Title | Towards Evaluating the Security of Real-World Deployed Image CAPTCHAs |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Zhao, Binbin, Weng, Haiqin, Ji, Shouling, Chen, Jianhai, Wang, Ting, He, Qinming, Beyah, Reheem |
Conference Name | Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-6004-3 |
Keywords | artificial intelligence security, captcha-solving services, composability, Deep Learning, Human Behavior, image captchas, Metrics, pubcrawl, Resiliency |
Abstract | Nowadays, image captchas are being widely used across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision techniques are gradually diminishing the security of image captchas; yet, little is known thus far about the vulnerability of image captchas deployed in real-world settings. In this paper, we conduct the first systematic study on the security of image captchas in the wild. We classify the currently popular image captchas into three categories: selection-, slide- and click-based captchas. We propose three effective and generic attacks, each against one of these categories. We evaluate our attacks against 10 real-world popular image captchas, including those from tencent.com, google.com, and 12306.cn. Furthermore, we compare our attacks with 9 online image recognition services and human labors from 8 underground captcha-solving services. Our studies show that: (1) all of those popular image captchas are vulnerable to our attacks; (2) our attacks significantly outperform the state-of-the-arts in almost all the scenarios; and (3) our attacks achieve effectiveness comparable to human labors but with much higher efficiency. Based on our evaluation, we identify the design flaws of those popular schemes, the best practices, and the design principles towards more secure captchas. |
DOI | 10.1145/3270101.3270104 |
Citation Key | zhao_towards_2018 |