skip to main content
research-article

Using Generative Adversarial Networks to Break and Protect Text Captchas

Published:17 April 2020Publication History
Skip Abstract Section

Abstract

Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs significantly fewer real captchas but yields better performance in solving captchas. Our approach works by first learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and fine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme significantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack.

References

  1. Abdalnaser Algwil, Dan C. Ciresan, Beibei Liu, and Jeff Yan. 2016. A security analysis of automated chinese turing tests. In Proceedings of the 32nd Annual Conference on Computer Security Applications. 520--532.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Martin Arjovsky, Soumith Chintala, and Léon Bottou. 2017. Wasserstein generative adversarial networks. In Proceedings of the International Conference on Machine Learning. 214--223.Google ScholarGoogle Scholar
  3. Elias Athanasopoulos and Spiros Antonatos. 2006. Enhanced CAPTCHAs: Using animation to tell humans and computers apart. In Proceedings of the IFIP International Conference on Communications and Multimedia Security. 97--108.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Charles Audet and J. E. Dennis Jr. 2006. Mesh adaptive direct search algorithms for constrained optimization. SIAM J. Optimiz. 17, 1 (2006), 188--217.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar. 2006. Can machine learning be secure? In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 16--25.Google ScholarGoogle Scholar
  6. Jeffrey P. Bigham and Anna C. Cavender. 2009. Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 1829--1838.Google ScholarGoogle Scholar
  7. Elie Bursztein. 2012. How we Broke the NuCaptcha Video Scheme and What we Proposed to Fix it. Retrieved from https://elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it.Google ScholarGoogle Scholar
  8. Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, and John C. Mitchell. 2014. The end is nigh: Generic solving of text-based CAPTCHAs. In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT’14).Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Elie Bursztein and Steven Bethard. 2009. Decaptcha: Breaking 75% of eBay audio CAPTCHAs. In Proceedings of the Usenix Conference on Offensive Technologies. 8--8.Google ScholarGoogle Scholar
  10. Elie Bursztein, Matthieu Martin, and John Mitchell. 2011. Text-based CAPTCHA strengths and weaknesses. In Proceedings of the Conference on Computer and Communications Security (CCS’11). 125--138.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Elie Bursztein, Angelique Moscicki, Celine Fabry, Steven Bethard, John C. Mitchell, and Jurafsky Dan. 2014. Easy does it: More usable CAPTCHAs. In Proceedings of the ACM Conference on Human Factors in Computing Systems. 2637--2646.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Kumar Chellapilla, Kevin Larson, Patrice Y. Simard, and Mary Czerwinski. 2005. Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In Proceedings of the Conference on Email 8 Anti-Spam.Google ScholarGoogle Scholar
  13. Monica Chew and J. Doug Tygar. 2004. Image recognition captchas. In Proceedings of the International Conference on Information Security. Springer, 268--279.Google ScholarGoogle Scholar
  14. Jeremy Elson, John R. Douceur, Jon Howell, and Jared Saul. 2007. Asirra: A CAPTCHA that exploits interest-aligned manual image categorization. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’07). 366--374.Google ScholarGoogle Scholar
  15. Bent Fuglede and Flemming Topsoe. 2004. Jensen-Shannon divergence and Hilbert space embedding. In Proceedings of the International Symposium on Information Theory (ISIT’04). IEEE, 31.Google ScholarGoogle ScholarCross RefCross Ref
  16. Haichang Gao, Mengyun Tang, Yi Liu, Ping Zhang, and Xiyang Liu. 2017. Research on the security of Microsoft’s two-layer captcha. IEEE Trans. Info. Forensics Secur. 12, 7 (2017), 1671--1685.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Haichang Gao, Wang Wei, Xuqin Wang, Xiyang Liu, and Jeff Yan. 2013. The robustness of hollow CAPTCHAs. In Proceedings of the ACM Sigsac Conference on Computer 8 Communications Security. 1075--1086.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Haichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang, and Jiawei Li. 2016. A simple generic attack on text captchas. In Proceedings of the Network and Distributed Systems Symposium (NDSS’16).Google ScholarGoogle ScholarCross RefCross Ref
  19. Song Gao. 2014. An Evolutionary Study of Dynamic Cognitive Game CAPTCHAs: Automated Attacks and Defenses. Dissertations Theses Gradworks. University of Alabama, Birminghan.Google ScholarGoogle Scholar
  20. Dileep George, Wolfgang Lehrach, Ken Kansky, Miguel Lázaro-Gredilla, Christopher Laan, Bhaskara Marthi, Xinghua Lou, Zhaoshi Meng, Yi Liu, Huayan Wang, et al. 2017. A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs. Science 358, 6368 (2017), eaag2612.Google ScholarGoogle Scholar
  21. C. Gold, A. Holub, and P. Sollich. 2005. Bayesian approach to feature selection and parameter tuning for support vector machine classifiers. Neural Netw. 18, 5 (2005), 693--701.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Philippe Golle. 2008. Machine learning attacks against the Asirra CAPTCHA. Comput. Commun. Secur. 2008 (2008), 535--542.Google ScholarGoogle Scholar
  23. Ian J. Goodfellow, Yaroslav Bulatov, Julian Ibarz, Sacha Arnoud, and Vinay Shet. 2014. Multi-digit number recognition from street view imagery using deep convolutional neural networks. In Proceedings of the International Conference on Learning Representations (ICLR’14).Google ScholarGoogle Scholar
  24. Ian J. Goodfellow, Jean Pougetabadie, Mehdi Mirza, Bing Xu, David Wardefarley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial networks. Adv. Neural Info. Process. Syst. 3 (2014), 2672--2680.Google ScholarGoogle Scholar
  25. Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy, Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In Proceedings of the International Conference on Machine Learning (ICML’15). 1--10.Google ScholarGoogle Scholar
  26. Ian J. Goodfellow, David Warde-Farley, Mehdi Mirza, Aaron Courville, and Yoshua Bengio. 2013. Maxout networks. arXiv preprint arXiv:1302.4389.Google ScholarGoogle Scholar
  27. Rich Gossweiler, Maryam Kamvar, and Shumeet Baluja. 2009. What’s up CAPTCHA?: A CAPTCHA based on image orientation. In Proceedings of the International Conference on World Wide Web (WWW’09). 841--850.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Mori Greg and Jitendra Malik. 2003. Recognizing objects in adversarial cultter: Breaking a visual CAPTCHA. In Proceedings of the IEEE Computer Society Conferene on Computer Vision and Pattern Recognition.Google ScholarGoogle Scholar
  29. Kaiming He, Georgia Gkioxari, Piotr Dollár, and Ross Girshick. 2017. Mask R-CNN. In Proceedings of the IEEE International Conference on Computer Vision (ICCV’17). 2980--2988.Google ScholarGoogle Scholar
  30. Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 770--778.Google ScholarGoogle ScholarCross RefCross Ref
  31. Robert Hecht-Nielsen. 1989. Theory of the Backpropagation Neural Network. Harcourt Brace 8 Co., 593–605.Google ScholarGoogle Scholar
  32. Carlos Javier Hernandezcastro, Arturo Ribagorda, and Yago Saez. 2009. Side-channel attack on labeling CAPTCHAs. Comput. Sci. ArXiv Preprint ArXiv:0908.1185.Google ScholarGoogle Scholar
  33. Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. IEEE Internet Comput. 15, 5 (2011), 4--6.Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Phillip Isola. 2017. Pix2Pix: Image-to-Image Translation with COnditional Adversarial Networks. Retrieved from https://github.com/phillipi/pix2pix.Google ScholarGoogle Scholar
  35. Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A. Efros. 2017. Image-to-Image translation with conditional adversarial networks [C]. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1125--1134.Google ScholarGoogle Scholar
  36. J. Wilkins. 2010. Strong captcha guidelines v1. 2 [J]. 10 (2010), 8.Google ScholarGoogle Scholar
  37. Zhiping Jiang, Jizhong Zhao, Xiang-Yang Li, Jinsong Han, and Wei Xi. 2013. Rejecting the attack: Source authentication for wi-fi management frames using csi information. In Proceedings of the IEEE INFOCOM. 2544--2552.Google ScholarGoogle ScholarCross RefCross Ref
  38. Diederik P. Kingma and Jimmy Ba. 2015. Adam: A method for stochastic optimization [C]. In Proceedings of the International Conference on Learning Representations.Google ScholarGoogle Scholar
  39. Kat Krol, Simon Parkin, and M. Angela Sasse. 2016. Better the devil you know: A user study of two CAPTCHAs and a possible replacement technology. In Proceedings of the NDSS Workshop on Usable Security.Google ScholarGoogle Scholar
  40. Colin Lea, Rene Vidal, Austin Reiter, and Gregory D. Hager. 2016. Temporal convolutional networks: A unified approach to action segmentation. In Proceedings of the European Conference on Computer Vision. 47--54.Google ScholarGoogle Scholar
  41. Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278--2324.Google ScholarGoogle ScholarCross RefCross Ref
  42. Jiwei Li, Will Monroe, Tianlin Shi, Sebastien Jean, Alan Ritter, and Dan Jurafsky. 2017. Adversarial learning for neural dialogue generation. In Proceedings of the Conference on Empirical Methods in Natural Language Processing. 2157–2169.Google ScholarGoogle ScholarCross RefCross Ref
  43. Bin Liang, Hongcheng Li, Miaoqiang Su, Xirong Li, Wenchang Shi, and XiaoFeng Wang. 2019. Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans. Depend. Secure Comput. (2019), 1–1.Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Min Lin, Qiang Chen, and Shuicheng Yan. 2013. Network in network. arXiv preprint arXiv:1312.4400.Google ScholarGoogle Scholar
  45. Elaine K. McEwan. 2008. Root Words, Roots and Affixes. Retrieved from http://www.readingrockets.org/article/root-words-roots-and-affixes.Google ScholarGoogle Scholar
  46. Hendrik Meutzner and Dorothea Kolossa. 2014. Reducing the cost of breaking audio CAPTCHAs by active and semi-supervised learning. In Proceedings of the International Conference on Machine Learning and Applications. 67--73.Google ScholarGoogle Scholar
  47. Takeru Miyato, Shinichi Maeda, Masanori Koyama, Ken Nakae, and Shin Ishii. 2015. Distributional smoothing by virtual adversarial examples. In Proceedings of the International Conference on Learning Representations (Poster).Google ScholarGoogle Scholar
  48. Volodymyr Mnih, Koray Kavukcuoglu, David Silver, Alex Graves, Ioannis Antonoglou, Daan Wierstra, and Martin Riedmiller. 2013. Playing atari with deep reinforcement learning. ArXiv Preprint ArXiv:1312.5602.Google ScholarGoogle Scholar
  49. Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot, and Wei Bang Chen. 2014. A three-way investigation of a game-CAPTCHA:automated attacks, relay attacks and usability. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 195--206.Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Manar Mohameda, Song Gaob, Niharika Sachdevac, Nitesh Saxena, Chengcui Zhangd, Ponnurangam Kumaraguruc, and Paul C. Van Oorschote. 2017. On the security and usability of dynamic cognitive game CAPTCHAs. J. Comput. Secur. 25, 3 (2017), 205–230.Google ScholarGoogle ScholarCross RefCross Ref
  51. Margarita Osadchy, Julio Hernandez-Castro, Stuart Gibson, Orr Dunkelman, and Daniel Pérez-Cabo. 2017. No bot expects the DeepCAPTCHA! introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Transactions on Information Forensics and Security 12, 11 (2017), 2640–2653.Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Sinno Jialin Pan and Qiang Yang. 2010. A survey on transfer learning. IEEE Trans. Knowl. Data Eng. 22, 10 (2010), 1345--1359.Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Ishai Rosenberg, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2017. Generic black-box end-to-end attack against RNNs and other API calls based malware classifiers. arXiv preprint arXiv:1707.05970.Google ScholarGoogle Scholar
  54. Neil J. Rubenking. 2013. Are You a Human. Retrieved from https://www.areyouahuman.com.Google ScholarGoogle Scholar
  55. Andy Schlaikjer. 2007. A dual-use speech CAPTCHA: Aiding visually impaired web users while providing transcriptions of audio streams. LTI-CMU Technical Report, 07-014.Google ScholarGoogle Scholar
  56. NuData Security. 2010. NuCaptcha. Retrieved from www.nucaptcha.com.Google ScholarGoogle Scholar
  57. Muhammad Shahzad, Alex X. Liu, and Arjmand Samuel. 2017. Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mobile Comput. 16, 10 (2017), 2726--2741.Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Chenghui Shi, Xiaogang Xu, Shouling Ji, Kai Bu, Jianhai Chen, Raheem A. Beyah, and Ting Wang. 2019. Adversarial CAPTCHAs. Retrieved from http://arxiv.org/abs/1901.01107Google ScholarGoogle Scholar
  59. Ashish Shrivastava, Tomas Pfister, Oncel Tuzel, Joshua Susskind, Wenda Wang, and Russell Webb. 2017. Learning from simulated and unsupervised images through adversarial training. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’17).Google ScholarGoogle ScholarCross RefCross Ref
  60. Karen Simonyan and Andrew Zisserman. 2014. In Proceedings of the International Conference on Learning Representations.Google ScholarGoogle Scholar
  61. Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis. 2016. I am robot: (Deep) learning to break semantic image CAPTCHAs. In Proceedings of the IEEE European Symposium on Security and Privacy. 388--403.Google ScholarGoogle Scholar
  62. Fabian Stark, Caner Hazirbas, Rudoplh Triebel, and Daniel Cremers. 2015. CAPTCHA recognition with active deep learning. In Proceedings of the German Conference on Pattern Recognition Workshop.Google ScholarGoogle Scholar
  63. Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott Reed, Dragomir Anguelov, Dumitru Erhan, Vincent Vanhoucke, and Andrew Rabinovich. 2015. Going deeper with convolutions. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1--9.Google ScholarGoogle ScholarCross RefCross Ref
  64. Christian Szegedy, Vincent Vanhoucke, Sergey Ioffe, Jonathon Shlens, and Zbigniew Wojna. 2016. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’16). 2818–2826.Google ScholarGoogle ScholarCross RefCross Ref
  65. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In Proceedings of the International Conference on Learning Representations (ICLR).Google ScholarGoogle Scholar
  66. Jennifer Tam, Jiri Simsa, Sean Hyde, and Luis Von Ahn. 2008. Breaking audio CAPTCHAs. In Proceedings of the Conference on Neural Information Processing Systems. 1625--1632.Google ScholarGoogle Scholar
  67. Luis Von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford. 2003. CAPTCHA: Using Hard AI Problems for Security. Springer, Berlin, 294–311.Google ScholarGoogle Scholar
  68. Luis Von Ahn, Manuel Blum, and John Langford. 2004. Telling humans and computers apart automatically. Commun. ACM 47, 2 (2004), 56--60.Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. Cihang Xie, Zhishuai Zhang, Yuyin Zhou, Song Bai, Jianyu Wang, Zhou Ren, and Alan L. Yuille. 2019. Improving transferability of adversarial examples with input diversity. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’19).Google ScholarGoogle Scholar
  70. Weilin Xu, Yanjun Qi, and David Evans. 2016. Automatically evading classifiers: A case study on PDF malware classifiers. In Proceedings of the Network and Distributed System Security Symposium.Google ScholarGoogle ScholarCross RefCross Ref
  71. Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, and Paul C. Van Oorschot. 2014. Security analysis and related usability of motion-based captchas: Decoding codewords in motion. IEEE Trans. Depend. Secure Comput. 11, 5 (2014), 480--493.Google ScholarGoogle ScholarCross RefCross Ref
  72. Jeff Yan and Ahmad Salah El Ahmad. 2007. Breaking visual CAPTCHAs with Naive pattern recognition algorithms. In Proceedings of the Computer Security Applications Conference (ACSAC’07). Twenty-Third Annual. 279--291.Google ScholarGoogle ScholarCross RefCross Ref
  73. Jeff Yan and Ahmad Salah El Ahmad. 2008. A low-cost attack on a Microsoft captcha. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’08), Alexandria, Virginia, Usa, October. 543--554.Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. Guixin Ye, Zhanyong Tang, Dingyi Fang, Zhanxing Zhu, Yansong Feng, Pengfei Xu, Xiaojiang Chen, and Zheng Wang. 2018. Yet another text captcha solver: A generative adversarial network based approach. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 332--348.Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Jason Yosinski, Jeff Clune, Yoshua Bengio, and Hod Lipson. 2014. How transferable are features in deep neural networks? In Advances in Neural Information Processing Systems. MIT Press, 3320--3328.Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. Lantao Yu, Weinan Zhang, Jun Wang, and Yong Yu. 2016. SeqGAN: Sequence generative adversarial nets with policy gradient. In Proceedings of the Thirty-First Association for the Advancement of Artificial Intelligence. 2852–2858.Google ScholarGoogle Scholar
  77. Jun-Yan Zhu, Taesung Park, Phillip Isola, and Alexei A Efros. 2017. Unpaired image-to-image translation using cycle-consistent adversarial networks. arXiv preprint arXiv:1703.10593.Google ScholarGoogle Scholar

Index Terms

  1. Using Generative Adversarial Networks to Break and Protect Text Captchas

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!