The University of Southampton
University of Southampton Institutional Repository

Using generative adversarial networks to break and protect text captchas

Using generative adversarial networks to break and protect text captchas
Using generative adversarial networks to break and protect text captchas

Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs significantly fewer real captchas but yields better performance in solving captchas. Our approach works by first learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and fine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme significantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack.

authentication, generative adversarial networks, security, Text captchas, transfer learning
2471-2566
1-29
Ye, Guixin
0b267b5d-942d-4216-9256-796ca3a99090
Tang, Zhanyong
030e87fa-0b3b-4fe2-af83-1eabaf8aac81
Fang, Dingyi
b4eefbb2-e752-4b40-86b6-ccac4fa3904b
Zhu, Zhanxing
e55e7385-8ba2-4a85-8bae-e00defb7d7f0
Feng, Yansong
571e0145-b5e7-41f0-ab1e-448b61bb1581
Xu, Pengfei
0712cd4c-581f-44e4-a0de-2fcc8c3914da
Chen, Xiaojiang
3279ddc3-d5e4-4cce-a5ce-492f001398c0
Han, Jungong
f32f64dd-13a8-4401-8eff-d6e23f6815b5
Wang, Zheng
3c6f18bb-fc19-48ae-ae40-3cec2c2054df
Ye, Guixin
0b267b5d-942d-4216-9256-796ca3a99090
Tang, Zhanyong
030e87fa-0b3b-4fe2-af83-1eabaf8aac81
Fang, Dingyi
b4eefbb2-e752-4b40-86b6-ccac4fa3904b
Zhu, Zhanxing
e55e7385-8ba2-4a85-8bae-e00defb7d7f0
Feng, Yansong
571e0145-b5e7-41f0-ab1e-448b61bb1581
Xu, Pengfei
0712cd4c-581f-44e4-a0de-2fcc8c3914da
Chen, Xiaojiang
3279ddc3-d5e4-4cce-a5ce-492f001398c0
Han, Jungong
f32f64dd-13a8-4401-8eff-d6e23f6815b5
Wang, Zheng
3c6f18bb-fc19-48ae-ae40-3cec2c2054df

Ye, Guixin, Tang, Zhanyong, Fang, Dingyi, Zhu, Zhanxing, Feng, Yansong, Xu, Pengfei, Chen, Xiaojiang, Han, Jungong and Wang, Zheng (2020) Using generative adversarial networks to break and protect text captchas. ACM Transactions on Privacy and Security, 23 (2), 1-29, [7]. (doi:10.1145/3378446).

Record type: Article

Abstract

Text-based CAPTCHAs remains a popular scheme for distinguishing between a legitimate human user and an automated program. This article presents a novel genetic text captcha solver based on the generative adversarial network. As a departure from prior text captcha solvers that require a labor-intensive and time-consuming process to construct, our scheme needs significantly fewer real captchas but yields better performance in solving captchas. Our approach works by first learning a synthesizer to automatically generate synthetic captchas to construct a base solver. It then improves and fine-tunes the base solver using a small number of labeled real captchas. As a result, our attack requires only a small set of manually labeled captchas, which reduces the cost of launching an attack on a captcha scheme. We evaluate our scheme by applying it to 33 captcha schemes, of which 11 are currently used by 32 of the top-50 popular websites. Experimental results demonstrate that our scheme significantly outperforms four prior captcha solvers and can solve captcha schemes where others fail. As a countermeasure, we propose to add imperceptible perturbations onto a captcha image. We demonstrate that our countermeasure can greatly reduce the success rate of the attack.

This record has no associated files available for download.

More information

Accepted/In Press date: 1 January 2020
Published date: 17 April 2020
Additional Information: Funding Information: Extension of Conference Paper: a preliminary version of this article entitled “Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach” by G. Ye et al. appeared in ACM Conference on Computer and Communications Security, 2018 [74]. The work was partly supported by the National Natural Science Foundation of China (NSFC) through Grant Agreements No. 61972314, No. 61672427, and No. 61872294; in part by the International Cooperation Project of Shaanxi Province (2019KW-009) and the Ant Financial through the Ant Financial Science Funds for Security Research. Authors’ addresses: G. Ye, Z. Tang (corresponding author), D. Fang, P. Xu, and X. Chen, Northwest University, China; emails: gxye@stumail.nwu.edu.cn, {zytang, dyf, pfxu, xjchen}@nwu.edu.cn; Z. Zhu and Y. Feng, Peking University, China; emails: {zhanxing.zhu, fengyansong}@pku.edu.cn; J. Han, University of Warwick, United Kingdom; email: jungong. han@warwick.ac.uk; Z. Wang (corresponding author), University of Leeds, United Kingdom; email: z.wang5@leeds.ac.uk. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2020 Association for Computing Machinery. 2471-2566/2020/04-ART7 $15.00 https://doi.org/10.1145/3378446
Keywords: authentication, generative adversarial networks, security, Text captchas, transfer learning

Identifiers

Local EPrints ID: 486137
URI: http://eprints.soton.ac.uk/id/eprint/486137
ISSN: 2471-2566
PURE UUID: 46915e1e-9440-47e5-a7e0-873ca3311d55

Catalogue record

Date deposited: 10 Jan 2024 17:42
Last modified: 05 Jun 2024 17:54

Export record

Altmetrics

Contributors

Author: Guixin Ye
Author: Zhanyong Tang
Author: Dingyi Fang
Author: Zhanxing Zhu
Author: Yansong Feng
Author: Pengfei Xu
Author: Xiaojiang Chen
Author: Jungong Han
Author: Zheng Wang

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×