• Home

  • Documents

  • EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic...
39
EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA - SolvingServices in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus February 2019

EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

EPL682- PAPERS----------

Re:CAPTCHAs– UnderstandingCAPTCHA-SolvingServicesinanEconomicContext

IAmRobot:(Deep)LearningtoBreakSemanticImageCAPTCHAs

Antreas Dionysiou - DepartmentofComputerScienceUniversityofCyprus

February2019

Page 2: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

2

BACKGROUND

Page 3: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

What are CAPTCHAs?

• CompletelyAutomatedPublicTuringtesttotellComputersandHumansApart(CAPTCHA).• Proposedin2003byVonetal.• AlsoreferredasReverseTuringTests.• CAPTCHAstellifauserishumanornot.• DifferentversionsofCAPTCHAexists.• Blockautomatedbotsystemsattacks.• Mustresistautomatedsolving.• Mustbepainlessforhumans.

3

Page 4: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

CAPTCHAVersions

4

Page 5: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Text-basedCAPTCHAs

• MostwidelyusedCAPTCHAscheme.• CAPTCHAdesigning,reflectsatrade-offbetweenprotectionandusability.

5

Page 6: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Paper:“Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext.”

6

Page 7: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Whatisallabout?(Summary)

• BriefexplanationaboutCAPTCHAs.• CAPTCHAsolvingecosystemhasemergedwith2majorcategories:

1. AutomatedCAPTCHAsolvers(software).2. Real-timehumanlabor.

• EvaluationofCAPTCHAsineconomicterms.• CAPTCHA’sunderlyingcoststructurebenefitsdefender.• PlentyofCAPTCHAsolvingserviceswithverylowprices.• CAPTCHAsshouldbeviewedasaneconomicimpedimenttoanattacker(notonlyasatechnologicalone).

$1/1000

Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010. 7

Page 8: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Whatisallabout?(Cont.)

• Theoverallshapeofmarketispoorlyunderstood.

• Bigevolutionofautomatedsolvingtools…

• …but,eclipsedbytheemergenceofhuman-basedsolvingmarket.

• Economicexaminationofhuman-basedsolvingmarket.

Human-basedsolvers Automated(software)solvers Hybridsolvers

8Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 9: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Relatedwork

• Theauthorsclaimthattheyarethefirsttoidentifythegrowthofhuman-labor-basedCAPTCHAsolvingservices.• TheclosestworkrelatedisthestudyofBursztein etal.[1],BUT isfocusedonCAPTCHAdifficultyratherthantheunderlyingbusinessmodels.• Nootherrelatedwork(atthattime).

[1]E.Bursztein,S.Bethard,J.C.Mitchell,D.Jurafsky,andC.Fabry.HowgoodarehumansatsolvingCAPTCHAs?alargescaleevaluation.InIEEES&P’10,2010.

9Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 10: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

AuthorsTriedtoAnswerKeyQuestionsLike

WhichCAPTCHAsaremostlytargeted?

Roughsolvingcapacity?

Qualityofservice?

Pricingofservices?

Workforcedemographics?

Services’adaptabilitytochangesinCAPTCHAschemes?

Overall,thisresearchprovidesareasoningaboutthenetvalueofCAPTCHAsunderexistingthreats.

10Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 11: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

CAPTCHAEconomics,butwhy???

• CAPTCHA’stechnicalperspective,doesn’tcapturethebusinessrealitiesofCAPTCHA-solvingecosystem.• Theprofitabilityofanyscamisafunctionof3factors:

1. ThecostofCAPTCHAsolving.2. Theeffectivenessofanysecondarydefenses.3. Theefficiencyoftheattacker’sbusinessmodel.

• CAPTCHAsaddfrictiontotheattacker’sbusinessmodel.• CAPTCHAsminimizethecostandlegitimateuserimpactofheavier-weightsecondarydefenses(e.g.sms,etc.).

11Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 12: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

EconomicsofCAPTCHA-solvingMarket

• ThemarketforCAPTCHA-solvingserviceshasbeenexpanded…

• …but,thewagesofworkershavebeendecliningduetothesereasons:1. CAPTCHAsolvingisanunskilledjob.2. Itcanbeeasilysourcedviainternettothelowestcostlabor.3. Anincreasedcompetitionontheretailsideexist.

• Mr.Esaidthat50%ofrevenueisprofit,roughly10%isforserversandbandwidth,andtheremainderissplitbetweensolvinglabor.

12Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 13: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

CAPTCHA-SolvingMarketWorkflow

13Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 14: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

CAPTCHA-SolvingServicesAnalysis

• Evaluatedserviceswhichwerewell-advertisedatthetime.

• Evaluated8CAPTCHA-solvingservicesfor5monthscollectingCAPTCHAsbymostpopularwebsites.

• Evaluatingseveralaspectssuchas:1. Customerinterface.2. Solutionaccuracy.3. Responsetime.4. Availability.5. Capacity.

14Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 15: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

QualityofServiceAssessment

15Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 16: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

QualityofServiceAssessment(cont.)

• Medianerrorrateandresponsetime(inseconds)forallservices.Servicesarerankedtop-to-bottominorderofincreasingerrorrate.

16Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 17: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

ServicesAnalysisResults

• Antigate andImageToText providedthefastestservice.

• AccuracyandresponsetimevariedwiththetypeofCAPTCHA.

• Thevalueofaparticularsolverdependson3factors,namely:1. Accuracy.2. Responsetime.3. Price.

• DeCaptcher andCaptchaBot hadthelargestsolvingcapacity,astheycouldsolve14–15CAPTCHAspersecond.

17Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 18: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

WorkerWages

• TheyfocusedontwoservicesnamelyKolotibablo andPixProfit.

• Kolotibablo paysworkersatavariablerate(from$0.50/1,000uptoover$0.75/1,000CAPTCHAs)dependingonhowmanyCAPTCHAstheyhavesolved.

• PixProfit offersasomewhathigherrateof$1/1,000.

• Aminimumamountofmoneyshouldbecollectedbeforepayout.

• Mostservicesprovidepaymentviaanonlinee-currencysystem.

18Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 19: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

GeographicDemographics

• AllservicesincludeasizeableworkforcefluentinChinese,likelymainlandChina.• Antigate hasappreciableaccuraciesforRussianandHindi,presumablydrawingonworkforcesinRussiaandIndia.• Similarly,forCaptchaBypass andRussian.• BeatCaptcha andTamil,Portuguese,andSpanish.• DeCaptcher andTamil.• ImageToText hasappreciableaccuracyacrossaremarkablerangeoflanguages.

19Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 20: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

AdaptabilityofCAPTCHAServices

• AgainfocusedonKolotibablo andPixProfit services.• TestthemontheAsirra CAPTCHA.• ImageToText displayedaremarkableadaptability,solvingtheAsirraCAPTCHAonaverage39.9% ofthetime.

Figure5:ImageToText errorrateforthecustomAsirra CAPTCHAovertime.

20Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 21: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

MostPopularTargetedCAPTCHAs

21Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 22: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Conclusions

• CAPTCHAs’ low-impactqualitymakesthemattractivetositeoperators,

• …but,atthesametime,easytobeoutsourcedtoglobalunskilledlabormarket.

• CAPTCHA-solvingbusinessiswell-developed,highly-competitive,andwithlargecapacityindustry.

• WholesaleandretailpricesforCAPTCHA-solvingwillcontinuetodecline.

• CAPTCHAsdon’tpreventlarge-scaleautomatedsiteaccess,

• …but,theyeffectivelylimitautomatedsiteaccess.

22Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 23: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Conclusions(Cont.)

• AsthecostofCAPTCHAsolvingdecreases,asiteoperatormustemploysecondarydefensesmoreaggressively.

• CAPTCHAs shouldberegardedasaneconomicimpediment(notonlyatechnologicalone).

• CAPTCHAsarelow-impactmechanismsthataddfrictiontotheattacker’sbusinessmodel.

• CAPTCHAsminimizethecostandlegitimateuserimpactofheavier-weightsecondarydefenses.

23Motoyama,Marti,etal."Re:CAPTCHAs-UnderstandingCAPTCHA-SolvingServicesinanEconomicContext." USENIXSecuritySymposium.Vol.10.2010.

Page 24: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Paper:“IAmRobot:(Deep)LearningtoBreakSemanticImageCAPTCHAs.”

24

Page 25: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Whatisallabout?(Summary)

• A studyofthelatestversionofGoogle’sreCaptcha.

• AuthorsinfluencereCaptcha’s riskanalysisprocess.• IdentifyreCaptcha’s flaws,bypassrestrictions,anddeploylarge-scaleattacks.

• Proposalofaneffectiveandlow-costdeep-learning-basedattackforthesemanticannotationofimages.

• Proposalofaseriesofsafeguardsandmodificationsforresistingtheirattacks.

25Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 26: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Relatedwork

• Yanetal.,“Alow-costattackonamicrosoft CAPTCHA,”inCCS’08.

• Yanetal.,“BreakingvisualCAPTCHAswithnaivepatternrecognitionalgorithms,”inACSAC’07.

• Lietal.,“Breakinge-bankingCAPTCHAs,”inACSAC’10.• Perezetal.,“BreakingreCAPTCHAs withunpredictablecollapse:Heuristiccharactersegmentationandrecognition,”inMCPR 2012.

• Many,many,otherpapersrelatedtoautomatedCAPTCHAsolving...

26Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 27: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Google’sreCaptcha

• ThegoalofGoogle’slatestversionofreCaptcha,isto:1. Minimizetheeffortforlegitimateusers.2. Requiringtasksthataremorechallengingtocomputersthan“simple”text

recognition.

• reCaptcha isdrivenbyan“advancedriskanalysissystem”.

• reCaptcha widgetalsoperformsaseriesofbrowserchecks.

• MostwidelyusedCAPTCHAservice.

• Leveragesinformationaboutusers’activitiesthroughcookies.

27Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 28: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

HowreCaptcha works?

1. Userclicksonacheckbox.2. A requestissentcontainingallrelatedtousercollected

information.3. Therequestisanalyzedbytheadvancedriskanalysissystem,which

decidesthetypeofCAPTCHAchallengetobepresentedtotheuser.4. Iftheuserrequestsmultiplechallengesorprovidesseveralwrong

answers,thesystemwillreturnincreasinglyharderchallenges.

28Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 29: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

CAPTCHAVersions

29Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 30: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Contributions

• DeployedanautomationtoolwithoutbeingdetectedbyreCaptchawidget.

• Identifieddesignflawsthatallowattackersto“influence”theadvancedriskanalysisprocess.

• ML-basedsystemforsolvingimage-basedCAPTCHAs,thatextractssemanticinformationfromimages.

• Highlyeffectiveandefficientsystem,achieving70.78%accuracy,solvingchallengesin≈19seconds.

• Demonstratedtheirattack’sgenericapplicability.

• Evaluatedtheirtoolintermsofcost-effectiveness(offline-mode).

30Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 31: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

TheirCAPTCHA-solvingsystem

• TheirsystemisbuildonSelenium,andMozillaFirefox(v.36).

• Theirsystemisbasedon2components:1. The1st isresponsibleforcreatingtrackingcookiesthatinfluencetherisk

analysisprocess.

2. The2nd processes thechallengesfollowingdifferenttechniquesbasedonthetypeofchallenge.

31Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 32: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

ComputerVisionAlgorithmsandImageAnnotationServicesUsed• Google’sreverseimagesearch(GRIS)forconductinganimage-basedsearch.

• DifferentImageannotationservicesforassigningtags(keywords)orfree-formdescriptionofimages.

• AML-basedclassifierthatcanguessthecontentofanimagebasedonasubsetofthetags.

• A manuallycreatedlabeled-datasetwithimagesandtheirtagfromchallengestheyhavecollected(HistoryModule).

32Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 33: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Findings

• Google’sadvancedriskanalysiscanbeneutralizedbyusinga9-dayoldcookie(withorwithoutwebsurfing).

• BeingloggedinaGoogleaccount,with,andwithoutconductingaphoneverification doesnotinfluenceriskanalysissystem.

• Norestrictionbasedonthecountryinwhichacookieiscreated.• Webdriver variabledoesnothaveaneffect.

• User-agent’sbrowserandengineversionsaswellastheactualenvironmentoftheexperiment playscriticalrole.

33Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 34: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Findings(Cont.)

• User-agentthatdoesnotcontaincompleteinformation,orismiss-formattedreceivesahard(fallback)CAPTCHA.• Widgetdoesnotdetecttheunderlyingoperatingsystem.• Mismatchbetweenuser-agents,duringacookie’screationandwhenrequestingaCAPTCHAwiththatcookie,doesnothaveeffect.• Screenresolutionandmousebehaviordonotaffecttheoutcomeofriskanalysis.• Cookiesarenotassignedareputationscore(accordingtohistory).• NomechanismprohibitingthecreationofalargenumberofcookiesfromasingleIPaddress.

34Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 35: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Findings(Cont.)

• Capacityperday:1. Duringweekdays,theycouldsolvebetween52,000and55,000.2. Duringweekendstheycouldsolve59,000.

• reCaptcha versionsuffersfromsignificantflawsandomissions.

• Formostcases(74%)thenumberofcorrectcandidateimagesis2;therestcontain3andtheyalsofoundtwochallengeswith4.

• Challengesarenotcreated“on-the-fly”butselectedfromarelativelysmallpoolofchallenges.

35Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 36: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Findings(Cont.)

• 1,368redundantimagesthatbelongedto358setsofidenticalimages.

• Highlyefficientattacksolvingchallengesin≈19seconds,mentioningthatthemosttimeconsumingphaseisGRIS.

• Alimitedvarietyofimagecategorieshasbeendetected.

• AdversariescandeployaccurateandefficientattacksagainsttheimagereCaptcha withoutrelyingonexternalservices.

• EvaluatedtheirCAPTCHAbreakingsystem’seconomicviability.

36Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 37: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Findings(Cont.)

• Discusscountermeasuresfordefendingagainsttheirattacks,andtheirpotentialimpactontheusability.

• reCaptcha hasbeenupdatedafterauthorsinformedGoogleandFacebook.

37Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 38: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Conclusions– Futurework

• Furtherimprovementoftheirattack’saccuracycanbeexplored.

• ReassessmentonreverseTuringtests(CAPTCHAs)andtheirdesignisconsideredcritical.

• Demonstratedthefeasibilityoflarge-scaleCAPTCHA-solvingattacks.

• reCaptcha’s advancedriskanalysissystemandwidgetpossessvaluablefunctionality,thatcanbeincorporatedintofuturecaptchaschemesformitigatingattacks.

38Sivakorn,S.,Polakis,I.,&Keromytis,A.D.(2016,March).Iamrobot:(deep) learningtobreaksemanticimagecaptchas.In 2016IEEEEuropeanSymposiumonSecurityandPrivacy (EuroS&P) (pp.388-403).IEEE.

Page 39: EPL682 -PAPERS · • ML-based system for solving image-based CAPTCHAs, that extracts semantic information from images. • Highly effective and efficient system, achieving 70.78%

Thanksforyourattention!!! J

Anyquestions?

39


On the Viability of CAPTCHAs for Use in Telephony Systems ... · On the Viability of CAPTCHAs for Use in Telephony Systems: A Usability Field Study Niharika Sachdevay, Nitesh Saxena

On the Viability of CAPTCHAs for Use in Telephony Systems ... · On the Viability of CAPTCHAs for Use in Telephony Systems: A Usability Field Study Niharika Sachdevay, Nitesh Saxena

Documents
Re: CAPTCHAs Understanding CAPTCHA-Solving …cseweb.ucsd.edu/~mmotoyam/usec10-recaptchas.pdfRe: CAPTCHAs – Understanding CAPTCHA-Solving Services in an ... ing cost structure favors

Re: CAPTCHAs Understanding CAPTCHA-Solving …cseweb.ucsd.edu/~mmotoyam/usec10-recaptchas.pdfRe: CAPTCHAs – Understanding CAPTCHA-Solving Services in an ... ing cost structure favors

Documents
Re: CAPTCHAs -- Understanding CAPTCHA-Solving Services in an

Re: CAPTCHAs -- Understanding CAPTCHA-Solving Services in an

Documents
Usability of CAPTCHAs Or “usability issues in CAPTCHA design”

Usability of CAPTCHAs Or “usability issues in CAPTCHA design”

Documents
Attacking CAPTCHAS For Fun And Profit Appsec DC

Attacking CAPTCHAS For Fun And Profit Appsec DC

Documents
From Captchas to Captchæckers: Can we automate usability and security evaluation of CAPTCHAs?

From Captchas to Captchæckers: Can we automate usability and security evaluation of CAPTCHAs?

Science
The Failure of Noise-Based Non-continuous Audio …theory.stanford.edu/~hpaskov/pub/paper002.pdfThe Failure of Noise-Based Non-Continuous Audio Captchas ... captcha solver that defeats

The Failure of Noise-Based Non-continuous Audio …theory.stanford.edu/~hpaskov/pub/paper002.pdfThe Failure of Noise-Based Non-Continuous Audio Captchas ... captcha solver that defeats

Documents
Sensor Captchas: On the Usability of Instrumenting ... is used to digitalize street view addresses as well as books and Sensor Captchas: On the Usability of Instrumenting Hardware

Sensor Captchas: On the Usability of Instrumenting ... is used to digitalize street view addresses as well as books and Sensor Captchas: On the Usability of Instrumenting Hardware

Documents
Segmentação de Captchas Primeiro Seminário - DECOM · PDF file · 2014-09-26Paper •"Text-based CAPTCHA strengths and weaknesses.“ •Elie Bursztein, Matthieu Martin e John

Segmentação de Captchas Primeiro Seminário - DECOM · PDF file · 2014-09-26Paper •"Text-based CAPTCHA strengths and weaknesses.“ •Elie Bursztein, Matthieu Martin e John

Documents
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers

Bypassing CAPTCHAs by Impersonating CAPTCHA Providers

Documents
Breaking CAPTCHAs - Computer Sciencelazebnik/fall09/breaking_captchas.pdfBreaking CAPTCHAs Xiaoyang Wen COMP 857 Machine Learning UNC Chapel Hill • What’s CAPTCHA? ... • According

Breaking CAPTCHAs - Computer Sciencelazebnik/fall09/breaking_captchas.pdfBreaking CAPTCHAs Xiaoyang Wen COMP 857 Machine Learning UNC Chapel Hill • What’s CAPTCHA? ... • According

Documents
Decaptcha: Breaking 75% of eBay Audio CAPTCHAs

Decaptcha: Breaking 75% of eBay Audio CAPTCHAs

Documents
CAPTCHAs: The Good, the Bad, and the Ugly - CMPcmp.felk.cvut.cz/~cernyad2/TextCaptchaPdf/CAPTCHAs The Good, the...CAPTCHAs: The Good, the Bad, ... A CAPTCHA is a program that generates

CAPTCHAs: The Good, the Bad, and the Ugly - CMPcmp.felk.cvut.cz/~cernyad2/TextCaptchaPdf/CAPTCHAs The Good, the...CAPTCHAs: The Good, the Bad, ... A CAPTCHA is a program that generates

Documents
Evaluating Existing Audio CAPTCHAs and an Interface ... · (a) Microsoft CAPTCHA (c) AOL CAPTCHA Figure 1. Examples of existing interfaces for solving audio CAPTCHAs. (a) A separate

Evaluating Existing Audio CAPTCHAs and an Interface ... · (a) Microsoft CAPTCHA (c) AOL CAPTCHA Figure 1. Examples of existing interfaces for solving audio CAPTCHAs. (a) A separate

Documents
Development of two novel face-recognition CAPTCHAs: a ... · Development of two novel face-recognition CAPTCHAs: a security and usability study ... CAPTCHA, Usability, Facial

Development of two novel face-recognition CAPTCHAs: a ... · Development of two novel face-recognition CAPTCHAs: a security and usability study ... CAPTCHA, Usability, Facial

Documents
Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

Documents
ASDC12-Attacking CAPTCHAs for Fun and Profit

ASDC12-Attacking CAPTCHAs for Fun and Profit

Documents
Framework for Evaluation of Text Captchas

Framework for Evaluation of Text Captchas

Documents
Wp Bypassing Captchas

Wp Bypassing Captchas

Documents
Evaluating Existing Audio CAPTCHAs and an Interface ...webinsight.cs.washington.edu/papers/captchachi.pdf · Evaluating Existing Audio CAPTCHAs and an Interface Optimized for Non-Visual

Evaluating Existing Audio CAPTCHAs and an Interface ...webinsight.cs.washington.edu/papers/captchachi.pdf · Evaluating Existing Audio CAPTCHAs and an Interface Optimized for Non-Visual

Documents
The End is Nigh: Generic Solving of Text-based CAPTCHAs

The End is Nigh: Generic Solving of Text-based CAPTCHAs

Data & Analytics
Kent Academic Repository · 2018-05-19 · 2) Image Based Schemes: Motivated by the vulnerability of text based schemes, image based CAPTCHAs have been developed, following the belief

Kent Academic Repository · 2018-05-19 · 2) Image Based Schemes: Motivated by the vulnerability of text based schemes, image based CAPTCHAs have been developed, following the belief

Documents
The meanest CAPTCHAs ever

The meanest CAPTCHAs ever

Entertainment & Humor
Send Orders for Reprints to reprints@benthamscience.net ... · hence the difficulty of solving text-based CAPTCHAs primarily depends on the difficulty of text segmentation. This problem

Send Orders for Reprints to [email protected] ... · hence the difficulty of solving text-based CAPTCHAs primarily depends on the difficulty of text segmentation. This problem

Documents
FR-CAPTCHA: CAPTCHA Based on Recognizing …captcharesearch.com/media/1004/journalpone0091708.pdfText-based CAPTCHAs such as reCAPTCHA [3] require a user to decipher distorted text

FR-CAPTCHA: CAPTCHA Based on Recognizing …captcharesearch.com/media/1004/journalpone0091708.pdfText-based CAPTCHAs such as reCAPTCHA [3] require a user to decipher distorted text

Documents
TheRobustnessofHollowCAPTCHAs · mentation techniquesfor attacking a numberof text-based CAPTCHAs were developedbyYanand ElAhmad[23] in 2008, including the earlier mechanisms designed

TheRobustnessofHollowCAPTCHAs · mentation techniquesfor attacking a numberof text-based CAPTCHAs were developedbyYanand ElAhmad[23] in 2008, including the earlier mechanisms designed

Documents
Breaking CAPTCHAs with Convolutional Neural …ceur-ws.org/Vol-1885/93.pdfBreaking CAPTCHAs with Convolutional Neural Networks ... Older Google reCaptcha with the occlusion line.

Breaking CAPTCHAs with Convolutional Neural …ceur-ws.org/Vol-1885/93.pdfBreaking CAPTCHAs with Convolutional Neural Networks ... Older Google reCaptcha with the occlusion line.

Documents
Security and Usability Challenges of Moving-Object CAPTCHAs...Security and Usability Challenges of Moving-Object CAPTCHAs Decoding Codewords in Motion Yi Xu, Gerardo Reynaga, Sonia

Security and Usability Challenges of Moving-Object CAPTCHAs...Security and Usability Challenges of Moving-Object CAPTCHAs Decoding Codewords in Motion Yi Xu, Gerardo Reynaga, Sonia

Documents
Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an

Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an

Documents
Attacking Visual CAPTCHAs With TesserCap · requests before they return any content or CAPTCHAs. Using a web proxy (Fiddler, Burp, Charles, WebScarab, Paros etc…), capture the request

Attacking Visual CAPTCHAs With TesserCap · requests before they return any content or CAPTCHAs. Using a web proxy (Fiddler, Burp, Charles, WebScarab, Paros etc…), capture the request

Documents