iCAPTCHA: The Next Generation of CAPTCHA Designed to Defend against 3rd Party Human Attacks
read more
Citations
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Tackling Application-layer DDoS Attacks
CAPTCHA and its Alternatives: A Review
A survey and analysis of current CAPTCHA approaches
ConnectionScore: a statistical technique to resist application-layer DDoS attacks
References
Ajax: A New Approach to Web Applications
Telling humans and computers apart automatically
Recognizing objects in adversarial clutter: breaking a visual CAPTCHA
A low-cost attack on a Microsoft captcha
Distortion estimation techniques in solving visual CAPTCHAs
Related Papers (5)
Frequently Asked Questions (13)
Q2. What is the purpose of the proposed CAPTCHA system?
As the first step towards defending against the growing threat of 3rd party human CAPTCHA attacks, the authors hope that the proposed iCAPTCHA system willencourage researchers and the security industry to develop more secure and reliable CAPTCHAs.
Q3. What can be done to reduce the false positive rate of iCAPTCHA?
The dynamic rejection threshold concept can be applied to both algorithm 1 and algorithm 2 to further reduce their false positive rate.
Q4. What is the true negative error rate of the dynamic threshold algorithm?
Since most human solver response times are consistently above the threshold of 3.35 seconds, this algorithm also detected all human solver attacks and provided a 0.0% false negative error rate.
Q5. How long does it take to solve iCAPTCHA?
The collected timing data shows that on average a user takes 8.08 seconds to solve a five character iCAPTCHA versus 6.21 seconds for a traditional CAPTCHA using the same image obfuscation style.
Q6. What is the procedure for displaying the CAPTCHA image?
Once the set of character buttons is displayed, the user must click on the button corresponding to the first character in the CAPTCHA image.
Q7. how many times will a user click on a test image?
Algorithm 1 – Single Slow Response Detection Algorithm: in their current iCAPTCHA implementation, if a test image text has n letters, a user will click n times and produce n percharacter-response times.
Q8. What is the main reason for the success of iCAPTCHA?
In addition to security, ease-of-use is critical for iCAPTCHA to be a successful and practical CAPTCHA replacement so the authors were pleased with these results.
Q9. What was the use of the 3rd party human solvers?
The 3rd party human solvers were two highly experienced CAPTCHA solvers that utilized Mozilla Firefox and a broadband connection.
Q10. What is the detection rate of the dynamic threshold algorithm?
For the first detection algorithm introduced in section IV.C, all of the 226 human solver responses have at least one interaction above the threshold D=3.35 seconds, so this algorithm detected all human solver attacks, which means the algorithm had a detection rate of 100% for their test dataset.
Q11. How many correct responses did the algorithm receive?
As shown in Table 2, this algorithm only had a 1.77% false positive error rate, i.e., the algorithm rejected only 4 correct responses out of 226 iCAPTCHA tests from legitimate users.
Q12. How many times did the attacker try to solve the iCAPTCHA test?
the authors set up a human-based attack as shown in Figure 7, which also solved 226 iCAPTCHA tests and generated 1130 per-character response time for human solver attacks (Ra).
Q13. How many times did the participants try iCAPTCHA?
Participants in the study were asked to try iCAPTCHA five times followed by two traditional CAPTCHAs that use the same image obfuscation style as iCAPTCHA.