracted from the database and subjected to analysis using SPSS.The result shows that textbased CAPTCHAhas the lowest average solving time(21.3333 s)with a 47.8%success rate while image-based CAPTCHA has the highest average solving time was 23.5138 s with a 52.8%success rate.The average response time for the image-based CAPTCHA was 2.1855 s with a 37.9%success rate lower than the text-based CAPTCHA response time(3.5561 s)with a 62.1%success rate.This indicates that the text-based CAPTCHA is more effective in terms of usability tests while image-based CAPTCHA is more efficient in terms of system responsiveness and recommended for potential users.展开更多
全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于...全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于CAPTCHA识别,LSTM型RNN实质上是一维RNN,而文本型CAPTCHA为二维图像.提出使用二维RNN对CAPTCHA进行识别.二维RNN能够很好的将特征提取同识别相结合,同时具有较好的上下文保持特性,从而更适合文本型CAPTCHA识别.同时为了进一步提高识别的可靠性,提出一种基于支持向量机(Support vector machine,SVM)的拒识策略,实验结果表明二维RNN较一维RNN能够获得更好的识别率,并且新的拒识策略较其他拒识策略取得更好的拒识效果.展开更多
CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. Thi...CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. This article starts from the recognition of CAPTCHAs, then analyses the weaknesses in its design and gives corresponding recognition proposals according to various weaknesses, finally offers suggestions related to the improvement of CAPTCHAs. Firstly, this article briefly introduces the basic steps during the decoding process and their principles. And during each step we choose methods which are better adapted to the features of different CAPTCHA images. Methods chosen are as followings: bimodal method in binarization, improved corrosion algorithm in denoising, projection segmentation method in denoised image processing and SVM in recognition. Then, we demonstrate detailed process through the samples taken from the online registration system of ICBC, show the recognition effect and correct the results according to the statistical data in the process. This article decodes CAPTCHAS from three other large banks in the same way but just provides the recognition results. Finally, this article offers targeted suggestions to the four banks based on the recognition effect and analysis process stated above.展开更多
As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and ...As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and improve the security of CAPTCHA.Recently,many studies have shown that improving the image preprocessing effect of the CAPTCHA,which can achieve a better recognition rate by the state-of-theart machine learning algorithms.There are many kinds of noise and distortion in the CAPTCHA images of this experiment.We propose an adaptive median filtering algorithm based on divide and conquer in this paper.Firstly,the filtering window data quickly sorted by the data correlation,which can greatly improve the filtering efficiency.Secondly,the size of the filtering window is adaptively adjusted according to the noise density.As demonstrated in the experimental results,the proposed scheme can achieve superior performance compared with the conventional median filter.The algorithm can not only effectively detect the noise and remove it,but also has a good effect in preservation details.Therefore,this algorithm can be one of the most strong tools for various CAPTCHA image recognition and related applications.展开更多
Individuals and PCs(personal computers)can be recognized using CAPTCHAs(Completely Automated Public Turing test to distinguish Computers and Humans)which are mechanized for distinguishing them.Further,CAPTCHAs are int...Individuals and PCs(personal computers)can be recognized using CAPTCHAs(Completely Automated Public Turing test to distinguish Computers and Humans)which are mechanized for distinguishing them.Further,CAPTCHAs are intended to be solved by the people,but are unsolvable by the machines.As a result,using Convolutional Neural Networks(CNNs)these tests can similarly be unraveled.Moreover,the CNNs quality depends majorly on:the size of preparation set and the information that the classifier is found out on.Next,it is almost unmanageable to handle issue with CNNs.A new method of detecting CAPTCHA has been proposed,which simultaneously solves the challenges like preprocessing of images,proper segmentation of CAPTCHA using strokes,and the data training.The hyper parameters such as:Recall,Precision,Accuracy,Execution time,F-Measure(H-mean)and Error Rate are used for computation and comparison.In preprocessing,image enhancement and binarization are performed based on the stroke region of the CAPTCHA.The key points of these areas are based on the SURF feature.The exploratory outcomes show that the model has a decent acknowledgment impact on CAPTCHA with foundation commotion and character grip bending.展开更多
Recently,with the spread of online services involving websites,attack-ers have the opportunity to expose these services to malicious actions.To protect these services,A Completely Automated Public Turing Test to Tell ...Recently,with the spread of online services involving websites,attack-ers have the opportunity to expose these services to malicious actions.To protect these services,A Completely Automated Public Turing Test to Tell Computers and Humans Apart(CAPTCHA)is a proposed technique.Since many Arabic countries have developed their online services in Arabic,Arabic text-based CAPTCHA has been introduced to improve the usability for their users.More-over,there exist a visual cryptography(VC)technique which can be exploited in order to enhance the security of text-based CAPTCHA by encrypting a CAPTCHA image into two shares and decrypting it by asking the user to stack them on each other.However,as yet,the implementation of this technique with regard to Arabic text-based CAPTCHA has not been carried out.Therefore,this paper aims to implement an Arabic printed and handwritten text-based CAPTCHA scheme based on the VC technique.To evaluate this scheme,experi-mental studies are conducted,and the results show that the implemented scheme offers a reasonable security and usability levels with text-based CAPTCHA itself.展开更多
基金supported by the National Natural Science Foundation of China (Nos. 61772466 and U1836202)the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars (No. LR19F020003)+1 种基金the Provincial Key Research and Development Program of Zhejiang Province (No. 2017C01055)the Alibaba-ZJU Joint Research Institute of Frontier Technologies
文摘Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas,including captchas from tencent.com, google.com, and 12306.cn. Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services. Our evaluation results show that(1) each of the popular image captchas that we study is vulnerable to our attacks;(2) our attacks yield the highest captcha-breaking success rate compared with state-of-the-art methods in almost all scenarios; and(3) our attacks achieve almost as high a success rate as human labor while being much faster.Based on our evaluation, we identify some design flaws in these popular schemes, along with some best practices and design principles for more secure captchas. We also examine the underground market for captcha-solving services, identifying 152 such services. We then seek to measure this underground market with data from these services. Our findings shed light on understanding the scale, impact, and commercial landscape of the underground market for captcha solving.
文摘CAPTCHA is an acronym that stands for Completely Automated Public Turing Test to tell Computers and Humans Apart(CAPTCHA),it is a good example of an authentication system that can be used to determine the true identity of any user.It serves as a security measure to prevent an attack caused by web bots(automatic programs)during an online transaction.It can come as text-based or image-based depending on the project and the programmer.The usability and robustness,as well as level of security,provided each of the varies and call for the development of an improved system.Hence,this paper studied and improved two different CAPTCHA systems(the text-based CAPTCHA and image-based CAPTCHA).The textbased and image-based CAPTCHAwere designed using JavaScript.Response time and solving time are the two metrics used to determine the effectiveness and efficiency of the two CAPTCHA systems.The inclusion of response time and solving time improved the shortfall of the usability and robustness of the existing system.The developed system was tested using 200 students from the Federal College of Animal Health and Production Technology.The results of each of the participants,for the two CAPTCHAs,were extracted from the database and subjected to analysis using SPSS.The result shows that textbased CAPTCHAhas the lowest average solving time(21.3333 s)with a 47.8%success rate while image-based CAPTCHA has the highest average solving time was 23.5138 s with a 52.8%success rate.The average response time for the image-based CAPTCHA was 2.1855 s with a 37.9%success rate lower than the text-based CAPTCHA response time(3.5561 s)with a 62.1%success rate.This indicates that the text-based CAPTCHA is more effective in terms of usability tests while image-based CAPTCHA is more efficient in terms of system responsiveness and recommended for potential users.
文摘全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于CAPTCHA识别,LSTM型RNN实质上是一维RNN,而文本型CAPTCHA为二维图像.提出使用二维RNN对CAPTCHA进行识别.二维RNN能够很好的将特征提取同识别相结合,同时具有较好的上下文保持特性,从而更适合文本型CAPTCHA识别.同时为了进一步提高识别的可靠性,提出一种基于支持向量机(Support vector machine,SVM)的拒识策略,实验结果表明二维RNN较一维RNN能够获得更好的识别率,并且新的拒识策略较其他拒识策略取得更好的拒识效果.
文摘CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. This article starts from the recognition of CAPTCHAs, then analyses the weaknesses in its design and gives corresponding recognition proposals according to various weaknesses, finally offers suggestions related to the improvement of CAPTCHAs. Firstly, this article briefly introduces the basic steps during the decoding process and their principles. And during each step we choose methods which are better adapted to the features of different CAPTCHA images. Methods chosen are as followings: bimodal method in binarization, improved corrosion algorithm in denoising, projection segmentation method in denoised image processing and SVM in recognition. Then, we demonstrate detailed process through the samples taken from the online registration system of ICBC, show the recognition effect and correct the results according to the statistical data in the process. This article decodes CAPTCHAS from three other large banks in the same way but just provides the recognition results. Finally, this article offers targeted suggestions to the four banks based on the recognition effect and analysis process stated above.
基金This work is supported by the National Natural Science Foundation of China(No.61772561)the Key Research&Development Plan of Hunan Province(No.2018NK2012)+2 种基金the Postgraduate Research and Innovation Project of Hunan Province(No.CX2018B447)the Postgraduate Science and Technology Innovation Foundation of Cent ral South University of Forestry and Technology(20183027)the Key Laboratory for Dig ital Dongting Lake Basin of Hunan Province.
文摘As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and improve the security of CAPTCHA.Recently,many studies have shown that improving the image preprocessing effect of the CAPTCHA,which can achieve a better recognition rate by the state-of-theart machine learning algorithms.There are many kinds of noise and distortion in the CAPTCHA images of this experiment.We propose an adaptive median filtering algorithm based on divide and conquer in this paper.Firstly,the filtering window data quickly sorted by the data correlation,which can greatly improve the filtering efficiency.Secondly,the size of the filtering window is adaptively adjusted according to the noise density.As demonstrated in the experimental results,the proposed scheme can achieve superior performance compared with the conventional median filter.The algorithm can not only effectively detect the noise and remove it,but also has a good effect in preservation details.Therefore,this algorithm can be one of the most strong tools for various CAPTCHA image recognition and related applications.
文摘Individuals and PCs(personal computers)can be recognized using CAPTCHAs(Completely Automated Public Turing test to distinguish Computers and Humans)which are mechanized for distinguishing them.Further,CAPTCHAs are intended to be solved by the people,but are unsolvable by the machines.As a result,using Convolutional Neural Networks(CNNs)these tests can similarly be unraveled.Moreover,the CNNs quality depends majorly on:the size of preparation set and the information that the classifier is found out on.Next,it is almost unmanageable to handle issue with CNNs.A new method of detecting CAPTCHA has been proposed,which simultaneously solves the challenges like preprocessing of images,proper segmentation of CAPTCHA using strokes,and the data training.The hyper parameters such as:Recall,Precision,Accuracy,Execution time,F-Measure(H-mean)and Error Rate are used for computation and comparison.In preprocessing,image enhancement and binarization are performed based on the stroke region of the CAPTCHA.The key points of these areas are based on the SURF feature.The exploratory outcomes show that the model has a decent acknowledgment impact on CAPTCHA with foundation commotion and character grip bending.
文摘Recently,with the spread of online services involving websites,attack-ers have the opportunity to expose these services to malicious actions.To protect these services,A Completely Automated Public Turing Test to Tell Computers and Humans Apart(CAPTCHA)is a proposed technique.Since many Arabic countries have developed their online services in Arabic,Arabic text-based CAPTCHA has been introduced to improve the usability for their users.More-over,there exist a visual cryptography(VC)technique which can be exploited in order to enhance the security of text-based CAPTCHA by encrypting a CAPTCHA image into two shares and decrypting it by asking the user to stack them on each other.However,as yet,the implementation of this technique with regard to Arabic text-based CAPTCHA has not been carried out.Therefore,this paper aims to implement an Arabic printed and handwritten text-based CAPTCHA scheme based on the VC technique.To evaluate this scheme,experi-mental studies are conducted,and the results show that the implemented scheme offers a reasonable security and usability levels with text-based CAPTCHA itself.
