Showing papers on "CAPTCHA published in 2023"

Deepfake CAPTCHA: A Method for Preventing Fake Calls

Abstract: Deep learning technology has made it possible to generate realistic content of specific individuals. These ‘deepfakes’ can now be generated in real-time which enables attackers to impersonate people over audio and video calls. Moreover, some methods only need a few images or seconds of audio to steal an identity. Existing defenses perform passive analysis to detect fake content. However, with the rapid progress of deepfake quality, this may be a losing game. In this paper, we propose D-CAPTCHA: an active defense against real-time deepfakes. The approach is to force the adversary into the spotlight by challenging the deepfake model to generate content which exceeds its capabilities. By doing so, passive detection becomes easier since the content will be distorted. In contrast to existing CAPTCHAs, we challenge the AI’s ability to create content as opposed to its ability to classify content. In this work we focus on real-time audio deepfakes and present preliminary results on video. In our evaluation we found that D-CAPTCHA outperforms state-of-the-art audio deepfake detectors with an accuracy of 91-100% depending on the challenge (compared to 71% without challenges). We also performed a study on 41 volunteers to understand how threatening current real-time deepfake attacks are. We found that the majority of the volunteers could not tell the difference between real and fake audio.

Improving the Security of Audio CAPTCHAs with Adversarial Examples

Abstract: CAPTCHAs (completely automated public Turing tests to tell computers and humans apart) have been the main protection against malicious attacks on public systems for many years. Audio CAPTCHAs, as one of the most important CAPTCHA forms, provide an effective test for visually impaired users. However, in recent years, most of the existing audio CAPTCHAs have been successfully attacked by machine learning-based audio recognition algorithms, showing their insecurity. In this paper, a generative adversarial network (GAN)-based method is proposed to generate adversarial audio CAPTCHAs. This method is implemented by using a generator to synthesize noise, a discriminator to make it similar to the target and a threshold function to limit the size of the perturbation; then, the synthetic perturbation is combined with the original audio to generate the adversarial audio CAPTCHA. The experimental results demonstrate that the addition of adversarial examples can greatly reduce the recognition accuracy of automatic models and improve the robustness of different types of audio CAPTCHAs. We also explore ensemble learning strategies to improve the transferability of the proposed adversarial audio CAPTCHA methods. To investigate the effect of adversarial CAPTCHAs on human users, a user study is also conducted.

Practicality analysis of utilizing text-based CAPTCHA vs. graphic-based CAPTCHA authentication

Abstract: CAPTCHA as "Completely Automated Public Turing test to tell Computers and Humans Apart" is becoming an essential tool to help reduce many automated security authentication attacks. This research focused on studying differences running text-based CAPTCHA vs. graphical-based CAPTCHA in a utilization applicable dominant practicality manner. The ordinary text-based CAPTCHA works simple to prevent automated submissions as thought of being relatively easy to exploit. On the other hand, graphic-based CAPTCHA can be more preferred from users side, but can be providing some complexities making clear tradeoff analysis need between its usability and security. Even though graphic-based CAPTCHA has been generally considered as improvement of text-based CAPTCHA with respect to security, its usage is still not common, raising a practicality gap needing some search for comparing the two methods side by side comprehensively involving usability applicability and cultural preference beside security. In this regard, this research contributes towards filling the gap in knowledge running thorough local experimentations for finding different CAPTCHA performance tradeoffs in terms of real statistical humanoid possibilities of practicality easiness, repetition secrecy, and configuration solving timing, that can be used as basis for conducting further techno improvement human-oriented research.

Extended Research on the Security of Visual Reasoning CAPTCHA

Abstract: CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based and traditional image-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing new CAPTCHAs by utilizing some other hard Artificial Intelligence (AI) problems. Recently, some commercial companies (Tencent, NetEase, Geetest, etc.) have begun deploying a new type of CAPTCHA based on visual reasoning to defend against bots. As a newly proposed CAPTCHA, it is therefore natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper explores the security of visual reasoning CAPTCHAs. We proposed a modular attack and evaluated it on six different real-world visual reasoning CAPTCHAs, which achieved overall success rates ranging from 79.2% to 98.6%. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Then, we summarize some guidelines for designing better visual-based CAPTCHAs, and based on the lessons we learned from our attacks, we propose a new CAPTCHA based on commonsense knowledge (CsCAPTCHA) and show its security and usability experimentally.

Searching for answers: prostate screening in a stretched NHS

Abstract: The UK National Screening Committee is due to review its advice on prostate cancer screening in the next year. At present anational screeningprogramme is not recommended. Prostate specific antigen (PSA) testing can miss cancers while leading to high rates of overdiagnosis, creating treatment harms without benefits to many. But do the benefits of screening nowoutweigh thepotential harms?Some researchers believe they do, thanks to technological advances, but the evidence is still unclear.

A Survey on Adversarial Perturbations and Attacks on CAPTCHAs

Abstract: The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) technique has been a topic of interest for several years. The ability of computers to recognize CAPTCHA has significantly increased due to the development of deep learning techniques. To prevent this ability from being utilised, adversarial machine learning has recently been proposed by perturbing CAPTCHA images. As a result of the introduction of various removal methods, this perturbation mechanism can be removed. This paper, thus, presents the first comprehensive survey on adversarial perturbations and attacks on CAPTCHAs. In particular, the art of utilizing deep learning techniques with the aim of breaking CAPTCHAs are reviewed, and the effectiveness of adversarial CAPTCHAs is discussed. Drawing on the reviewed literature, several observations are provided as part of a broader outlook of this research direction. To emphasise adversarial CAPTCHAs as a potential solution for current attacks, a set of perturbation techniques have been suggested for application in adversarial CAPTCHAs.

Designing a Secure Audio / Text Based Captcha Using Neural Network

Abstract: A CAPTCHA is used to reduce the misuse in the case of rising automated bots or software systems and also to avoid any corruption of the web services. The Captcha is used as solving a turing test problem by the users, before they get access to the software system. The paper discusses about the model that extracts the alphanumeric characters from either of audio or text-based captchas. Finally, the model's performance is found based on different parameters like accuracy level, specificity, precision etc.

Is Puzzle-Based CAPTCHA Secure Against Attacks Based on CNN?

Abstract: In recent years, unauthorized access to websites by bots has been on the rise. CAPTCHA, which distinguishes bots from humans, is widely used as a means of preventing automated access by bots. However, as bots have become more sophisticated, some bots have been able to break through CAPTCHAs with conventional difficulty. On the other hand, CAPTCHAs that prevent access by advanced bots are also difficult for humans, resulting in a trade-off between user convenience and the security against bots. In this paper, we verify that the instance of Capy Puzzle CAPTCHAs difficult for machines and easy for humans exists. As a first step, we designed a machine learning model that solves instances equivalent to Capy Puzzle CAPTCHA. This model detects the position of a piece from an instance image in which the piece is embedded in a background image. The model uses a Convolutional Neural Network (CNN) to detect the position of the piece from the instance image with an accuracy of 100%, which is higher than the accuracy of conventional methods. This shows the risk that the Capy Puzzle CAPTCHA can be easily broken through by machine learning. The instances that were considered difficult by the model were also difficult enough for humans.

Vulnerability analysis of captcha using Deep learning

Abstract: Several websites improve their security and avoid dangerous Internet attacks by implementing CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart), a type of verification to identify whether the end-user is human or a robot. The most prevalent type of CAPTCHA is text-based, designed to be easily recognized by humans while being unsolvable towards machines or robots. However, as deep learning technology progresses, development of convolutional neural network (CNN) models that predict text-based CAPTCHAs becomes easier. The purpose of this research is to investigate the flaws and vulnerabilities in the CAPTCHA generating systems in order to design more resilient CAPTCHAs. To achieve this, we created CapNet, a Convolutional Neural Network. The proposed platform can evaluate both numerical and alphanumerical CAPTCHAs

Cognitive CAPTCHA Password Reminder

Abstract: In recent years, the number of personal accounts assigned to one business user has been constantly growing. There could be as many as 191 individual login credentials used by an average employee, according to a 2017 study. The most recurrent problems associated with this situation faced by users are the strength of passwords and ability to recall them. Researchers have proven that “users are aware of what constitutes a secure password but may forgo these security measures in terms of more convenient passwords, largely depending on account type”. Reusing the same password across multiple platforms or creating one with dictionary words has also been proved to be a common practice amongst many. In this paper, a novel password-reminder scheme will be presented. The goal was that the user creates a CAPTCHA-like image with a hidden meaning, that only he or she can decode. The image must be in some way related to that individual’s memory or her/his unique knowledge or experience. With this image, being presented each time during logging in, the user is asked to associate a password consisting of two or more words and a number. If the image is selected properly and strong association with a person’s visual memory has been linked to it, the chances of recalling a lengthy password he/she created should not present a problem.

An Improved Text-Based and Image-Based CAPTCHA Based on Solving and燫esponse Time

Abstract: CAPTCHA is an acronym that stands for Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA), it is a good example of an authentication system that can be used to determine the true identity of any user. It serves as a security measure to prevent an attack caused by web bots (automatic programs) during an online transaction. It can come as text-based or image-based depending on the project and the programmer. The usability and robustness, as well as level of security, provided each of the varies and call for the development of an improved system. Hence, this paper studied and improved two different CAPTCHA systems (the text-based CAPTCHA and image-based CAPTCHA). The text-based and image-based CAPTCHA were designed using JavaScript. Response time and solving time are the two metrics used to determine the effectiveness and efficiency of the two CAPTCHA systems. The inclusion of response time and solving time improved the shortfall of the usability and robustness of the existing system. The developed system was tested using 200 students from the Federal College of Animal Health and Production Technology. The results of each of the participants, for the two CAPTCHAs, were extracted from the database and subjected to analysis using SPSS. The result shows that text-based CAPTCHA has the lowest average solving time (21.3333 s) with a 47.8% success rate while image-based CAPTCHA has the highest average solving time was 23.5138 s with a 52.8% success rate. The average response time for the image-based CAPTCHA was 2.1855 s with a 37.9% success rate lower than the text-based CAPTCHA response time (3.5561 s) with a 62.1% success rate. This indicates that the text-based CAPTCHA is more effective in terms of usability tests while image-based CAPTCHA is more efficient in terms of system responsiveness and recommended for potential users.

Captcha - метод машинного обучения и защиты сайта от ботов и спамеров

Abstract: Актуальность рассматриваемой в статье проблемы обусловлена тем, что растет количество web-ресурсов различных государственных организаций и коммерческих компаний в сети. Крупные и средние интернет-сервисы, web-порталы, почтовые серверы, а также банковские системы являются очень привлекательными площадками для действий злоумышлеников. Наиболее ивестный и применяемый способ организации интернет уловок – это имитация с помощью специальной программы (интернет-робота) действий человека. Для предотвращения такого вида обмана используют плагин Captcha. В статье проанализирован метод противодействия массовому сбору информации, рассмотрены варианты обсуждения, использования и применения Captcha. Captcha проста для людей, но трудна для «взлома».

Vulnerability of CAPTCHA Systems Using Bots with Computer Vision Abilities

Abstract: CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. They are machine-controlled challenge-response tests used to determine when the user is a human or an automatic program (bot). Attacks perpetrated by malicious bots are one of the most common problems in web systems. To counter these attacks, CAPTCHA systems can be implemented. However, the growth of technologies such as Artificial Vision has caused many of the CAPTCHAS systems to be broken very easily. On the other hand, the implementation of automated processes in computer security has marked an additional complement in the process of searching for vulnerabilities in web systems. In this context, this article aims to automate searching tasks and analyze web systems vulnerabilities through Robotic Process Automation (RPA) tools and artificial vision techniques. As part of the bot development, the UiPath tool in its Community Edition version and the Google Cloud Platform API for artificial vision techniques were used. In the results, the functioning of the developed bot was systematically evaluated by broken the CAPTCHA system based on images of a test page. This proposal is intended to demonstrate that CAPTCHA systems, specifically of the hCAPTCHA type, can be broken using artificial vision techniques in conjunction with the automated processes of a bot.

A Transformer-Based Network with Character-Level Masks for CAPTCHA Recognition

Abstract: Text-based CAPTCHA recognition remains a hot research topic in artificial intelligence and Internet security. The end-to-end deep learning model, which simultaneously localizes and recognizes the character, has recently become the mainstream framework to solve CAPTCHAs. However, prior works are still limited in generalization ability when the training set is relatively small, and the performance achieved on some CAPTCHA schemes remains to be improved. In this paper, we introduce a transformer-based model that uses a novel self-attention mechanism with character-level masks to solve text-based CAPTCHAs. This mechanism enables the encoder and decoder to learn the effective representation of the non-semantic character sequence. Experimental results show that our model has superior generalization ability, even when the training set contains only 600 samples. Meanwhile, our model significantly improves the robustness to different CAPTCHA schemes, achieving a high accuracy above 90% on five representative CAPTCHAs deployed on popular websites.

zxCAPTCHA: New Security-Enhanced CAPTCHA

Abstract: Automated attacks using CNN (Convolutional Neural Network), ML (Machine Learning), and DNN (Deep Neural Network have been successful in bypassing traditional CAPTCHAs. However, Deep Learning techniques, adversarial examples and style neural transfer, have been shown to be particularly effective in protecting CAPTCHAs. In this study, the authors proposed zxCAPTCHA, a new CAPTCHA that combines cognitive-based, image-based, and text-based CAPTCHA characteristics with Deep Learning techniques to improve security. Extensive evaluations were conducted to assess the improvement of the CAPTCHA security. The experiment shows that zxCAPTCHA considerably enhances the security while maintaining comparable usability. We also demonstrate the effectiveness of combining cognitive techniques and Deep Learning to improve CAPTCHA security.

Guarding Against Bots with Art: NST-based Deep Learning Approach for CAPTCHA Verification

Abstract: CAPTCHAs have become less effective in preventing automated bots from accessing internet services, owing to the increasing advancements in computer vision and machine learning. To overcome this challenge, this paper proposes a novel approach using Neural Style Transfer (NST) to generate complex and secure CAPTCHAs using VGG-16. Our approach produces visually challenging CAPTCHAs that are difficult for bots to identify and understand, thereby enhancing the security of internet services. The proposed approach utilizes a grid-like design, with 9 randomly selected images that are stylized using Neural Style Transfer, where the user is prompted to choose pictures that are visually similar to the separate images displayed. This not only makes the CAPTCHA more secure but also more user-friendly. We provide implementation details of our approach, including training and validation, and present experimental data demonstrating its efficacy in thwarting automated attacks. The proposed CAPTCHA system is not susceptible to similarity based attacks. The similarity index results returned the following values, MSE: 12934.04 RMSE:113.72 PSNR: 7.013. Our solution has the potential to provide internet services with higher levels of security against automated bots.

Farsi CAPTCHA Recognition Using Attention-Based Convolutional Neural Network

Abstract: Getting around CAPTCHAs is essential for stopping fraudulent online activity. The creation of efficient CAPTCHA-breaking algorithms in the context of Persian can help safeguard Farsi-speaking users from a variety of online dangers and enhance their overall online experience. This study offers a novel method for recognizing Persian CAPTCHAs, which was developed and tested on a large and distinctive dataset. Our approach to Farsi CAPTCHA recognition leverages deep learning models, specifically a combination of the TPS-Resnet-BiLSTM-ATTN model, which surpasses other approaches and breaks Farsi CAPTCHAs with the highest possible accuracy. We have achieved amazing results with promising implications for boosting the security and usability of many online services that depend on CAPTCHA authentication by delving deeply into the impact of attention modules on CAPTCHA recognition.

Style matching CAPTCHA: match neural transferred styles to thwart intelligent attacks

Abstract: Completely automated public turing test to tell computers and humans apart (CAPTCHA) is widely used to prevent malicious automated attacks on various online services. Text- and image-CAPTCHAs have shown broader acceptability due to usability and security factors. However, recent progress in deep learning implies that text-CAPTCHAs can easily be exposed to various fraudulent attacks. Thus, image-CAPTCHAs are getting research attention to enhance usability and security. In this work, the neural-style transfer (NST) is adapted for designing an image-CAPTCHA algorithm to enhance security while maintaining human performance. In NST-rendered image-CAPTCHAs, existing methods inquire a user to identify or localize the salient object (e.g., content) which is solvable effortlessly by off-the-shelf intelligent tools. Contrarily, we propose a Style Matching CAPTCHA (SMC) that asks a user to select the style image which is applied in the NST method. A user can solve a random SMC challenge by understanding the semantic correlation between the content and style output as a cue. The performance in solving SMC is evaluated based on the 1368 responses collected from 152 participants through a web-application. The average solving accuracy in three sessions is 95.61%; and the average response time for each challenge per user is 6.52 s, respectively. Likewise, a Smartphone Application (SMC-App) is devised using the proposed method. The average solving accuracy through SMC-App is 96.33%, and the average solving time is 5.13 s. To evaluate the vulnerability of SMC, deep learning-based attack schemes using Convolutional Neural Networks (CNN), such as ResNet-50 and Inception-v3 are simulated. The average accuracy of attacks considering various studies on SMC using ResNet-50 and Inception-v3 is 37%, which is improved over existing methods. Moreover, in-depth security analysis, experimental insights, and comparative studies imply the suitability of the proposed SMC.

Prevention of Spambot Injection in Web form on Cloud Platform

Abstract: The primary goal of this Research is to identify preventative measures to halt spam that may occur in web applications hosted on cloud platforms. Many intrusion-based tactics, such as bot spamming in a cloud computing environment, can be used to spam web forms. Attackers frequently deploy spam-bots in advance modules as one of their methods for spamming cloud-hosted websites. A method of intrusion prevention is required to prevent these kinds of problematic situations from occurring in various ways. In the modern era, adding a honeypot field to the form is commonplace along with the captcha technique, which, while reducing the amount of spam, isn't entirely eliminating it. The goal of this project is to find a solution to problems that honeypot and captcha cannot solve. This can be overcome by generating a dynamic token and place it in the front end on the webpage. This prevents the spam bot from injecting the bad leads in the web form.

CNN Combined with FC Classifier to Combat Artificial Penta-Digit Text-Based Captcha

Abstract: Captcha technology has grown in popularity along with the growth of the Internet. The completely automated public Turing test to tell computers and humans apart uses captcha technology to discriminate between humans and robots. The most common type of CAPTCHA is text-based. The majority of CAPTCHAs that use text have been broken. However, prior research has primarily relied on complex and ineffective preparation methods to attack text CAPTCHAs. This study builds a deep CNN network model that can recognize a 5-character text captcha by researching captcha recognition technology.

Captcha recognition using dcnn

Abstract: Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is an important human-machine distinction technology for websites to prevent the automatic malicious program attack. CAPTCHA recognition studies can find security breaches in CAPTCHA technology By using the concept of deep learning and computer vision, the very purpose of the CAPTCHAs can be defeated. This test can be passed automatically with the help of Convolutional Neural networks(CNN). A CNN is an algorithm of deep learning which takes an image as input and then assigns some value to various features in the image which further helps to differentiate one feature from the other. Its main purpose is to transform the images into a form which is much easier to process, without losing features which are essential for getting an optimized prediction. The proposed system for this project is to expand this CAPTCHA recognition system for larger and more noisy CAPTCHA containing all the symbols possible, a method based on the Deep Convolutional Neural Network (DCNN) model to identify CAPTCHA and avoid the traditional image processing technology such as location and segmentation. The adaptive learning rate is introduced to accelerate the convergence rate of the model, and the problem of over fitting and local optimal solution has been solved. The multi task joint training model is used to improve the accuracy and generalization ability of model recognition. The experimental results show that the model has a good recognition effect on CAPTCHA with background noise and character adhesion distortion. The future scope of this project lies in technologies where more noisier images can be processed such as license plates, handwriting recognition etc.

Web Authentication Biometric 3D Animated CAPTCHA System Using Artificial Intelligence and Machine Learning Approach

Abstract: The internet and web security are integral aspects of our daily lives. Many commercial firms provide clients with internet services. For web access, it is assumed that only the genuine user, who is a human, will register. Yet automated hacking programs can also do registrations with fake data that consume a lot of bandwidth, slowing down or occasionally even shutting down websites, leading to Distributed denial-of-service (DDOS) attacks. Completely Automated Public Turing test to tell Computers and Human Apart (CAPTCHA) is the solution. Complex CAPTCHA is challenging for humans to recognize, but simple CAPTCHA is simple for AI to decipher. With the developments in neural networks and machine learning bots are mimicking humans and it is becoming difficult to distinguish humans and bots apart. This generated a need to think of some more innovative and novel CAPTCHA. Now, utilizing the same AIML approach to increase the efficacy of CAPTCHA and make it stronger against the bot attack. Biometric 3D Animated (B3DA) Algorithm proposed in this research is a novel approach based on the Face Detection AI algorithm along with handwritten 3D animated characters selected randomly to create a string which makes CAPTCHA simple that humans can identify but very difficult for bots. The test results have proven this to be a very robust CAPTCHA. The machine learning algorithm employed will keep on increasing the efficacy of this CAPTCHA each time the bot tries to break this.

Breaking CAPTCHA system with minimal exertion through deep learning: Real-time risk assessment on Indian government websites

Abstract: CAPTCHAs are used to prevent computer bots from launching spam attacks and automatically extracting data available in the websites. The government websites mostly contain sensitive data related to citizens and assets of the country, and the vulnerability to its captcha systems raises a major security challenge. The proposed work focuses on the real-time captcha systems used by the government websites of India and identifies the risks level. To effectively analyze its captcha security, we concentrate on the problem from an attacker’s perspective. From the viewpoint of an attacker, building an effective solver to breach the captcha security system from scratch with limited feature engineering knowledge of text and image processing is a challenge. Neural network models are useful in automated feature extraction, and a simple model can be trained with a minimum number of manually annotated real captchas. Along with popular text captchas, government websites of India use text instructions based captchas. We analyze an effective neural network pipeline for solving text captchas. The text instructions captchas are relatively new, and the work provides novel end-to-end neural network architectures to break different types of text instructions captchas. The proposed models achieve more than 80% accuracy, and on a desktop GPU, has a maximum inference speed of 1.063 seconds.The study comes up with an ecosystem and procedure to rate the overall risk of a captcha system used on a website. We observe that concerning the importance of available information on these government websites, the effort required to solve the captcha systems by an attacker is alarming.

Deep learning captcha recognition for mobile based on TensorFlow

Abstract: As the most common captcha, text captcha can prevent others from maliciously using computer programs to log in or attack, and is an important safeguard in Internet authentication. In recent years, with the development of the Internet, the field of artificial intelligence has also developed at a high speed, and convolutional neural networks are widely used in various fields. In this context, for the common problem of character-based captcha recognition, this paper investigates captcha recognition based on a deep learning neural network framework used by the TensorFlow framework with modifications based on the VGG16 convolutional neural network. The 4-digit captcha randomly composed of 64 characters is then converted into an image, and after operations such as image processing and encoding of the captcha, a large number of training sets are generated and the recognition of the captcha is done by the convolutional neural network. Finally, the design GUI interface is deployed to mobile devices with a final accuracy rate of 85% on the test set.

Optimized Recognition Of CAPTCHA Through Attention Models

Abstract: Information retrieval from the CAPTCHA is a crucial part, this CAPTCHA always contains some unwanted information along with required information, so attention technique comes in handy to select such useful information discarding the unwanted part. The attention concept has become a very important part in the field of deep learning which uses Natural Language Processing(NLP) and Computer Vision(CV). Attention mechanism is rigorously used in OCR based applications which requires generating of selected information rather than every information available. Our work includes implementation of general, global and local Attention mechanisms used with two different models which were transfer learning model and the parameter search model. As OCR with attention technique is computationally costly it is required to optimize the entire process so we suggest optimized retrieval of information from CAPTCHA using parameter search algorithm. This retrieval includes using weights that reduced the training time from 4.03 minutes to 3.33 minutes and the number of training images which were used for training were reduced than before. We obtained the highest accuracy of 87.34% for general attention with parameter search model and local attention model with parameter search model proved to have less computation and less training time than the general attention with parameter search model.