Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished th...Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas,including captchas from tencent.com, google.com, and 12306.cn. Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services. Our evaluation results show that(1) each of the popular image captchas that we study is vulnerable to our attacks;(2) our attacks yield the highest captcha-breaking success rate compared with state-of-the-art methods in almost all scenarios; and(3) our attacks achieve almost as high a success rate as human labor while being much faster.Based on our evaluation, we identify some design flaws in these popular schemes, along with some best practices and design principles for more secure captchas. We also examine the underground market for captcha-solving services, identifying 152 such services. We then seek to measure this underground market with data from these services. Our findings shed light on understanding the scale, impact, and commercial landscape of the underground market for captcha solving.展开更多
Enhancing website security is crucial to combat malicious activities,and CAPTCHA(Completely Automated Public Turing tests to tell Computers and Humans Apart)has become a key method to distinguish humans from bots.Whil...Enhancing website security is crucial to combat malicious activities,and CAPTCHA(Completely Automated Public Turing tests to tell Computers and Humans Apart)has become a key method to distinguish humans from bots.While text-based CAPTCHAs are designed to challenge machines while remaining human-readable,recent advances in deep learning have enabled models to recognize them with remarkable efficiency.In this regard,we propose a novel two-layer visual attention framework for CAPTCHA recognition that builds on traditional attention mechanisms by incorporating Guided Visual Attention(GVA),which sharpens focus on relevant visual features.We have specifically adapted the well-established image captioning task to address this need.Our approach utilizes the first-level attention module as guidance to the second-level attention component,incorporating two LSTM(Long Short-Term Memory)layers to enhance CAPTCHA recognition.Our extensive evaluation across four diverse datasets—Weibo,BoC(Bank of China),Gregwar,and Captcha 0.3—shows the adaptability and efficacy of our method.Our approach demonstrated impressive performance,achieving an accuracy of 96.70%for BoC and 95.92%for Webo.These results underscore the effectiveness of our method in accurately recognizing and processing CAPTCHA datasets,showcasing its robustness,reliability,and ability to handle varied challenges in CAPTCHA recognition.展开更多
Improving website security to prevent malicious online activities is crucial,and CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart)has emerged as a key strategy for distinguishing huma...Improving website security to prevent malicious online activities is crucial,and CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart)has emerged as a key strategy for distinguishing human users from automated bots.Text-based CAPTCHAs,designed to be easily decipherable by humans yet challenging for machines,are a common form of this verification.However,advancements in deep learning have facilitated the creation of models adept at recognizing these text-based CAPTCHAs with surprising efficiency.In our comprehensive investigation into CAPTCHA recognition,we have tailored the renowned UpDown image captioning model specifically for this purpose.Our approach innovatively combines an encoder to extract both global and local features,significantly boosting the model’s capability to identify complex details within CAPTCHA images.For the decoding phase,we have adopted a refined attention mechanism,integrating enhanced visual attention with dual layers of Long Short-Term Memory(LSTM)networks to elevate CAPTCHA recognition accuracy.Our rigorous testing across four varied datasets,including those from Weibo,BoC,Gregwar,and Captcha 0.3,demonstrates the versatility and effectiveness of our method.The results not only highlight the efficiency of our approach but also offer profound insights into its applicability across different CAPTCHA types,contributing to a deeper understanding of CAPTCHA recognition technology.展开更多
全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于...全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于CAPTCHA识别,LSTM型RNN实质上是一维RNN,而文本型CAPTCHA为二维图像.提出使用二维RNN对CAPTCHA进行识别.二维RNN能够很好的将特征提取同识别相结合,同时具有较好的上下文保持特性,从而更适合文本型CAPTCHA识别.同时为了进一步提高识别的可靠性,提出一种基于支持向量机(Support vector machine,SVM)的拒识策略,实验结果表明二维RNN较一维RNN能够获得更好的识别率,并且新的拒识策略较其他拒识策略取得更好的拒识效果.展开更多
CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. Thi...CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. This article starts from the recognition of CAPTCHAs, then analyses the weaknesses in its design and gives corresponding recognition proposals according to various weaknesses, finally offers suggestions related to the improvement of CAPTCHAs. Firstly, this article briefly introduces the basic steps during the decoding process and their principles. And during each step we choose methods which are better adapted to the features of different CAPTCHA images. Methods chosen are as followings: bimodal method in binarization, improved corrosion algorithm in denoising, projection segmentation method in denoised image processing and SVM in recognition. Then, we demonstrate detailed process through the samples taken from the online registration system of ICBC, show the recognition effect and correct the results according to the statistical data in the process. This article decodes CAPTCHAS from three other large banks in the same way but just provides the recognition results. Finally, this article offers targeted suggestions to the four banks based on the recognition effect and analysis process stated above.展开更多
As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and ...As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and improve the security of CAPTCHA.Recently,many studies have shown that improving the image preprocessing effect of the CAPTCHA,which can achieve a better recognition rate by the state-of-theart machine learning algorithms.There are many kinds of noise and distortion in the CAPTCHA images of this experiment.We propose an adaptive median filtering algorithm based on divide and conquer in this paper.Firstly,the filtering window data quickly sorted by the data correlation,which can greatly improve the filtering efficiency.Secondly,the size of the filtering window is adaptively adjusted according to the noise density.As demonstrated in the experimental results,the proposed scheme can achieve superior performance compared with the conventional median filter.The algorithm can not only effectively detect the noise and remove it,but also has a good effect in preservation details.Therefore,this algorithm can be one of the most strong tools for various CAPTCHA image recognition and related applications.展开更多
基金supported by the National Natural Science Foundation of China (Nos. 61772466 and U1836202)the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars (No. LR19F020003)+1 种基金the Provincial Key Research and Development Program of Zhejiang Province (No. 2017C01055)the Alibaba-ZJU Joint Research Institute of Frontier Technologies
文摘Image captchas have recently become very popular and are widely deployed across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision have gradually diminished the security of image captchas and made them vulnerable to attack. In this paper, we first classify the currently popular image captchas into three categories: selection-based captchas, slide-based captchas, and click-based captchas. Second, we propose simple yet powerful attack frameworks against each of these categories of image captchas. Third, we systematically evaluate our attack frameworks against 10 popular real-world image captchas,including captchas from tencent.com, google.com, and 12306.cn. Fourth, we compare our attacks against nine online image recognition services and against human labors from eight underground captcha-solving services. Our evaluation results show that(1) each of the popular image captchas that we study is vulnerable to our attacks;(2) our attacks yield the highest captcha-breaking success rate compared with state-of-the-art methods in almost all scenarios; and(3) our attacks achieve almost as high a success rate as human labor while being much faster.Based on our evaluation, we identify some design flaws in these popular schemes, along with some best practices and design principles for more secure captchas. We also examine the underground market for captcha-solving services, identifying 152 such services. We then seek to measure this underground market with data from these services. Our findings shed light on understanding the scale, impact, and commercial landscape of the underground market for captcha solving.
基金supported by the National Natural Science Foundation of China(Nos.U22A2034,62177047)High Caliber Foreign Experts Introduction Plan funded by MOST,and Central South University Research Programme of Advanced Interdisciplinary Studies(No.2023QYJC020).
文摘Enhancing website security is crucial to combat malicious activities,and CAPTCHA(Completely Automated Public Turing tests to tell Computers and Humans Apart)has become a key method to distinguish humans from bots.While text-based CAPTCHAs are designed to challenge machines while remaining human-readable,recent advances in deep learning have enabled models to recognize them with remarkable efficiency.In this regard,we propose a novel two-layer visual attention framework for CAPTCHA recognition that builds on traditional attention mechanisms by incorporating Guided Visual Attention(GVA),which sharpens focus on relevant visual features.We have specifically adapted the well-established image captioning task to address this need.Our approach utilizes the first-level attention module as guidance to the second-level attention component,incorporating two LSTM(Long Short-Term Memory)layers to enhance CAPTCHA recognition.Our extensive evaluation across four diverse datasets—Weibo,BoC(Bank of China),Gregwar,and Captcha 0.3—shows the adaptability and efficacy of our method.Our approach demonstrated impressive performance,achieving an accuracy of 96.70%for BoC and 95.92%for Webo.These results underscore the effectiveness of our method in accurately recognizing and processing CAPTCHA datasets,showcasing its robustness,reliability,and ability to handle varied challenges in CAPTCHA recognition.
基金supported by the National Natural Science Foundation of China(Nos.U22A2034,62177047)High Caliber Foreign Experts Introduction Plan funded by MOST,and Central South University Research Programme of Advanced Interdisciplinary Studies(No.2023QYJC020).
文摘Improving website security to prevent malicious online activities is crucial,and CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart)has emerged as a key strategy for distinguishing human users from automated bots.Text-based CAPTCHAs,designed to be easily decipherable by humans yet challenging for machines,are a common form of this verification.However,advancements in deep learning have facilitated the creation of models adept at recognizing these text-based CAPTCHAs with surprising efficiency.In our comprehensive investigation into CAPTCHA recognition,we have tailored the renowned UpDown image captioning model specifically for this purpose.Our approach innovatively combines an encoder to extract both global and local features,significantly boosting the model’s capability to identify complex details within CAPTCHA images.For the decoding phase,we have adopted a refined attention mechanism,integrating enhanced visual attention with dual layers of Long Short-Term Memory(LSTM)networks to elevate CAPTCHA recognition accuracy.Our rigorous testing across four varied datasets,including those from Weibo,BoC,Gregwar,and Captcha 0.3,demonstrates the versatility and effectiveness of our method.The results not only highlight the efficiency of our approach but also offer profound insights into its applicability across different CAPTCHA types,contributing to a deeper understanding of CAPTCHA recognition technology.
文摘全自动开放式人机区分图灵测试(CAPTCHA)是基于人工智能领域开放性问题而设计的网络安全技术,CAPTCHA识别是该研究领域的重要分支.长短时记忆(Long Short Term Memory,LSTM)型递归神经网络(Recurrent Neural Network,RNN)已被成功应用于CAPTCHA识别,LSTM型RNN实质上是一维RNN,而文本型CAPTCHA为二维图像.提出使用二维RNN对CAPTCHA进行识别.二维RNN能够很好的将特征提取同识别相结合,同时具有较好的上下文保持特性,从而更适合文本型CAPTCHA识别.同时为了进一步提高识别的可靠性,提出一种基于支持向量机(Support vector machine,SVM)的拒识策略,实验结果表明二维RNN较一维RNN能够获得更好的识别率,并且新的拒识策略较其他拒识策略取得更好的拒识效果.
文摘CAPTCHA is a completely automated program designed to distinguish whether the user is a computer or human. As the problems of Internet security are worsening, it is of great significance to do research on CAPTCHA. This article starts from the recognition of CAPTCHAs, then analyses the weaknesses in its design and gives corresponding recognition proposals according to various weaknesses, finally offers suggestions related to the improvement of CAPTCHAs. Firstly, this article briefly introduces the basic steps during the decoding process and their principles. And during each step we choose methods which are better adapted to the features of different CAPTCHA images. Methods chosen are as followings: bimodal method in binarization, improved corrosion algorithm in denoising, projection segmentation method in denoised image processing and SVM in recognition. Then, we demonstrate detailed process through the samples taken from the online registration system of ICBC, show the recognition effect and correct the results according to the statistical data in the process. This article decodes CAPTCHAS from three other large banks in the same way but just provides the recognition results. Finally, this article offers targeted suggestions to the four banks based on the recognition effect and analysis process stated above.
基金This work is supported by the National Natural Science Foundation of China(No.61772561)the Key Research&Development Plan of Hunan Province(No.2018NK2012)+2 种基金the Postgraduate Research and Innovation Project of Hunan Province(No.CX2018B447)the Postgraduate Science and Technology Innovation Foundation of Cent ral South University of Forestry and Technology(20183027)the Key Laboratory for Dig ital Dongting Lake Basin of Hunan Province.
文摘As the first barrier to protect cyberspace,the CAPTCHA has made significant contributions to maintaining Internet security and preventing malicious attacks.By researching the CAPTCHA,we can find its vulnerability and improve the security of CAPTCHA.Recently,many studies have shown that improving the image preprocessing effect of the CAPTCHA,which can achieve a better recognition rate by the state-of-theart machine learning algorithms.There are many kinds of noise and distortion in the CAPTCHA images of this experiment.We propose an adaptive median filtering algorithm based on divide and conquer in this paper.Firstly,the filtering window data quickly sorted by the data correlation,which can greatly improve the filtering efficiency.Secondly,the size of the filtering window is adaptively adjusted according to the noise density.As demonstrated in the experimental results,the proposed scheme can achieve superior performance compared with the conventional median filter.The algorithm can not only effectively detect the noise and remove it,but also has a good effect in preservation details.Therefore,this algorithm can be one of the most strong tools for various CAPTCHA image recognition and related applications.
