Skip to main content
SpringerLink
Log in

Generating Human-Like Motion to Defeat Interaction-Based CAPTCHAs

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2 (FTC 2022 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 560))

Included in the following conference series:

Abstract

As more companies implement CAPTCHA systems to try to prevent automated attacks, CAPTCHA creators are increasingly using machine learning to try to filter out unwanted traffic. These systems are increasingly important in the development and maintenance of many web-based applications. As machine learning has evolved, so have the detection methods to block automated web traffic. As a result, some image-based CAPTCHAs are being replaced with systems that analyze mouse movements of the user to identify how likely it is that the user is human. In this research, we develop and evaluate a 2-layer convolutional neural network driven framework that generates human-like motions. These types of movements are tracked by some CAPTCHA systems. We demonstrate that the framework’s automatically generated movement paths can effectively and efficiently trick a classifier trained on features that are extracted from paths generated by humans. Using a 2-feature classifier as a CAPTCHA that was trained to recognize 91% of the human paths as valid human paths from our dataset, we are able to successfully bypass the CAPTCHA 89.25% of the time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Recaptchareverser (2014)

    Google Scholar 

  2. Akrout, I., Feriani, A., Akrout, M.: Hacking google recaptcha v3 using reinforcement learning, March 2019

    Google Scholar 

  3. Alam, S., Dobbie, G., Koh, Y.S., Riddle, P.: Web bots detection using particle swarm optimization based clustering. In: 2014 IEEE Congress on Evolutionary Computation (CEC), pp. 2955–2962. IEEE (2014)

    Google Scholar 

  4. AlNoamany, Y.A., Weigle, M.C., Nelson, M.L.: Access patterns for robots and humans in web archives. In: Proceedings of the 13th ACM/IEEE-CS Joint Conference on Digital Libraries, pp. 339–348 (2013)

    Google Scholar 

  5. Antal, M., Egyed-Zsigmond, E.: Mouse Dynamics - Measurements on the Balabit Data Set (2019)

    Google Scholar 

  6. Antal, M.: Intrusion detection using mouse dynamics. IET Biometrics 8, 285–294(9), September 2019

    Google Scholar 

  7. Artmann, D.: Natural Mouse Movements (2019). https://github.com/DaiCapra/Natural-Mouse-Movements-Neural-Networks

  8. Bai, Q., Xiong, G., Zhao, Y., He, L.: Analysis and detection of bogus behavior in web crawler measurement. Procedia Comput. Sci. 31, 1084–1091 (2014)

    Article  Google Scholar 

  9. Bursztein, E., Beauxis, R., Paskov, H., Perito, D., Fabry, C., Mitchell, J.: The failure of noise-based non-continuous audio captchas. In: 2011 IEEE Symposium on Security and Privacy, pp. 19–31 (2011)

    Google Scholar 

  10. Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving captchas? a large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy

    Google Scholar 

  11. Cabri, A., Suchacka, G., Rovetta, S., Masulli, F.: Online web bot detection using a sequential classification approach. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 1536–1540. IEEE (2018)

    Google Scholar 

  12. Chandavale, A.A., Sapkal, A.M., Jalnekar, R.M.: Algorithm to break visual captcha. In: 2009 Second International Conference on Emerging Trends in Engineering Technology, pp. 258–262 (2009)

    Google Scholar 

  13. Chellapilla, K., Larson, K., Simard, P.Y., Czerwinski, M.: Building Segmentation based human-friendly Human Interaction Proofs (HIPs). In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 1–26. Springer, Heidelberg (2005). https://doi.org/10.1007/11427896_1

    Chapter  Google Scholar 

  14. Chen, J., Luo, X., Guo, Y., Zhang, Y., Gong, D.: A survey on breaking technique of text-based captcha. Secur. Commun. Networks 2017, 6898617 (2017)

    Google Scholar 

  15. Chu, Z., Gianvecchio, S., Wang, H.: Bot or Human? A Behavior-Based Online Bot Detection System. In: Samarati, P., Ray, I., Ray, I. (eds.) From Database to Cyber Security. LNCS, vol. 11170, pp. 432–449. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04834-1_21

    Chapter  Google Scholar 

  16. Dewa, Z., Maglaras, L.A.: Data mining and intrusion detection systems. Int. J. Adv. Comput. Sci. Appl. 7(1), 62–71 (2016)

    Google Scholar 

  17. Dionysiou, A., Athanasopoulos, E.: Sok: machine vs. machine - a systematic classification of automated machine learning-based captcha solvers. Comput. Secur. 97, 101947 (2020)

    Google Scholar 

  18. Doran, D., Gokhale, S.S.: A classification framework for web robots. J. Am. Soc. Inf. Sci. Technol. 63(12), 2549–2554 (2012)

    Google Scholar 

  19. Doran, D., Gokhale, S.S.: An integrated method for real time and offline web robot detection. Expert Syst. 33(6), 592–606 (2016)

    Google Scholar 

  20. Fülöp, À., Kovács, T.K., Windhager-Pokol, E.: Balabit Mouse Dynamics Challenge data set (2016). https://github.com/balabit/Mouse-Dynamics-Challenge

  21. Hu, T., Niu, W., Zhang, X., Liu, X., Lu, J., Liu, Y.: An insider threat detection approach based on mouse dynamics and deep learning. Security and Communication Networks, February 2019

    Google Scholar 

  22. Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, V., Kompatsiaris, I.: Detection of advanced web bots by combining web logs with mouse behavioural biometrics. Digital Threats: Research and Practice 2(3), June 2021

    Google Scholar 

  23. Iliou, C., Kostoulas, T., Tsikrika, T., Katos, V., Vrochidis, S., Kompatsiaris, Y.: Towards a framework for detecting advanced web bots. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10 (2019)

    Google Scholar 

  24. Mori, G., Malik, J.: Recognizing objects in adversarial clutter: breaking a visual captcha. In: 2003 IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2003. Proceedings., vol. 1, p. I (2003)

    Google Scholar 

  25. Distil Networks. BAD BOT REPORT: The Bot Arms Race Continues (2019). https://resources.distilnetworks.com/white-paper-reports/bad-bot-report-2019

  26. Rovetta, S., Cabri, A., Masulli, F., Suchacka, G.: Bot or not? a case study on bot recognition from web session logs. In: Esposito, A., Faundez-Zanuy, M., Morabito, F.C., Pasero, E. (eds.) WIRN 2017 2017. SIST, vol. 103, pp. 197–206. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-95095-2_19

    Chapter  Google Scholar 

  27. Seyyar, M.B., Özgür Çatak, F., Gül, E.: Detection of attack-targeted scans from the apache http server access logs. Appl. Comput. Inf. 14(1), 28–36 (2018)

    Google Scholar 

  28. Sisodia, D.S., Verma, S., Vyas, O.P., et al.: Agglomerative approach for identification and elimination of web robots from web server logs to extract knowledge about actual visitors. J. Data Anal. Inf. Process. 3(01), 1 (2015)

    Google Scholar 

  29. Sivakorn, S., Polakis, J., Keromytis, A.D.: I’m not a human: Breaking the google recaptcha (2016)

    Google Scholar 

  30. Starostenko, O., Cruz-Perez, C., Uceda-Ponga, F., Alarcon-Aquino, V.: Breaking text-based captchas with variable word and character orientation. Pattern Recogn. 48(4), 1101–1112 (2015)

    Article  Google Scholar 

  31. Stevanovic, D., An, A., Vlajic, N.: Feature evaluation for web crawler detection with data mining techniques. Expert Syst. Appl. 39(10), 8707–8717 (2012)

    Article  Google Scholar 

  32. Stevanovic, D., Vlajic, N., An, A.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Appl. Soft Comput. 13(1), 698–708 (2013)

    Article  Google Scholar 

  33. Tam, J., Simsa, J., Hyde, S., Ahn, L.V.: Breaking audio captchas. In: Advances in Neural Information Processing Systems, pp. 1625–1632 (2009)

    Google Scholar 

  34. Tang, M., Gao, H., Zhang, Y., Liu, Y., Zhang, P., Wang, P.: Research on deep learning techniques in breaking text-based captchas and designing image-based captcha. IEEE Trans. Inf. Forensics Secur. 13(10), 2522–2537 (2018)

    Article  Google Scholar 

  35. Wang, P.J.: [tensorflow] ch4: Support vector machines (2018)

    Google Scholar 

  36. Yan, J., El Ahmad, A.S.: Breaking visual captchas with naive pattern recognition algorithms. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 279–291 (2007)

    Google Scholar 

  37. Zabihimayvan, M., Sadeghi, R., Rude, H.N., Doran, D.: A soft computing approach for benign and malicious web robot detection. Expert Syst. Appl. 87, 129–140 (2017)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Colorado Colorado Springs, Colorado Springs, CO, 80918, USA

    Matthew Moore & Kristen R. Walcott

Authors
  1. Matthew Moore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kristen R. Walcott
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kristen R. Walcott .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moore, M., Walcott, K.R. (2023). Generating Human-Like Motion to Defeat Interaction-Based CAPTCHAs. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2. FTC 2022 2022. Lecture Notes in Networks and Systems, vol 560. Springer, Cham. https://doi.org/10.1007/978-3-031-18458-1_15

Download citation

Publish with us

Policies and ethics

Search

Navigation