Visible to the public Towards Evaluating the Security of Real-World Deployed Image CAPTCHAs

Submitted by grigby1 on Fri, 02/08/2019 - 4:14pm
TitleTowards Evaluating the Security of Real-World Deployed Image CAPTCHAs
Publication TypeConference Paper
Year of Publication2018
AuthorsZhao, Binbin, Weng, Haiqin, Ji, Shouling, Chen, Jianhai, Wang, Ting, He, Qinming, Beyah, Reheem
Conference NameProceedings of the 11th ACM Workshop on Artificial Intelligence and Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6004-3
Keywordsartificial intelligence security, captcha-solving services, composability, Deep Learning, Human Behavior, image captchas, Metrics, pubcrawl, Resiliency
AbstractNowadays, image captchas are being widely used across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision techniques are gradually diminishing the security of image captchas; yet, little is known thus far about the vulnerability of image captchas deployed in real-world settings. In this paper, we conduct the first systematic study on the security of image captchas in the wild. We classify the currently popular image captchas into three categories: selection-, slide- and click-based captchas. We propose three effective and generic attacks, each against one of these categories. We evaluate our attacks against 10 real-world popular image captchas, including those from tencent.com, google.com, and 12306.cn. Furthermore, we compare our attacks with 9 online image recognition services and human labors from 8 underground captcha-solving services. Our studies show that: (1) all of those popular image captchas are vulnerable to our attacks; (2) our attacks significantly outperform the state-of-the-arts in almost all the scenarios; and (3) our attacks achieve effectiveness comparable to human labors but with much higher efficiency. Based on our evaluation, we identify the design flaws of those popular schemes, the best practices, and the design principles towards more secure captchas.
DOI10.1145/3270101.3270104
Citation Keyzhao_towards_2018
Groups: