Yipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, Yulong Shen, Jeff Yan
{"title":"视觉推理验证码安全性研究","authors":"Yipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, Yulong Shen, Jeff Yan","doi":"10.1109/tdsc.2023.3238408","DOIUrl":null,"url":null,"abstract":"CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based and traditional image-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing new CAPTCHAs by utilizing some other hard Artificial Intelligence (AI) problems. Recently, some commercial companies (Tencent, NetEase, Geetest, etc.) have begun deploying a new type of CAPTCHA based on visual reasoning to defend against bots. As a newly proposed CAPTCHA, it is therefore natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper explores the security of visual reasoning CAPTCHAs. We proposed a modular attack and evaluated it on six different real-world visual reasoning CAPTCHAs, which achieved overall success rates ranging from 79.2% to 98.6%. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Then, we summarize some guidelines for designing better visual-based CAPTCHAs, and based on the lessons we learned from our attacks, we propose a new CAPTCHA based on commonsense knowledge (CsCAPTCHA) and show its security and usability experimentally.","PeriodicalId":91597,"journal":{"name":"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium","volume":"6 1","pages":"4976-4992"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Research on the Security of Visual Reasoning CAPTCHA\",\"authors\":\"Yipeng Gao, Haichang Gao, Sainan Luo, Yang Zi, Shudong Zhang, Wenjie Mao, Ping Wang, Yulong Shen, Jeff Yan\",\"doi\":\"10.1109/tdsc.2023.3238408\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based and traditional image-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing new CAPTCHAs by utilizing some other hard Artificial Intelligence (AI) problems. Recently, some commercial companies (Tencent, NetEase, Geetest, etc.) have begun deploying a new type of CAPTCHA based on visual reasoning to defend against bots. As a newly proposed CAPTCHA, it is therefore natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper explores the security of visual reasoning CAPTCHAs. We proposed a modular attack and evaluated it on six different real-world visual reasoning CAPTCHAs, which achieved overall success rates ranging from 79.2% to 98.6%. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Then, we summarize some guidelines for designing better visual-based CAPTCHAs, and based on the lessons we learned from our attacks, we propose a new CAPTCHA based on commonsense knowledge (CsCAPTCHA) and show its security and usability experimentally.\",\"PeriodicalId\":91597,\"journal\":{\"name\":\"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium\",\"volume\":\"6 1\",\"pages\":\"4976-4992\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/tdsc.2023.3238408\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/tdsc.2023.3238408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on the Security of Visual Reasoning CAPTCHA
CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based and traditional image-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing new CAPTCHAs by utilizing some other hard Artificial Intelligence (AI) problems. Recently, some commercial companies (Tencent, NetEase, Geetest, etc.) have begun deploying a new type of CAPTCHA based on visual reasoning to defend against bots. As a newly proposed CAPTCHA, it is therefore natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper explores the security of visual reasoning CAPTCHAs. We proposed a modular attack and evaluated it on six different real-world visual reasoning CAPTCHAs, which achieved overall success rates ranging from 79.2% to 98.6%. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Then, we summarize some guidelines for designing better visual-based CAPTCHAs, and based on the lessons we learned from our attacks, we propose a new CAPTCHA based on commonsense knowledge (CsCAPTCHA) and show its security and usability experimentally.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
