Robust Text CAPTCHAs Using Adversarial Examples
- URL: http://arxiv.org/abs/2101.02483v1
- Date: Thu, 7 Jan 2021 11:03:07 GMT
- Title: Robust Text CAPTCHAs Using Adversarial Examples
- Authors: Rulin Shao, Zhouxing Shi, Jinfeng Yi, Pin-Yu Chen, Cho-Jui Hsieh
- Abstract summary: We propose a user-friendly text-based CAPTCHA generation method named Robust Text CAPTCHA (RTC)
At the first stage, the foregrounds and backgrounds are constructed with randomly sampled font and background images.
At the second stage, we apply a highly transferable adversarial attack for text CAPTCHAs to better obstruct CAPTCHA solvers.
- Score: 129.29523847765952
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: CAPTCHA (Completely Automated Public Truing test to tell Computers and Humans
Apart) is a widely used technology to distinguish real users and automated
users such as bots. However, the advance of AI technologies weakens many
CAPTCHA tests and can induce security concerns. In this paper, we propose a
user-friendly text-based CAPTCHA generation method named Robust Text CAPTCHA
(RTC). At the first stage, the foregrounds and backgrounds are constructed with
randomly sampled font and background images, which are then synthesized into
identifiable pseudo adversarial CAPTCHAs. At the second stage, we design and
apply a highly transferable adversarial attack for text CAPTCHAs to better
obstruct CAPTCHA solvers. Our experiments cover comprehensive models including
shallow models such as KNN, SVM and random forest, various deep neural networks
and OCR models. Experiments show that our CAPTCHAs have a failure rate lower
than one millionth in general and high usability. They are also robust against
various defensive techniques that attackers may employ, including adversarial
training, data pre-processing and manual tagging.
Related papers
- IllusionCAPTCHA: A CAPTCHA based on Visual Illusion [14.043017273813227]
We present IllusionCAPTCHA, a novel security mechanism employing the "Human-Easy but AI-Hard" paradigm.
Results from our user study indicate that 86.95% of participants successfully passed the CAPTCHA on their first attempt, outperforming other CAPTCHA systems.
arXiv Detail & Related papers (2025-02-08T06:03:03Z) - Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards [93.16294577018482]
Arena, the most popular benchmark of this type, ranks models by asking users to select the better response between two randomly selected models.
We show that an attacker can alter the leaderboard (to promote their favorite model or demote competitors) at the cost of roughly a thousand votes.
Our attack consists of two steps: first, we show how an attacker can determine which model was used to generate a given reply with more than $95%$ accuracy; and then, the attacker can use this information to consistently vote against a target model.
arXiv Detail & Related papers (2025-01-13T17:12:38Z) - Detecting Machine-Generated Long-Form Content with Latent-Space Variables [54.07946647012579]
Existing zero-shot detectors primarily focus on token-level distributions, which are vulnerable to real-world domain shifts.
We propose a more robust method that incorporates abstract elements, such as event transitions, as key deciding factors to detect machine versus human texts.
arXiv Detail & Related papers (2024-10-04T18:42:09Z) - Unveiling Vulnerability of Self-Attention [61.85150061213987]
Pre-trained language models (PLMs) are shown to be vulnerable to minor word changes.
This paper studies the basic structure of transformer-based PLMs, the self-attention (SA) mechanism.
We introduce textitS-Attend, a novel smoothing technique that effectively makes SA robust via structural perturbations.
arXiv Detail & Related papers (2024-02-26T10:31:45Z) - A Survey of Adversarial CAPTCHAs on its History, Classification and
Generation [69.36242543069123]
We extend the definition of adversarial CAPTCHAs and propose a classification method for adversarial CAPTCHAs.
Also, we analyze some defense methods that can be used to defend adversarial CAPTCHAs, indicating potential threats to adversarial CAPTCHAs.
arXiv Detail & Related papers (2023-11-22T08:44:58Z) - EnSolver: Uncertainty-Aware Ensemble CAPTCHA Solvers with Theoretical Guarantees [1.9649272351760065]
We propose Enr, a family of solvers that use deep ensemble uncertainty to detect and skip out-of-distribution CAPTCHAs.
We prove novel theoretical bounds on the effectiveness of our solvers and demonstrate their use with state-of-the-art CAPTCHA solvers.
arXiv Detail & Related papers (2023-07-27T20:19:11Z) - Can AI-Generated Text be Reliably Detected? [50.95804851595018]
Large Language Models (LLMs) perform impressively well in various applications.
The potential for misuse of these models in activities such as plagiarism, generating fake news, and spamming has raised concern about their responsible use.
We stress-test the robustness of these AI text detectors in the presence of an attacker.
arXiv Detail & Related papers (2023-03-17T17:53:19Z) - Vulnerability analysis of captcha using Deep learning [0.0]
This research investigates the flaws and vulnerabilities in the CAPTCHA generating systems.
To achieve this, we created CapNet, a Convolutional Neural Network.
The proposed platform can evaluate both numerical and alphanumerical CAPTCHAs
arXiv Detail & Related papers (2023-02-18T17:45:11Z) - An End-to-End Attack on Text-based CAPTCHAs Based on Cycle-Consistent
Generative Adversarial Network [4.955311532191887]
We propose an efficient and simple end-to-end attack method based on cycle-consistent generative adversarial networks.
It can attack common text-based CAPTCHA schemes only by modifying a few configuration parameters.
Our approach efficiently cracked the CAPTCHA schemes deployed by 10 popular websites.
arXiv Detail & Related papers (2020-08-26T14:57:47Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.