skip to main content
10.1145/2046707.2046724acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Text-based CAPTCHA strengths and weaknesses

Published: 17 October 2011 Publication History

Abstract

We carry out a systematic study of existing visual CAPTCHAs based on distorted characters that are augmented with anti-segmentation techniques. Applying a systematic evaluation methodology to 15 current CAPTCHA schemes from popular web sites, we find that 13 are vulnerable to automated attacks. Based on this evaluation, we identify a series of recommendations for CAPTCHA designers and attackers, and possible future directions for producing more reliable human/computer distinguishers.

References

[1]
H. Bay, T. Tuytelaars, and L. Van Gool. Surf: Speeded up robust features. Computer Vision--ECCV 2006, pages 404--417, 2006.
[2]
E. Bursztein and S. Bethard. Decaptcha: breaking 75% of eBay audio CAPTCHAs. In Proceedings of the 3rd USENIX conference on Offensive technologies, page 8. USENIX Association, 2009.
[3]
E. Bursztein, S. Bethard, Fabry C., Dan Jurafsky, and John C. Mitchell. Design parameters and human-solvability of text-based captchas. To appears.
[4]
Elie Bursztein, Romain Bauxis, Hristo Paskov, Daniele Perito, Celine Fabry, and John C. Mitchell. The failure of noise-based non-continuous audio captchas. In Security and Privacy, 2011.
[5]
Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky, and Celine Fabry. How good are humans at solving captchas? a large scale evaluation. In Security and Privacy, 2010.
[6]
J. Canny. A computational approach to edge detection. Readings in computer vision: issues, problems, principles, and paradigms, 184:87--116, 1987.
[7]
K. Chellapilla, K. Larson, P.Y. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (hips). In CEAS, 2005.
[8]
K Chellapilla and P Simard. Using machine learning to break visual human interaction proofs. In MIT Press, editor, Neural Information Processing Systems (NIPS), 2004.
[9]
K. Chellapilla and P. Simard. Using machine learning to break visual human interaction proofs (HIPs). Advances in Neural Information Processing Systems, 17, 2004.
[10]
K. Chellapilla and P.Y. Simard. Using machine learning to break visual hips. In Conf. on Neural Information Processing Systems, NIPS 2004, 2004.
[11]
C. Cortes and V. Vapnik. Support-vector networks. Machine learning, 20(3):273--297, 1995.
[12]
B.V. Dasarathy. Nearest Neighbor (NN) Norms: NN Pattern Classification Techniques. 1991.
[13]
R.O. Duda and P.E. Hart. Use of the Hough transformation to detect lines and curves in pictures. Communications of the ACM, 15(1):11--15, 1972.
[14]
S. Geman and D. Geman. Stochastic relaxation, Gibbs distributions and the Bayesian restoration of images*. Journal of Applied Statistics, 20(5):25--62, 1993.
[15]
P. Golle. Machine learning attacks against the asirra captcha. In ACM CCS 2008, 2008.
[16]
C. Harris and M. Stephens. A combined corner and edge detector. In Alvey vision conference, volume 15, page 50. Manchester, UK, 1988.
[17]
S.Y. Huang, Y.K. Lee, G. Bell, and Z. Ou. A projection-based segmentation algorithm for breaking MSN and YAHOO CAPTCHAs. In Proceedings of the World Congress on Engineering, volume 1. Citeseer, 2008.
[18]
P Simard K Chellapilla, K Larson and M Czerwinski. Building segmentation based human- friendly human interaction proofs. In Springer-Verlag, editor, 2nd Int'l Workshop on Human Interaction Proofs, 2005.
[19]
Andrew Kirillov. aforge framework. http://www.aforgenet.com/framework/.
[20]
Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278--2324, 1998.
[21]
Yann Lecun. The mnist database of handwritten digits algorithm results. http://yann.lecun.com/exdb/mnist/.
[22]
B. Leibe, A. Leonardis, and B. Schiele. Robust object detection with interleaved categorization and segmentation. International Journal of Computer Vision, 77(1):259--289, 2008.
[23]
D.G. Lowe. Object recognition from local scale-invariant features. In iccv, page 1150. Published by the IEEE Computer Society, 1999.
[24]
O. Matan, C.J.C. Burges, and J.S. Denker. Multi-digit recognition using a space displacement neural network. Advances in Neural Information Processing Systems, pages 488--488, 1993.
[25]
Moni Naor. Verification of a human in the loop or identification via the turing test. Available electronically: http://www.wisdom.weizmann.ac.il/ naor/PAPERS/human.ps, 1997.
[26]
R. Quinlan. Machine Learning. Morgan Kaufmann Pub.
[27]
F. Rosenblatt. The perceptron: a perceiving and recognizing automation (projet PARA), Cornell Aeronautical Laboratory Report. 1957.
[28]
Wikipedia. Flood fill algorithm. http://en.wikipedia.org/wiki/Flood_fill.
[29]
Wikipedia. Hsl and hsv color representaiton. http://en.wikipedia.org/wiki/HSL_and_HSV.
[30]
J. Wilkins. Strong captcha guidelines v1. 2. Retrieved Nov, 10:2010, 2009.
[31]
J. Yan and A.S.E. Ahmad. Breaking visual captchas with naive pattern recognition algorithms. In ACSAC 2007, 2007.
[32]
J. Yan and A.S. El Ahmad. A Low-cost Attack on a Microsoft CAPTCHA. In Proceedings of the 15th ACM conference on Computer and communications security, pages 543--554. ACM, 2008.

Cited By

View all
  • (2024)Variational Color Shift and Auto-Encoder Based on Large Separable Kernel Attention for Enhanced Text CAPTCHA Vulnerability AssessmentInformation10.3390/info1511071715:11(717)Online publication date: 7-Nov-2024
  • (2024)Improving the Security of Audio CAPTCHAs With Adversarial ExamplesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323636721:2(650-667)Online publication date: Mar-2024
  • (2024)CAPTCHA in Web Security and Deep-Captcha Configuration based on Machine learning2024 3rd International Conference for Innovation in Technology (INOCON)10.1109/INOCON60754.2024.10511373(1-6)Online publication date: 1-Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. CAPTCHA
  2. human interaction proof
  3. machine learning
  4. vision

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)74
  • Downloads (Last 6 weeks)9
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Variational Color Shift and Auto-Encoder Based on Large Separable Kernel Attention for Enhanced Text CAPTCHA Vulnerability AssessmentInformation10.3390/info1511071715:11(717)Online publication date: 7-Nov-2024
  • (2024)Improving the Security of Audio CAPTCHAs With Adversarial ExamplesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323636721:2(650-667)Online publication date: Mar-2024
  • (2024)CAPTCHA in Web Security and Deep-Captcha Configuration based on Machine learning2024 3rd International Conference for Innovation in Technology (INOCON)10.1109/INOCON60754.2024.10511373(1-6)Online publication date: 1-Mar-2024
  • (2024)An Ecologically Valid Approach to Evaluating Online GatekeepersInternational Journal of Human–Computer Interaction10.1080/10447318.2024.2398890(1-16)Online publication date: 12-Sep-2024
  • (2024)Facial expression recognition: a novel approach to captcha designJournal of Engineering Design10.1080/09544828.2024.232440035:8(921-943)Online publication date: 11-Mar-2024
  • (2024)Meta Perturbation Generation Network for Text-Based CAPTCHASecurity and Privacy in Communication Networks10.1007/978-3-031-64948-6_6(110-124)Online publication date: 13-Oct-2024
  • (2023)Extended Research on the Security of Visual Reasoning CAPTCHAIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.323840820:6(4976-4992)Online publication date: Nov-2023
  • (2023)GeeSolver: A Generic, Efficient, and Effortless Solver with Self-Supervised Learning for Breaking Text Captchas2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179379(1649-1666)Online publication date: May-2023
  • (2023)False - Face Challenge Response Authentication Automated Test Using Anthropomorphic Images2023 International Conference on Advances in Computation, Communication and Information Technology (ICAICCIT)10.1109/ICAICCIT60255.2023.10465803(1012-1017)Online publication date: 23-Nov-2023
  • (2023)Audio-based CAPTCHA Verification to Secure Web Applications2023 4th IEEE Global Conference for Advancement in Technology (GCAT)10.1109/GCAT59970.2023.10353398(1-5)Online publication date: 6-Oct-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media