Types Of CAPTCHAs Research Articles

Extended Research on the Security of Visual Reasoning CAPTCHA

CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based and traditional image-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing new CAPTCHAs by utilizing some other hard Artificial Intelligence (AI) problems. Recently, some commercial companies (Tencent, NetEase, Geetest, etc.) have begun deploying a new type of CAPTCHA based on visual reasoning to defend against bots. As a newly proposed CAPTCHA, it is therefore natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper explores the security of visual reasoning CAPTCHAs. We proposed a modular attack and evaluated it on six different real-world visual reasoning CAPTCHAs, which achieved overall success rates ranging from 79.2% to 98.6%. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Then, we summarize some guidelines for designing better visual-based CAPTCHAs, and based on the lessons we learned from our attacks, we propose a new CAPTCHA based on commonsense knowledge (CsCAPTCHA) and show its security and usability experimentally.

Devanagari CAPTCHA: For the Security in Web

Completely Automated Public Turing Test to Tell Computers and Humans Apart or CAPTCHA is a solution for cyber-attack. CAPTCHA is a small challenge that an internet user has to pass before accessing any online service. The most common type of CAPTCHA is text-based CAPTCHA, in which a small image (contains a random number of alphabets) is presented before the user. The user has to identify and then type the alphabet in a text box. The textual information in the CAPTCHA must not be identified by a bot (computer code). So, artificial noise and distortion are applied in the image. Earlier text-based schemes use English alphabets, but over time non-English language-based text CAPTCHAs also came into the picture. Native language-based text CAPTCHA is very useful for internet users who do not know the English language. This article is an effort towards the current status of the Devanagari script-based CAPTCHAs. We have analyzed 28 unique Devanagari CAPTCHAs from a security and usability point of view. Total 28000 different samples are collected for this experiment. For the success of a text-based CAPTCHA, it must be very secure from the bot and easy for human beings. Devanagari CAPTCHA can be very beneficial for Indian websites. This paper is written by keeping the importance of Devanagari script-based CAPTCHA.

Decoding the animated text-based captchas to verify their robustness against automated attacks

In order to protect the web against automated attacks, CAPTCHAs are most widely used mechanism on the internet. Numerous types of CAPTCHAs are introduced due to weaknesses in the earlier designs. Animated CAPTCHAs are one of the design alternatives. Instead of presenting the whole information at once, animated CAPTCHAs present information in various frames over the specific interval of time. As CATPCHAs are ubiquitously used to avoid the serious threats from bots therefore it is important to verify their effectiveness. In this research we have verified their robustness against machine learning attacks. It has been proved that adding the extra time dimension does not necessarily ensure protection against automated attacks. We have attacked the Hello CAPTCHA scheme, which is the most popular animated CAPTCHA scheme available on the internet. By applying novel image processing and machine learning techniques, these CAPTCHAs are decoded with high precision. A pre-trained CNN is used to recognize the extracted characters. In this research, 6 popular types of animated CAPTCHAs along with 41 sub types were successfully deciphered with an overall precision of up to 99.5 %.

Deep Learning based CAPTCHA Solver for Vulnerability Assessment

Captcha or Completely Automated Public Turing test to tell Computers and Humans Apart. Almost every website now has process of checking whether the website is being crawled by some sort of automated bots or not. Earlier there was too much attacks on the website using bots which used to cause a lot of harm to the big companies through Denial-of-Service attacks. CAPTCHA helped websites a lot in preventing the attacks via bots but now the world is much more advanced and with some lines of codes attackers can break distinct types of captchas and that is what this project is. This project proves the point that now captchas are just a matter of hindrance that decreases the human experience with the various websites as even sometimes they cannot enter the captcha that a bot can easily break and waste the valuable time of human. This project “Deep Learning based CAPTCHA solver for Vulnerability Assessment” proves this point by breaking the various sorts of captchas like numerical, alphanumerical, circle captcha, captcha v2 etc. with noise like line, dots, etc. The above stated points are proved by getting fairly good accuracies. LSTM based Convolutional neural network is used for this purpose; some captchas were easy to break with only a few layers while some took pretty big networks..

CAPTCHAs in reality: What might happen if they are easily broken?

This research paper explains the potential impact when CAPTCHAs become easy for attackers to solve. A literature review has been done on the different types of CAPTCHAs as well as the different methods present to break the CAPTCHAs. But data regarding the effect that CAPTCHAs have had when they have been attacked and broken is scarce. CAPTCHAs are deployed mainly to secure sites or apps but there are particular disadvantages which make them not only less beneficial to the owners of the sites or apps but also to the humans who need to solve them. These disadvantages are also in the form of vulnerabilities which prove beneficial to the attackers who can easily make use of the vulnerabilities to break the CAPTCHAs. It has been found that the impact of these attacks, in reality, has not been mentioned in previous studies. The impact prompts for advanced CAPTCHAs which solve the problems with the CAPTCHAs we have today.

BASECASS: A methodology for CAPTCHAs security assurance

Today, much of the interaction between clients and providers has moved to the Internet. Some tricksters have also learned to benefit from this new situation. New improved cons, tricks and deceptions can be found on-line. Many of these deceptions are only profitable if they are done at a large scale. In order to achieve these large numbers of interactions, these attacks require automation.CAPTCHAs/HIPs are a relatively new security mechanism against automated attacks. They try to detect when the other end of the interaction is a human or a computer program (a bot). However, CAPTCHA/HIP design is still in its initial conception as the stream of successful attacks highlight it.This paper focuses on the design of CAPTCHAs and if there is a way in which to assess a basic level of security for new CAPTCHA designs. To do so, we first review main attacks to different types of CAPTCHAs and then, we describe BASECASS, a methodology that can help in avoiding some of these design pitfalls. The application of the methodology is exemplified in three attacks to CAPTCHAs and how following the methodology designers could have avoided them.

Design and Development of Sindhi Text Based CAPTCHAs for Regional Websites

Bots are created to use the resources maliciously on World Wide Web. The misuse of the resources could be prevented by employing CAPTCHAs. Several types of CAPTCHAs are being used against the bots (robot) attacks but text-based CAPTCHA type is the most popular being very secured and easy to use. Latin language based text CAPTCHAs can be found ubiquitously on Internet but English text based CAPTCHAs are already decoded by many researchers. Thus, a novel Sindhi language based text CAPTCHA was proposed for regional websites where Arabic style script was utilized. This scheme offered two fold benefits: first, the proposed scheme could easily be understood by averagely literate person; second, this scheme paved a way for Arabic style OCR developers to understand Sindhi language specific features and facilitate Sindhi text recognition in future. A survey was also conducted to analyze the usability and strength of proposed CAPTCHA.

A Flattering Robopocalypse

A Flattering Robopocalypse

Deciphering complex text-based CAPTCHAs with deep learning

Background: CAPTCHA is a mechanism to distinguish humans from bots. It has become standard means of protection from the misuse of resources on World Wide Web. Different types of CAPTCHAs are implemented but text-based schemes are the most widely used due to its easiness and robustness. A user is asked to type in the text from an image. The image is intentionally distorted to dodge the bots. Recognizing the text is easy for humans but very hard for computers. Method/Findings: In this work, a text-based CAPTCHA scheme with background clutter and partially connected characters is decoded. The main steps consist on preprocessing, segmentation and recognition. Several digital image processing techniques were applied during preprocessing, segmentation steps and convolutional neural network (CNN) was used for recognition process. Since massive data is required for CNN therefore data was generated synthetically. A complex text-based CAPTCHA scheme with varying number of letters: 3, 4 and 5 letters is decoded with the overall precision of 77.5%, 64.2% and 51.9% respectively. Keywords: CAPTCHAs; HIPs; image processing; machine learning; CNN

Использование доменно-состязательного обучения для распознавания текстовых капч

Nowadays the problem of legal regulation of automatic collection of information from sites is being actively solved. This means that interest in tools and programs for automatic data collection is growing and that's why interest in automatic programs for solving CAPTCHA («Completely Automated Public Turing test to tell Computers and Humans Apart») is increasing too. In spite of сreation of more advanced types of captcha, nowadays text captcha is quite common. For instance, such large services as Yandex, Google, Wikipedia, VK continue to use them. There are many methods of breaking text captchas in literature, however, it should be noted that most of them have a limitation to priori know the length of the text on the image, which is not always the case in the real world. Also, many methods are multi-stage, which brings additional inconvenience to their implementation and application. Moreover, some methods use a large number of labeled pictures for training, but in reality, to collect data one has to be able to solve captchas from different sites. Respectively, manually labeling dozens of thousands of examples for training for each new type of captcha is an unrealistically difficult action. In this paper we propose a one-step algorithm of attack on text captchas. This approach does not require a priori knowledge of the text's length on the image. It has been shown experimentally that the usage of this algorithm in conjunction with the adversarial learning method allows one to achieve high quality on real data, using the low number (200-500) of labeled examples for training. An experimental comparison of the developed method with modern analogs showed that using the same number of real examples for training, our algorithm shows a comparable or higher quality, while it has a higher speed of working and training.

Recognition of Text CAPTCHA by using Back Propagation Algorithm of Artificial Neural network

Text-based CAPTCHA is a very simple type of CAPTCHA which are most widely used. It uses only a group of characters. In this paper, we focus on how Text based CAPTCHA is recognized by machine learning techniques. This paper proposed a method based on Back Propagation algorithm to identify the Text based CAPTCHA. The proposed technique improves the security level of Text-based CAPTCHA storage system by using the Back-propagation method of Artificial Neural Network. We used NNToolbox to train the network in MATLAB software

VIKAS: A new virtual keyboard based simple and efficient text CAPTCHA verification scheme

Nowadays online transactions are becoming ubiquitous that must be protected from bots using different techniques, and CAPTCHA is one of them. Text-CAPTCHA preferred due to its simplicity amongst different types of CAPTCHAs. Text-CAPTCHA can be strengthened by adding some distortion to prevent bot-attacks but cause usability issues for humans. This results in multiple attempts by a user to gain access to the required service and may give frustration to the user. Hence, there is a need to design CAPTCHA which is easy for humans to recognise but difficult for bots. This paper proposes virtual keyboard-based simple and efficient text-CAPTCHA verification scheme (VIKAS) that makes CAPTCHA verification easy for humans but difficult for bots. VIKAS uses simple text-CAPTCHA and verifies the same using positions of the keys pressed by the user using an image-based virtual keyboard. VIKAS is sustainable against segmentation scheme, replay attacks and possible attacks with keyloggers.

Understanding of the Cyber Security and the Development of CAPTCHA

CAPTCHA is the abbreviation of "Completely Automated Public Turing Test to Tell Computers and Humans Apart", which is a program algorithm for distinguishing between computers and humans. It is able to generate and evaluate tests that are easy for human to pass yet are not possible for computers to. Common CAPTCHA generally contains symbols, text, pictures, and even videos, which is mainly used for human-computer verification. With the popularization of the Internet and its related applications, many malicious attacks against websites, systems and servers gradually appear. Therefore, the research on CAPTCHA is especially important. This article will briefly summarize and introduce the existing CAPTCHA technology, and summarizes the common problems of network attacks and information security. After listing the common type of CAPTCHA, it will finally propose feasible suggestions for the development of CAPTCHA.

RECURSO DE INTERFACE CAPTCHA

Com o intuito de impedir que computadores enviem mensagens automáticas se passando por usuários reais, desenvolvedores tem utilizado o recurso de interface CAPTCHA para distinguir o preenchimento de dados e submissões realizadas por humanos e por máquinas. Este trabalho apresenta as principais modalidades de CAPTCHAs e discute as implicações na usabilidade. Para tanto, foram aplicados questionários e realizados testes de usabilidade em três modalidades de CAPTCHA. Verificou-se que, embora os usuários tenham consciência da importância do uso do CAPTCHA como ferramenta de segurança, percebeu-se que tal recurso compromete a usabilidade, gerando insatisfação e em alguns casos, a desistência da realização da tarefa.

Exploring the influence of CAPTCHA types to the users response time by statistical analysis

CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. It is a test program that solves a given task for preventing the attacks made by automatic programs. If the response to CAPTCHA is correct, then the program classifies the user as a human. This paper introduces a new analysis of the impact of different CAPTCHAs to the Internet user’s response time. It overcomes the limitations of the previous approaches in the state-of-the-art. In this sense, different types of CAPTCHAs are presented and described. Furthermore, an experiment is conducted, which is based on two populations of Internet users for text and image-based CAPTCHA types, differentiated by demographic features, such as age, gender, education level and Internet experience. Each user is required to solve the different types of CAPTCHA, and the response time to solve the CAPTCHAs is registered. The obtained results are statistically processed by Mann-Whitney U and Pearson’s correlation coefficient tests. They analyze 7 different hypotheses which evaluate the response time in dependence of gender, age, education level and Internet experience, for the different CAPTCHA types. It represents an invaluable study in the literature to predict the best use of a given CAPTCHA for specific types of Internet users.

Development of two novel face-recognition CAPTCHAs: A security and usability study

CAPTCHAs are challenge-response tests that aim at preventing unwanted machines, including bots, from accessing web services while providing easy access for humans. Recent advances in artificial-intelligence based attacks show that the level of security provided by many state-of-the-art text-based CAPTCHAs is declining. At the same time, techniques for distorting and obscuring the text, which are used to maintain the level of security, make text-based CAPTCHAs difficult to solve for humans, and thereby further degrade usability. The need for developing alternative types of CAPTCHAs that improve both the current security and the usability levels has been emphasized widely.With this study, we contribute to research through (1) the development of two new face recognition CAPTCHAs (Farett-Gender and Farett-Gender&Age), (2) the security analysis of both procedures, and (3) the provision of empirical evidence that one of the suggested CAPTCHAs (Farett-Gender) is similar to Google's reCAPTCHA and better than KCAPTCHA concerning effectiveness (error rates), superior to both regarding learnability and satisfaction but not efficiency.

Labeled-Image CAPTCHA: concept of a secured and universally useful CAPTCHA

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used online security tool that ensures that a computer program is not posing as a human user. While smart programs with advanced image processing capability have already cracked picture based captcha systems there is a need for making the test harder. This paper presents a design prototype of a simplified type of labeled-image captcha where a picture of a common animal or household item is marked with a number of different labels and the users will be asked to provide the correct label for specific parts of the picture. Due to human’s familiarity with body shapes and part names of such common pictures, they will easily identify a specific organ/parts of the picture. Such labeled-image captcha tests are expected to be very easy for human users regardless of their culture, age, gender, educational background and other discriminations but tough for the bots and automated computer programs.

CAPTCHA and its Alternatives: A Review

AbstractNowadays, because of the undeniable impact of the Internet on all aspects of human life, security preserving has received more attention. To reach an acceptable level of security, Completely Automatic Public Turing test to tell Computer and Human Apart or simply CAPTCHA as a security preserving tool has been tailored for situations that need to prevent bots from doing a specific action; for example, signing up and downloading. Simultaneously, it should be also designed in such a way to allow humans to perform the same action. Despite its advantageous applications, there are several important issues such as security, usability, and accessibility that make its use controversial. In this paper, attempts were made to do a comprehensive review on various aspects and state‐of‐the‐art of CAPTCHA in general and its alternatives in particular to help researchers easily focus on specific issues for the sake of proposing new solutions and ideas. Regarding the advancement in CAPTCHA development, new classifications were proposed to categorize different variations of CAPTCHAs and their problems and then compare them. Moreover, different types of CAPTCHAs' alternatives were classified and evaluated by introducing several proposed measures. This evaluation could come in handy for future studies that aim to develop new techniques for overcoming current deficiencies. Copyright © 2014 John Wiley & Sons, Ltd.

CAPTCHA: A SECURITY MEASURE AGAINST SPAM ATTACKS

A CAPTCHA is challenge response test used to ensure that the response is generated by humans. CAPTCHA test are administrator by machines to differentiate between humans and machine. Because of this reason CAPTCHAs are also known as the Reverse Turing Test as contrast to Turing Test which is administrated by humans. CAPCHA is used as a simple puzzle, which restricts various automated programs (also known as internet-bots) to sign-up e-mail accounts, cracking passwords, spam sending etc. A common type of CAPTCHA requires user to recognize the letters from a distorted image, since normal human can easily recognize the CAPTCHA, while that particular text cannot be recognized by bot. In short CAPTCHA program challenges the automated program, which trying to access private data. So, CAPTCHA helps in preventing the access of personal mail accounts by some unauthorized automated spamming programs.

Design and Comparison of Advanced Color based Image CAPTCHAs

CAPTCHA is a technology which has its base in a test called the Turing Test. Alan Turing, proposed this test as a way to examine whether or not machines can think or appear to think like humans. The main purpose of a CAPTCHA is to block form submissions from spam botsthat is automated scripts. Various types of CAPTCHAs are used, which mostly requires users to enter the strings of characters that appear in distorted form on the screen. These types of distorted stings are unable to understand by bots but human can. The CAPTCHA types are either text based or image based. In this paper, a new color based CAPTCHA is described, which provides color based images to human and human will answer to interrogator with color name or so on the question asked during turing test. These colored images can have single color image, more than one color image or it can have images with objects (like monitor, car, flower etc). For these types of questions, the computer machine will be unable to answer and it means unable to break CAPTCHA. This paper describes in detail the proposed CAPTCHA technology principle, method of implementation, variations and comparison of the accuracy rates. We conducted various experiments to measure the viability and usability of this CAPTCHA approach. An accuracy of 100%, 95% and 90% is observed with single color, multi color and color image based CAPTCHAs respectively.