Breaking Audio Captcha using Machine Learning/Deep Learning and Related Defense Mechanism

CAPTCHA is a web-based authentication method used by websites to distinguish between humans (valid users) and bots(attackers). Audio captcha is an accessible captcha meant for the visually disabled section of users such as color-blind, blind, near-sighted users. In this project, I analyzed the security of audio captchas from attacks that employ machine learning and deep learning models. Audio captchas of varying lengths (5, 7 and 10) and varying background noise (no noise, medium noise or high noise) were analyzed. I found that audio captchas with no background noise or medium background noise were easily attacked with 99% - 100% accuracy. Whereas, audio captchas with high noise were relatively more secure with breaking accuracy of 85%. I also propose that adversarial example attacks can be used in favor of audio captcha, that is, adversarial example attacks can be used to defend audio captcha from attackers. I explored two adversarial examples attack algorithms: Basic Iterative Method (BIM) and DeepFool method to create new adversarial audio captcha. Finally, I analyzed the security of these newly created adversarial audio captcha by simulating Level I and Level II defense scenarios. Level I defense is a defense against pre- trained models that have never seen adversarial examples before. Whereas a Level II defense is a defense against models that have been re-trained on adversarial examples. My experiments show that Level I defense can prevent nearly 100% of attacks from pre-trained models. It also proves that Level II defense increases security of audio captcha by 57% to 67%. Real world scenarios such as multi-retries are also studied and related defense mechanism are suggested

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

Labeled-Image CAPTCHA: concept of a secured and universally useful CAPTCHA

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used online security tool that ensures that a computer program is not posing as a human user. While smart programs with advanced image processing capability have already cracked picture based captcha systems there is a need for making the test harder. This paper presents a design prototype of a simplified type of labeled-image captcha where a picture of a common animal or household item is marked with a number of different labels and the users will be asked to provide the correct label for specific parts of the picture. Due to human’s familiarity with body shapes and part names of such common pictures, they will easily identify a specific organ/parts of the picture. Such labeled-image captcha tests are expected to be very easy for human users regardless of their culture, age, gender, educational background and other discriminations but tough for the bots and automated computer programs

Labeled-Image CAPTCHA: concept of a secured and universally useful CAPTCHA

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used online security tool that ensures that a computer program is not posing as a human user. While smart programs with advanced image processing capability have already cracked picture based captcha systems there is a need for making the test harder. This paper presents a design prototype of a simplified type of labeled-image captcha where a picture of a common animal or household item is marked with a number of different labels and the users will be asked to provide the correct label for specific parts of the picture. Due to human’s familiarity with body shapes and part names of such common pictures, they will easily identify a specific organ/parts of the picture. Such labeled-image captcha tests are expected to be very easy for human users regardless of their culture, age, gender, educational background and other discriminations but tough for the bots and automated computer programs