Research on the Security of Microsoft’s Two-Layer Captcha

Gao, Haichang; Tang, Mengyun; Liu, Yi; Zhang, Ping; Liu, Xiyang

doi:10.1109/tifs.2017.2682704

Cited by 61 publications

(29 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Besides, their approach applied to fixed-length CAPTCHAs only. In 2017, Gao's team proposed another deep-learning-based method that used an imitator to generate CAPTCHAs for attacking Microsoft's two-layer hollow scheme [2]. Later, Le et al [20] used synthetic data to train the recognition model and achieved good success rates on their synthetic data, ranging from 91.05% to 99.8%, but their model performed poorly on the real-world CAPTCHAs.…”

Section: Background a Prior Attacksmentioning

confidence: 99%

Simple and Easy: Transfer Learning-Based Attacks to Text CAPTCHA

et al. 2020

Self Cite

View full text Add to dashboard Cite

CAPTCHA, or Completely Automated Public Turing Tests to Tell Computers and Humans Apart, is a common mechanism used to protect commercial accounts from malicious computer bots, and the most widely used scheme is text-based CAPTCHA. In recent years, newly emerged deep learning techniques have achieved high accuracy and speed in attacking text-based CAPTCHAs. However, most of the existing attacks have various disadvantages, the attack process made high complexity or manually collecting and labeling a large number of samples to train a deep learning recognition model is time-consuming and expensive. In this paper, we propose a transfer learning-based approach that greatly reduces the attack complexity and the cost of labeling samples, specifically, by pre-training the model with randomly generated samples and fine-tuning the pre-trained model with a small number of real-world samples. To evaluate our attack, we tested 25 online CAPTCHAs achieving success rates ranging from 36.3% to 96.9%. To further explore the effect of the training sample characteristics on the attack accuracy, we elaborately imitate some samples and apply a generative adversarial network to refine the samples, sequentially we use these two kinds of generated samples to pre-train the models, respectively. The experimental results demonstrate that the similarity between randomly generated samples and elaborately imitated samples has a negligible impact on the attack accuracy. Instead, transfer learning is the key factor; it reduces the cost of data preparation while preserving the model's attack accuracy. INDEX TERMS CAPTCHA, security, deep learning, transfer learning. I. INTRODUCTION

show abstract

Section: Background a Prior Attacksmentioning

confidence: 99%

Simple and Easy: Transfer Learning-Based Attacks to Text CAPTCHA

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Other atacks. The work presented by Gao et al targets captchas of hollow characters [16]. Their approach irst ills the hollow character strokes, and then searches for the possible combinations of adjacent character strokes to recognize individual characters.…”

Section: Related Workmentioning

confidence: 99%

Using Generative Adversarial Networks to Break and Protect Text Captchas

Tang

Fang

et al. 2020

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs signiicantly fewer real captchas but yields better performance in solving captchas. Our approach works by irst learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and ine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme signiicantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack. CCS Concepts: • Security and privacy → Graphical / visual passwords; Authentication.

show abstract

“…The second is the connecting characters together (CCT) method [20], which adds overlapping and noise to characters, and adds curvature to text images in order to increase resistance to recognition and character segmentation via automated attacks. The third is the character isolation method [21], which displays each character independently of the others, unlike the other two methods. With this method, the distortion of each character is more severe than with the other techniques.…”

Section: Text-based Captchamentioning

confidence: 99%

CAPTCHA Image Generation: Two-Step Style-Transfer Learning in Deep Neural Networks

Kwon

Yoon

Park

2020

Sensors

View full text Add to dashboard Cite

Mobile devices such as sensors are used to connect to the Internet and provide services to users. Web services are vulnerable to automated attacks, which can restrict mobile devices from accessing websites. To prevent such automated attacks, CAPTCHAs are widely used as a security solution. However, when a high level of distortion has been applied to a CAPTCHA to make it resistant to automated attacks, the CAPTCHA becomes difficult for a human to recognize. In this work, we propose a method for generating a CAPTCHA image that will resist recognition by machines while maintaining its recognizability to humans. The method utilizes the style transfer method, and creates a new image, called a style-plugged-CAPTCHA image, by incorporating the styles of other images while keeping the content of the original CAPTCHA. In our experiment, we used the TensorFlow machine learning library and six CAPTCHA datasets in use on actual websites. The experimental results show that the proposed scheme reduces the rate of recognition by the DeCAPTCHA system to 3.5% and 3.2% using one style image and two style images, respectively, while maintaining recognizability by humans.

show abstract

Research on the Security of Microsoft’s Two-Layer Captcha

Cited by 61 publications

References 14 publications

Simple and Easy: Transfer Learning-Based Attacks to Text CAPTCHA

Simple and Easy: Transfer Learning-Based Attacks to Text CAPTCHA

Using Generative Adversarial Networks to Break and Protect Text Captchas

CAPTCHA Image Generation: Two-Step Style-Transfer Learning in Deep Neural Networks

Contact Info

Product

Resources

About