Abstract
Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs significantly fewer real captchas but yields better performance in solving captchas. Our approach works by first learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and fine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme significantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack.
- Abdalnaser Algwil, Dan C. Ciresan, Beibei Liu, and Jeff Yan. 2016. A security analysis of automated chinese turing tests. In Proceedings of the 32nd Annual Conference on Computer Security Applications. 520--532.Google Scholar
Digital Library
- Martin Arjovsky, Soumith Chintala, and Léon Bottou. 2017. Wasserstein generative adversarial networks. In Proceedings of the International Conference on Machine Learning. 214--223.Google Scholar
- Elias Athanasopoulos and Spiros Antonatos. 2006. Enhanced CAPTCHAs: Using animation to tell humans and computers apart. In Proceedings of the IFIP International Conference on Communications and Multimedia Security. 97--108.Google Scholar
Digital Library
- Charles Audet and J. E. Dennis Jr. 2006. Mesh adaptive direct search algorithms for constrained optimization. SIAM J. Optimiz. 17, 1 (2006), 188--217.Google Scholar
Digital Library
- Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar. 2006. Can machine learning be secure? In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 16--25.Google Scholar
- Jeffrey P. Bigham and Anna C. Cavender. 2009. Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 1829--1838.Google Scholar
- Elie Bursztein. 2012. How we Broke the NuCaptcha Video Scheme and What we Proposed to Fix it. Retrieved from https://elie.net/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it.Google Scholar
- Elie Bursztein, Jonathan Aigrain, Angelika Moscicki, and John C. Mitchell. 2014. The end is nigh: Generic solving of text-based CAPTCHAs. In Proceedings of the USENIX Workshop on Offensive Technologies (WOOT’14).Google Scholar
Digital Library
- Elie Bursztein and Steven Bethard. 2009. Decaptcha: Breaking 75% of eBay audio CAPTCHAs. In Proceedings of the Usenix Conference on Offensive Technologies. 8--8.Google Scholar
- Elie Bursztein, Matthieu Martin, and John Mitchell. 2011. Text-based CAPTCHA strengths and weaknesses. In Proceedings of the Conference on Computer and Communications Security (CCS’11). 125--138.Google Scholar
Digital Library
- Elie Bursztein, Angelique Moscicki, Celine Fabry, Steven Bethard, John C. Mitchell, and Jurafsky Dan. 2014. Easy does it: More usable CAPTCHAs. In Proceedings of the ACM Conference on Human Factors in Computing Systems. 2637--2646.Google Scholar
Digital Library
- Kumar Chellapilla, Kevin Larson, Patrice Y. Simard, and Mary Czerwinski. 2005. Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In Proceedings of the Conference on Email 8 Anti-Spam.Google Scholar
- Monica Chew and J. Doug Tygar. 2004. Image recognition captchas. In Proceedings of the International Conference on Information Security. Springer, 268--279.Google Scholar
- Jeremy Elson, John R. Douceur, Jon Howell, and Jared Saul. 2007. Asirra: A CAPTCHA that exploits interest-aligned manual image categorization. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’07). 366--374.Google Scholar
- Bent Fuglede and Flemming Topsoe. 2004. Jensen-Shannon divergence and Hilbert space embedding. In Proceedings of the International Symposium on Information Theory (ISIT’04). IEEE, 31.Google Scholar
Cross Ref
- Haichang Gao, Mengyun Tang, Yi Liu, Ping Zhang, and Xiyang Liu. 2017. Research on the security of Microsoft’s two-layer captcha. IEEE Trans. Info. Forensics Secur. 12, 7 (2017), 1671--1685.Google Scholar
Digital Library
- Haichang Gao, Wang Wei, Xuqin Wang, Xiyang Liu, and Jeff Yan. 2013. The robustness of hollow CAPTCHAs. In Proceedings of the ACM Sigsac Conference on Computer 8 Communications Security. 1075--1086.Google Scholar
Digital Library
- Haichang Gao, Jeff Yan, Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang, and Jiawei Li. 2016. A simple generic attack on text captchas. In Proceedings of the Network and Distributed Systems Symposium (NDSS’16).Google Scholar
Cross Ref
- Song Gao. 2014. An Evolutionary Study of Dynamic Cognitive Game CAPTCHAs: Automated Attacks and Defenses. Dissertations Theses Gradworks. University of Alabama, Birminghan.Google Scholar
- Dileep George, Wolfgang Lehrach, Ken Kansky, Miguel Lázaro-Gredilla, Christopher Laan, Bhaskara Marthi, Xinghua Lou, Zhaoshi Meng, Yi Liu, Huayan Wang, et al. 2017. A generative vision model that trains with high data efficiency and breaks text-based CAPTCHAs. Science 358, 6368 (2017), eaag2612.Google Scholar
- C. Gold, A. Holub, and P. Sollich. 2005. Bayesian approach to feature selection and parameter tuning for support vector machine classifiers. Neural Netw. 18, 5 (2005), 693--701.Google Scholar
Digital Library
- Philippe Golle. 2008. Machine learning attacks against the Asirra CAPTCHA. Comput. Commun. Secur. 2008 (2008), 535--542.Google Scholar
- Ian J. Goodfellow, Yaroslav Bulatov, Julian Ibarz, Sacha Arnoud, and Vinay Shet. 2014. Multi-digit number recognition from street view imagery using deep convolutional neural networks. In Proceedings of the International Conference on Learning Representations (ICLR’14).Google Scholar
- Ian J. Goodfellow, Jean Pougetabadie, Mehdi Mirza, Bing Xu, David Wardefarley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial networks. Adv. Neural Info. Process. Syst. 3 (2014), 2672--2680.Google Scholar
- Ian J. Goodfellow, Jonathon Shlens, Christian Szegedy, Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In Proceedings of the International Conference on Machine Learning (ICML’15). 1--10.Google Scholar
- Ian J. Goodfellow, David Warde-Farley, Mehdi Mirza, Aaron Courville, and Yoshua Bengio. 2013. Maxout networks. arXiv preprint arXiv:1302.4389.Google Scholar
- Rich Gossweiler, Maryam Kamvar, and Shumeet Baluja. 2009. What’s up CAPTCHA?: A CAPTCHA based on image orientation. In Proceedings of the International Conference on World Wide Web (WWW’09). 841--850.Google Scholar
Digital Library
- Mori Greg and Jitendra Malik. 2003. Recognizing objects in adversarial cultter: Breaking a visual CAPTCHA. In Proceedings of the IEEE Computer Society Conferene on Computer Vision and Pattern Recognition.Google Scholar
- Kaiming He, Georgia Gkioxari, Piotr Dollár, and Ross Girshick. 2017. Mask R-CNN. In Proceedings of the IEEE International Conference on Computer Vision (ICCV’17). 2980--2988.Google Scholar
- Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 770--778.Google Scholar
Cross Ref
- Robert Hecht-Nielsen. 1989. Theory of the Backpropagation Neural Network. Harcourt Brace 8 Co., 593–605.Google Scholar
- Carlos Javier Hernandezcastro, Arturo Ribagorda, and Yago Saez. 2009. Side-channel attack on labeling CAPTCHAs. Comput. Sci. ArXiv Preprint ArXiv:0908.1185.Google Scholar
- Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. IEEE Internet Comput. 15, 5 (2011), 4--6.Google Scholar
Digital Library
- Phillip Isola. 2017. Pix2Pix: Image-to-Image Translation with COnditional Adversarial Networks. Retrieved from https://github.com/phillipi/pix2pix.Google Scholar
- Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A. Efros. 2017. Image-to-Image translation with conditional adversarial networks [C]. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1125--1134.Google Scholar
- J. Wilkins. 2010. Strong captcha guidelines v1. 2 [J]. 10 (2010), 8.Google Scholar
- Zhiping Jiang, Jizhong Zhao, Xiang-Yang Li, Jinsong Han, and Wei Xi. 2013. Rejecting the attack: Source authentication for wi-fi management frames using csi information. In Proceedings of the IEEE INFOCOM. 2544--2552.Google Scholar
Cross Ref
- Diederik P. Kingma and Jimmy Ba. 2015. Adam: A method for stochastic optimization [C]. In Proceedings of the International Conference on Learning Representations.Google Scholar
- Kat Krol, Simon Parkin, and M. Angela Sasse. 2016. Better the devil you know: A user study of two CAPTCHAs and a possible replacement technology. In Proceedings of the NDSS Workshop on Usable Security.Google Scholar
- Colin Lea, Rene Vidal, Austin Reiter, and Gregory D. Hager. 2016. Temporal convolutional networks: A unified approach to action segmentation. In Proceedings of the European Conference on Computer Vision. 47--54.Google Scholar
- Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner. 1998. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278--2324.Google Scholar
Cross Ref
- Jiwei Li, Will Monroe, Tianlin Shi, Sebastien Jean, Alan Ritter, and Dan Jurafsky. 2017. Adversarial learning for neural dialogue generation. In Proceedings of the Conference on Empirical Methods in Natural Language Processing. 2157–2169.Google Scholar
Cross Ref
- Bin Liang, Hongcheng Li, Miaoqiang Su, Xirong Li, Wenchang Shi, and XiaoFeng Wang. 2019. Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans. Depend. Secure Comput. (2019), 1–1.Google Scholar
Digital Library
- Min Lin, Qiang Chen, and Shuicheng Yan. 2013. Network in network. arXiv preprint arXiv:1312.4400.Google Scholar
- Elaine K. McEwan. 2008. Root Words, Roots and Affixes. Retrieved from http://www.readingrockets.org/article/root-words-roots-and-affixes.Google Scholar
- Hendrik Meutzner and Dorothea Kolossa. 2014. Reducing the cost of breaking audio CAPTCHAs by active and semi-supervised learning. In Proceedings of the International Conference on Machine Learning and Applications. 67--73.Google Scholar
- Takeru Miyato, Shinichi Maeda, Masanori Koyama, Ken Nakae, and Shin Ishii. 2015. Distributional smoothing by virtual adversarial examples. In Proceedings of the International Conference on Learning Representations (Poster).Google Scholar
- Volodymyr Mnih, Koray Kavukcuoglu, David Silver, Alex Graves, Ioannis Antonoglou, Daan Wierstra, and Martin Riedmiller. 2013. Playing atari with deep reinforcement learning. ArXiv Preprint ArXiv:1312.5602.Google Scholar
- Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. Van Oorschot, and Wei Bang Chen. 2014. A three-way investigation of a game-CAPTCHA:automated attacks, relay attacks and usability. In Proceedings of the ACM Symposium on Information, Computer and Communications Security. 195--206.Google Scholar
Digital Library
- Manar Mohameda, Song Gaob, Niharika Sachdevac, Nitesh Saxena, Chengcui Zhangd, Ponnurangam Kumaraguruc, and Paul C. Van Oorschote. 2017. On the security and usability of dynamic cognitive game CAPTCHAs. J. Comput. Secur. 25, 3 (2017), 205–230.Google Scholar
Cross Ref
- Margarita Osadchy, Julio Hernandez-Castro, Stuart Gibson, Orr Dunkelman, and Daniel Pérez-Cabo. 2017. No bot expects the DeepCAPTCHA! introducing immutable adversarial examples, with applications to CAPTCHA generation. IEEE Transactions on Information Forensics and Security 12, 11 (2017), 2640–2653.Google Scholar
Digital Library
- Sinno Jialin Pan and Qiang Yang. 2010. A survey on transfer learning. IEEE Trans. Knowl. Data Eng. 22, 10 (2010), 1345--1359.Google Scholar
Digital Library
- Ishai Rosenberg, Asaf Shabtai, Lior Rokach, and Yuval Elovici. 2017. Generic black-box end-to-end attack against RNNs and other API calls based malware classifiers. arXiv preprint arXiv:1707.05970.Google Scholar
- Neil J. Rubenking. 2013. Are You a Human. Retrieved from https://www.areyouahuman.com.Google Scholar
- Andy Schlaikjer. 2007. A dual-use speech CAPTCHA: Aiding visually impaired web users while providing transcriptions of audio streams. LTI-CMU Technical Report, 07-014.Google Scholar
- NuData Security. 2010. NuCaptcha. Retrieved from www.nucaptcha.com.Google Scholar
- Muhammad Shahzad, Alex X. Liu, and Arjmand Samuel. 2017. Behavior based human authentication on touch screen devices using gestures and signatures. IEEE Trans. Mobile Comput. 16, 10 (2017), 2726--2741.Google Scholar
Digital Library
- Chenghui Shi, Xiaogang Xu, Shouling Ji, Kai Bu, Jianhai Chen, Raheem A. Beyah, and Ting Wang. 2019. Adversarial CAPTCHAs. Retrieved from http://arxiv.org/abs/1901.01107Google Scholar
- Ashish Shrivastava, Tomas Pfister, Oncel Tuzel, Joshua Susskind, Wenda Wang, and Russell Webb. 2017. Learning from simulated and unsupervised images through adversarial training. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’17).Google Scholar
Cross Ref
- Karen Simonyan and Andrew Zisserman. 2014. In Proceedings of the International Conference on Learning Representations.Google Scholar
- Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis. 2016. I am robot: (Deep) learning to break semantic image CAPTCHAs. In Proceedings of the IEEE European Symposium on Security and Privacy. 388--403.Google Scholar
- Fabian Stark, Caner Hazirbas, Rudoplh Triebel, and Daniel Cremers. 2015. CAPTCHA recognition with active deep learning. In Proceedings of the German Conference on Pattern Recognition Workshop.Google Scholar
- Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott Reed, Dragomir Anguelov, Dumitru Erhan, Vincent Vanhoucke, and Andrew Rabinovich. 2015. Going deeper with convolutions. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1--9.Google Scholar
Cross Ref
- Christian Szegedy, Vincent Vanhoucke, Sergey Ioffe, Jonathon Shlens, and Zbigniew Wojna. 2016. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’16). 2818–2826.Google Scholar
Cross Ref
- Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In Proceedings of the International Conference on Learning Representations (ICLR).Google Scholar
- Jennifer Tam, Jiri Simsa, Sean Hyde, and Luis Von Ahn. 2008. Breaking audio CAPTCHAs. In Proceedings of the Conference on Neural Information Processing Systems. 1625--1632.Google Scholar
- Luis Von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford. 2003. CAPTCHA: Using Hard AI Problems for Security. Springer, Berlin, 294–311.Google Scholar
- Luis Von Ahn, Manuel Blum, and John Langford. 2004. Telling humans and computers apart automatically. Commun. ACM 47, 2 (2004), 56--60.Google Scholar
Digital Library
- Cihang Xie, Zhishuai Zhang, Yuyin Zhou, Song Bai, Jianyu Wang, Zhou Ren, and Alan L. Yuille. 2019. Improving transferability of adversarial examples with input diversity. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’19).Google Scholar
- Weilin Xu, Yanjun Qi, and David Evans. 2016. Automatically evading classifiers: A case study on PDF malware classifiers. In Proceedings of the Network and Distributed System Security Symposium.Google Scholar
Cross Ref
- Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, and Paul C. Van Oorschot. 2014. Security analysis and related usability of motion-based captchas: Decoding codewords in motion. IEEE Trans. Depend. Secure Comput. 11, 5 (2014), 480--493.Google Scholar
Cross Ref
- Jeff Yan and Ahmad Salah El Ahmad. 2007. Breaking visual CAPTCHAs with Naive pattern recognition algorithms. In Proceedings of the Computer Security Applications Conference (ACSAC’07). Twenty-Third Annual. 279--291.Google Scholar
Cross Ref
- Jeff Yan and Ahmad Salah El Ahmad. 2008. A low-cost attack on a Microsoft captcha. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’08), Alexandria, Virginia, Usa, October. 543--554.Google Scholar
Digital Library
- Guixin Ye, Zhanyong Tang, Dingyi Fang, Zhanxing Zhu, Yansong Feng, Pengfei Xu, Xiaojiang Chen, and Zheng Wang. 2018. Yet another text captcha solver: A generative adversarial network based approach. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 332--348.Google Scholar
Digital Library
- Jason Yosinski, Jeff Clune, Yoshua Bengio, and Hod Lipson. 2014. How transferable are features in deep neural networks? In Advances in Neural Information Processing Systems. MIT Press, 3320--3328.Google Scholar
Digital Library
- Lantao Yu, Weinan Zhang, Jun Wang, and Yong Yu. 2016. SeqGAN: Sequence generative adversarial nets with policy gradient. In Proceedings of the Thirty-First Association for the Advancement of Artificial Intelligence. 2852–2858.Google Scholar
- Jun-Yan Zhu, Taesung Park, Phillip Isola, and Alexei A Efros. 2017. Unpaired image-to-image translation using cycle-consistent adversarial networks. arXiv preprint arXiv:1703.10593.Google Scholar
Index Terms
Using Generative Adversarial Networks to Break and Protect Text Captchas
Recommendations
Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityDespite several attacks have been proposed, text-based CAPTCHAs are still being widely used as a security mechanism. One of the reasons for the pervasive use of text captchas is that many of the prior attacks are scheme-specific and require a labor-...
Make complex CAPTCHAs simple: A fast text captcha solver based on a small number of samples
Highlights- A captcha transformation model is proposed to simplify complex captchas.
- Cycle ...
AbstractText-based captchas are still widely used by many websites such as Wikipedia and Microsoft despite the emergence of many alternative captchas. Recently, the design of text-based captchas has become more and more complex to resist ...
Design and evaluation of 3D CAPTCHAs
AbstractMost current 2D CAPTCHAs are vulnerable to automated character recognition attacks and the latest attacks can successfully break the 2D text CAPTCHAs at a rate of more than 90%. In this work, we present two novel 3D CAPTCHAs, which are ...






Comments