Towards evaluating the security of real-world deployed image captchas

Binbin Zhao, Haiqin Weng, Shouling Ji, Jianhai Chen, Ting Wang, Qinming He, Raheem Beyah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Nowadays, image captchas are being widely used across the Internet to defend against abusive programs. However, the ever-advancing capabilities of computer vision techniques are gradually diminishing the security of image captchas; yet, little is known thus far about the vulnerability of image captchas deployed in real-world settings. In this paper, we conduct the first systematic study on the security of image captchas in the wild. We classify the currently popular image captchas into three categories: selection-, slide- and click-based captchas. We propose three effective and generic attacks, each against one of these categories. We evaluate our attacks against 10 real-world popular image captchas, including those from tencent.com, google.com, and 12306.cn. Furthermore, we compare our attacks with 9 online image recognition services and human labors from 8 underground captcha-solving services. Our studies show that: (1) all of those popular image captchas are vulnerable to our attacks; (2) our attacks significantly outperform the state-of-the-arts in almost all the scenarios; and (3) our attacks achieve effectiveness comparable to human labors but with much higher efficiency. Based on our evaluation, we identify the design flaws of those popular schemes, the best practices, and the design principles towards more secure captchas. We believe our findings shed light on facilitating the ecosystem of image captchas.

Original languageEnglish (US)
Title of host publicationAISec 2018 - Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2018
PublisherAssociation for Computing Machinery
Pages85-96
Number of pages12
ISBN (Electronic)9781450360043
DOIs
StatePublished - Oct 15 2018
Event11th ACM Workshop on Artificial Intelligence and Security, AISec 2018, co-located with CCS 2018 - Toronto, Canada
Duration: Oct 19 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference11th ACM Workshop on Artificial Intelligence and Security, AISec 2018, co-located with CCS 2018
CountryCanada
CityToronto
Period10/19/18 → …

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Towards evaluating the security of real-world deployed image captchas'. Together they form a unique fingerprint.

Cite this