Paper Info
Title
Breaking Text-based CAPTCHAs using Average Vertical Partition.
Abstract
CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, has been widely used as a security mechanism to defend against automated registration, spam and malicious bot programs. There have been many successful attacks on CAPTCHAs deployed by popular websites, e.g., Google, Yahoo!, and Microsoft. However, most of these methods are ad hoc, and they have lost efficacy with the evolution of CAPTCHA. In this paper, we propose a simple but effective attack on text-based CAPTCHA that uses machine learning to solve the segmentation and recognition problems simultaneously. The method first divides a CAPTCHA image into average blocks and attempts to combine adjacent blocks to form individual characters. A modified K-Nearest Neighbor (KNN) engine is used to recognize these combinations, and using a Dynamic Programming (DP) graph search algorithm, the most likely combinations are selected as the final result. We tested our attack on the popular CAPTCHAs deployed by the top 20 Alexa ranked websites. The success rates range from 5.0% to 74.0%, illustrating the effectiveness and universality of our method. We also tested the applicability of our method on three well-known CAPTCHA schemes. Our attack casts serious doubt on the security of existing text-based CAPTCHAs; therefore, guidelines for designing better text-based CAPTCHAs are discussed at the end of this paper.
Year
DOI
Venue
2019
10.6688/J1SE.201905_35(3).0008
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING
Keywords
Field
DocType
CAPTCHA,security,text-based,K-nearest neighbor,average vertical partition
Computer science,Theoretical computer science,CAPTCHA,Partition (number theory),Distributed computing
Journal
Volume
Issue
ISSN
35
SP3
1016-2364
Citations 
PageRank 
References 
0
0.34
0
Authors
5
Name
Order
Citations
PageRank
Xiyang Liu115918.55
Yang Zhang281.65
jing hu32213.68
Mengyun Tang4171.72
Haichang Gao517217.41