Abstract
As more companies implement CAPTCHA systems to try to prevent automated attacks, CAPTCHA creators are increasingly using machine learning to try to filter out unwanted traffic. These systems are increasingly important in the development and maintenance of many web-based applications. As machine learning has evolved, so have the detection methods to block automated web traffic. As a result, some image-based CAPTCHAs are being replaced with systems that analyze mouse movements of the user to identify how likely it is that the user is human. In this research, we develop and evaluate a 2-layer convolutional neural network driven framework that generates human-like motions. These types of movements are tracked by some CAPTCHA systems. We demonstrate that the framework’s automatically generated movement paths can effectively and efficiently trick a classifier trained on features that are extracted from paths generated by humans. Using a 2-feature classifier as a CAPTCHA that was trained to recognize 91% of the human paths as valid human paths from our dataset, we are able to successfully bypass the CAPTCHA 89.25% of the time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Recaptchareverser (2014)
Akrout, I., Feriani, A., Akrout, M.: Hacking google recaptcha v3 using reinforcement learning, March 2019
Alam, S., Dobbie, G., Koh, Y.S., Riddle, P.: Web bots detection using particle swarm optimization based clustering. In: 2014 IEEE Congress on Evolutionary Computation (CEC), pp. 2955–2962. IEEE (2014)
AlNoamany, Y.A., Weigle, M.C., Nelson, M.L.: Access patterns for robots and humans in web archives. In: Proceedings of the 13th ACM/IEEE-CS Joint Conference on Digital Libraries, pp. 339–348 (2013)
Antal, M., Egyed-Zsigmond, E.: Mouse Dynamics - Measurements on the Balabit Data Set (2019)
Antal, M.: Intrusion detection using mouse dynamics. IET Biometrics 8, 285–294(9), September 2019
Artmann, D.: Natural Mouse Movements (2019). https://github.com/DaiCapra/Natural-Mouse-Movements-Neural-Networks
Bai, Q., Xiong, G., Zhao, Y., He, L.: Analysis and detection of bogus behavior in web crawler measurement. Procedia Comput. Sci. 31, 1084–1091 (2014)
Bursztein, E., Beauxis, R., Paskov, H., Perito, D., Fabry, C., Mitchell, J.: The failure of noise-based non-continuous audio captchas. In: 2011 IEEE Symposium on Security and Privacy, pp. 19–31 (2011)
Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving captchas? a large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy
Cabri, A., Suchacka, G., Rovetta, S., Masulli, F.: Online web bot detection using a sequential classification approach. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 1536–1540. IEEE (2018)
Chandavale, A.A., Sapkal, A.M., Jalnekar, R.M.: Algorithm to break visual captcha. In: 2009 Second International Conference on Emerging Trends in Engineering Technology, pp. 258–262 (2009)
Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Building Segmentation based human-friendly Human Interaction Proofs (HIPs). In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 1–26. Springer, Heidelberg (2005). https://doi.org/10.1007/11427896_1
Chen, J., Luo, X., Guo, Y., Zhang, Y., Gong, D.: A survey on breaking technique of text-based captcha. Secur. Commun. Networks 2017, 6898617 (2017)
Chu, Z., Gianvecchio, S., Wang, H.: Bot or Human? A Behavior-Based Online Bot Detection System. In: Samarati, P., Ray, I., Ray, I. (eds.) From Database to Cyber Security. LNCS, vol. 11170, pp. 432–449. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04834-1_21
Dewa, Z., Maglaras, L.A.: Data mining and intrusion detection systems. Int. J. Adv. Comput. Sci. Appl. 7(1), 62–71 (2016)
Dionysiou, A., Athanasopoulos, E.: Sok: machine vs. machine - a systematic classification of automated machine learning-based captcha solvers. Comput. Secur. 97, 101947 (2020)
Doran, D., Gokhale, S.S.: A classification framework for web robots. J. Am. Soc. Inf. Sci. Technol. 63(12), 2549–2554 (2012)
Doran, D., Gokhale, S.S.: An integrated method for real time and offline web robot detection. Expert Syst. 33(6), 592–606 (2016)
Fülöp, À., Kovács, T.K., Windhager-Pokol, E.: Balabit Mouse Dynamics Challenge data set (2016). https://github.com/balabit/Mouse-Dynamics-Challenge
Hu, T., Niu, W., Zhang, X., Liu, X., Lu, J., Liu, Y.: An insider threat detection approach based on mouse dynamics and deep learning. Security and Communication Networks, February 2019
Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, V., Kompatsiaris, I.: Detection of advanced web bots by combining web logs with mouse behavioural biometrics. Digital Threats: Research and Practice 2(3), June 2021
Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, S., Kompatsiaris, Y.: Towards a framework for detecting advanced web bots. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10 (2019)
Mori, G., Malik, J.: Recognizing objects in adversarial clutter: breaking a visual captcha. In: 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings., vol. 1, p. I (2003)
Distil Networks. BAD BOT REPORT: The Bot Arms Race Continues (2019). https://resources.distilnetworks.com/white-paper-reports/bad-bot-report-2019
Rovetta, S., Cabri, A., Masulli, F., Suchacka, G.: Bot or not? a case study on bot recognition from web session logs. In: Esposito, A., Faundez-Zanuy, M., Morabito, F.C., Pasero, E. (eds.) WIRN 2017 2017. SIST, vol. 103, pp. 197–206. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-95095-2_19
Seyyar, M.B., Özgür Çatak, F., Gül, E.: Detection of attack-targeted scans from the apache http server access logs. Appl. Comput. Inf. 14(1), 28–36 (2018)
Sisodia, D.S., Verma, S., Vyas, O.P., et al.: Agglomerative approach for identification and elimination of web robots from web server logs to extract knowledge about actual visitors. J. Data Anal. Inf. Process. 3(01), 1 (2015)
Sivakorn, S., Polakis, J., Keromytis, A.D.: I’m not a human: Breaking the google recaptcha (2016)
Starostenko, O., Cruz-Perez, C., Uceda-Ponga, F., Alarcon-Aquino, V.: Breaking text-based captchas with variable word and character orientation. Pattern Recogn. 48(4), 1101–1112 (2015)
Stevanovic, D., An, A., Vlajic, N.: Feature evaluation for web crawler detection with data mining techniques. Expert Syst. Appl. 39(10), 8707–8717 (2012)
Stevanovic, D., Vlajic, N., An, A.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Appl. Soft Comput. 13(1), 698–708 (2013)
Tam, J., Simsa, J., Hyde, S., Ahn, L.V.: Breaking audio captchas. In: Advances in Neural Information Processing Systems, pp. 1625–1632 (2009)
Tang, M., Gao, H., Zhang, Y., Liu, Y., Zhang, P., Wang, P.: Research on deep learning techniques in breaking text-based captchas and designing image-based captcha. IEEE Trans. Inf. Forensics Secur. 13(10), 2522–2537 (2018)
Wang, P.J.: [tensorflow] ch4: Support vector machines (2018)
Yan, J., El Ahmad, A.S.: Breaking visual captchas with naive pattern recognition algorithms. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 279–291 (2007)
Zabihimayvan, M., Sadeghi, R., Rude, H.N., Doran, D.: A soft computing approach for benign and malicious web robot detection. Expert Syst. Appl. 87, 129–140 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Moore, M., Walcott, K.R. (2023). Generating Human-Like Motion to Defeat Interaction-Based CAPTCHAs. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-18458-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18457-4
Online ISBN: 978-3-031-18458-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)