3 research outputs found
Using Generative Adversarial Networks to Break and Protect Text Captchas
Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs significantly fewer real captchas but yields better performance in solving captchas. Our approach works by first learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and fine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme significantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack
Diff-CAPTCHA: An Image-based CAPTCHA with Security Enhanced by Denoising Diffusion Model
To enhance the security of text CAPTCHAs, various methods have been employed,
such as adding the interference lines on the text, randomly distorting the
characters, and overlapping multiple characters. These methods partly increase
the difficulty of automated segmentation and recognition attacks. However,
facing the rapid development of the end-to-end breaking algorithms, their
security has been greatly weakened. The diffusion model is a novel image
generation model that can generate the text images with deep fusion of
characters and background images. In this paper, an image-click CAPTCHA scheme
called Diff-CAPTCHA is proposed based on denoising diffusion models. The
background image and characters of the CAPTCHA are treated as a whole to guide
the generation process of a diffusion model, thus weakening the character
features available for machine learning, enhancing the diversity of character
features in the CAPTCHA, and increasing the difficulty of breaking algorithms.
To evaluate the security of Diff-CAPTCHA, this paper develops several attack
methods, including end-to-end attacks based on Faster R-CNN and two-stage
attacks, and Diff-CAPTCHA is compared with three baseline schemes, including
commercial CAPTCHA scheme and security-enhanced CAPTCHA scheme based on style
transfer. The experimental results show that diffusion models can effectively
enhance CAPTCHA security while maintaining good usability in human testing