liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Research on the Security of Visual Reasoning CAPTCHA
Xidian Univ, Peoples R China.
Xidian Univ, Peoples R China.
Xidian Univ, Peoples R China.
Xidian Univ, Peoples R China.
Show others and affiliations
2021 (English)In: PROCEEDINGS OF THE 30TH USENIX SECURITY SYMPOSIUM, USENIX ASSOC , 2021, p. 3291-3308Conference paper, Published paper (Refereed)
Abstract [en]

CAPTCHA is an effective mechanism for protecting computers from malicious bots. With the development of deep learning techniques, current mainstream text-based CAPTCHAs have been proven to be insecure. Therefore, a major effort has been directed toward developing image-based CAPTCHAs, and image-based visual reasoning is emerging as a new direction of such development. Recently, Tencent deployed the Visual Turing Test (VTT) CAPTCHA. This appears to have been the first application of a visual reasoning scheme. Subsequently, other CAPTCHA service providers (Geetest, NetEase, Dingxiang, etc.) have proposed their own visual reasoning schemes to defend against bots. It is, therefore, natural to ask a fundamental question: are visual reasoning CAPTCHAs as secure as their designers expect? This paper presents the first attempt to solve visual reasoning CAPTCHAs. We implemented a holistic attack and a modular attack, which achieved overall success rates of 67.3% and 88.0% on VTT CAPTCHA, respectively. The results show that visual reasoning CAPTCHAs are not as secure as anticipated; this latest effort to use novel, hard AI problems for CAPTCHAs has not yet succeeded. Based on the lessons we learned from our attacks, we also offer some guidelines for designing visual CAPTCHAs with better security.

Place, publisher, year, edition, pages
USENIX ASSOC , 2021. p. 3291-3308
National Category
Media and Communication Technology
Identifiers
URN: urn:nbn:se:liu:diva-182247ISI: 000722006803032ISBN: 9781939133243 (print)OAI: oai:DiVA.org:liu-182247DiVA, id: diva2:1627033
Conference
30th USENIX Security Symposium, ELECTR NETWORK, aug 11-13, 2021
Note

Funding Agencies|Natural Science Foundation of ChinaNational Natural Science Foundation of China (NSFC) [61972306]; Zhejiang Lab [2021KD0AB03]

Available from: 2022-01-12 Created: 2022-01-12 Last updated: 2022-01-12

Open Access in DiVA

No full text in DiVA

Other links

Link to publication

Search in DiVA

By author/editor
Yan, Jianxin
By organisation
Database and information techniquesFaculty of Science & Engineering
Media and Communication Technology

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 510 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf