CAPTCHA References

From Research Questions Task Force
Jump to: navigation, search

This page is a collection of relevant references to the CAPTCHA research question. The reference list shouldn't be considered complete or definitive, and is likely to regularly undergo formatting improvement and reorganization to support the review and analysis process.

Contents

List of CAPTCHA References with an Accessibility Focus

The following references have a direct focus on accessibility.

WCAG WG CAPTCHA Alternatives and thoughts

Working document listing various approaches to CAPTCHA, and documented accessibility limitations.

Developing usable CAPTCHAs for blind users

  • Authors: Jonathan Holman, Jonathan Lazar, Jinjuan Heidi Feng, and John D'Arcy
  • Year: 2007.
  • Publication: Proceedings of the 9th international ACM SIGACCESS conference on Computers and accessibility (Assets '07), 245-246.
  • Full text: Restricted, ACM Digital Library
  • Keywords:

Abstract: CAPTCHAs are widely used by websites for security and privacy purposes. However, traditional text-based CAPTCHAs are not suitable for individuals with visual impairments. We proposed and developed a new form of CAPTCHA that combines both visual and audio information to allow easy access by users with visual impairments. A preliminary evaluation suggests strong potential for the new form of CAPTCHA for both blind and visual users.

Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use

  • Authors: Jeffrey Bigham (Carnegie Mellon University), Anna Cavender (Google)
  • Year: 2009.
  • Publication: CHI '09 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Pages 1829-1838
  • Full text: Restricted, ACM Digital Library
  • Keywords:

Abstract: Audio CAPTCHAs were introduced as an accessible alternative for those unable to use the more common visual CAPTCHAs, but anecdotal accounts have suggested that they may be more difficult to solve. This paper demonstrates in a large study of more than 150 participants that existing audio CAPTCHAs are clearly more difficult and time-consuming to complete as compared to visual CAPTCHAs for both blind and sighted users.

In order to address this concern, we developed and evaluated a new interface for solving CAPTCHAs optimized for non-visual use that can be added in-place to existing audio CAPTCHAs. In a subsequent study, the optimized interface increased the success rate of blind participants by 59% on audio CAPTCHAs, illustrating a broadly applicable principle of accessible design: the most usable audio interfaces are often not direct translations of existing visual interfaces.

Accessible privacy and security: a universally usable human-interaction proof tool

  • Authors: Graig Sauer, Jonathan Holman, Jonathan Lazar, Harry Hochheiser, Jinjuan Feng
  • Year: 2010.
  • Publication: Universal Access in the Information Society - Special Issue: Designing Inclusive Futures archive, Volume 9 Issue 3, August 2010, Pages 239-248
  • Full text: Restricted, Springer
  • Keywords:

Abstract: Despite growing interest in designing usable systems for managing privacy and security, recent efforts have generally failed to address the needs of users with disabilities. As security and privacy tools often rely upon subtle visual cues or other potentially inaccessible indicators, users with perceptual limitations might find such tools particularly challenging.

To understand the needs of an important group of users with disabilities, a focus group was conducted with blind users to determine their perceptions of security-related challenges. Human-interaction proof (HIP) tools, commonly known as CAPTCHAs, are used by web pages to defeat robots and were identified in the focus group as a major concern. Therefore, a usability test was conducted to see how well blind users were able to use audio equivalents of these graphical tools. Finally, an accessible HIP tool was developed which combines audio and matching images, supporting both visual and audio output.

Encouraging results from a small usability evaluation of the prototype with five sighted users and five blind users show that this new form of HIP is preferred by both blind and visual users to previous forms of text-based HIPs. Future directions for research are also discussed.

The SoundsRight CAPTCHA: an improved approach to audio human interaction proofs for blind users

  • Authors: Jonathan Lazar, Jinjuan Feng, Tim Brooks, Genna Melamed, Brian Wentz, Jon Holman, Abiodun Olalere, Nnanna Ekedebe (Towson University)
  • Year: 2012.
  • Publication: CHI '12 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Pages 2267-2276
  • Full text: Restricted, ACM DIgital Library
  • Keywords:

Abstract: In this paper we describe the development of a new audio CAPTCHA called the SoundsRight CAPTCHA, and the evaluation of the CAPTCHA with 20 blind users. Blind users cannot use visual CAPTCHAs, and it has been documented in the research literature that the existing audio CAPTCHAs have task success rates below 50% for blind users. The SoundsRight audio CAPTCHA presents a real-time audio-based challenge in which the user is asked to identify a specific sound (for example the sound of a bell or a piano) each time it occurs in a series of 10 sounds that are played through the computer's audio system. Evaluation results from three rounds of usability testing document that the task success rate was higher than 90% for blind users. Discussion, limitations, and suggestions for future research are also presented.

Accessibility of CAPTCHA methods and other publications on accessible CAPTCHA

  • Authors: Sajad Shirali-Shahreza (University of Toronto), M. Hassan Shirali-Shahreza (Amirkabir University of Technology, Tehran)
  • Year: 2011
  • Publication: AISec '11 Proceedings of the 4th ACM workshop on Security and artificial intelligence, Pages 109-110
  • Full text: Restricted, ACM Digital Library
  • Keywords:

Abstract: CAPTCHA (Completely Automatic Public Turing Test to Tell Computer and Human Apart) systems are a group of methods designed to distinguish between real human users and computer programs that are interacting with the system. Their goal is to ask questions which human users can easily answer, but current computers cannot. So their evaluation can be done in two domains: how hard are they for computers and how easy are they for humans. In this paper, we focus on the second part, and review accessibility of different types of CAPTCHA for human users, especially visually impaired and elderly people.

FATCHA: biometrics lends tools for CAPTCHAs

  • Authors: De Marsico, M., Marchionni, L., Novelli, A. and Oertel, M.,
  • Year: 2016.
  • Publication: Multimedia Tools and Applications, pp.1-24.
  • Full text access: Restricted, via Springer
  • Keywords: Human Interactive Proofs, CAPTCHA, BOT, Usability, Accessibility, Multimodal interaction, Denial of service, Human face detection

Abstract: This paper presents a novel strategy to implement a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). The aim of these tests is to easily and reliably distinguish between real human users and (malicious) bots. The approach underlying FATCHA is to exploit real time capture of human actions instead of human ability to recognize visual or auditory items. The latter approach explicitly requires proposing a challenge difficult for an automatic responder but easy for a human. However, it is often the case that pursuing the first feature takes to lose the second one. Moreover the user task may be hindered by specific disabilities.

According to FATCHA approach the system rather asks the user to carry out some trivial gesture, e.g., rotating or moving the head. The webcam, which is available in almost all computers or mobile devices, captures the user gesture, and the server (hosting the service to protect) matches it with the requested one. It is possible to extend the service with a second module that allows the user to authenticate himself by face recognition instead of using a password. On the contrary, FATCHA gesture challenge can be used as a liveliness test to avoid biometric spoofing. Multimodal interaction is the base for both an advanced Human Interactive Proof (HIP) test and for robust/comfortable authentication.

Do human cognitive differences in information processing affect preference and performance of CAPTCHA?

  • Reference Type:  Journal Article
  • Author: Belk, Marios, Fidas, Christos, Germanakos, Panagiotis and Samaras, George
  • Year: 2015
  • Journal: International Journal of Human - Computer Studies
  • Volume: 84, pages: 1-18
  • ISSN: 1071-5819
  • DOI: 10.1016/j.ijhcs.2015.07.002
  • Keywords: Human Interaction Proofs, Captcha, Cognitive Styles, Cognitive Processing Abilities, User Study
  • Notes: mobile devices

Abstract: A Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a widely used security defense mechanism that is utilized by service providers to determine whether the entity interacting with their system is a human and not a malicious agent. Common design practices of current CAPTCHA schemes barely take into account cultural, contextual, and individual cognitive characteristics and abilities of users. Motivated by recent research which underpins the necessity for designing more user-friendly CAPTCHA, this paper investigates the effect of users’ cognitive styles and cognitive processing abilities towards preference and task performance of CAPTCHA challenges. In the frame of the reported research, two user studies were conducted. The first study (n=131) explored the effect of users’ cognitive styles (Verbal/Imager) on user preference and task performance of two complementary types of CAPTCHA mechanisms text-recognition and image-recognition. The second study (n=125) explored the effect of users’ cognitive processing abilities (speed of processing, controlled attention, working memory capacity) on task performance in regards with different levels of complexity of both text-recognition and image-recognition CAPTCHA.

Analysis of results revealed interaction effects of users’ cognitive processing characteristics towards preference and performance of CAPTCHA, suggesting that individual differences at such an intrinsic level are important to be considered for designing more usable and user-centric CAPTCHA challenges. •We study the effects of cognitive factors on CAPTCHA preference and performance.•Verbals prefer and solve significantly faster text CAPTCHA.•There is a growing trend of Imagers preferring and solving faster image CAPTCHA.•Users with enhanced cognitive processing abilities solve CAPTCHA faster.•Implications about the design of personalized CAPTCHA are discussed.

Towards a universally usable human interaction proof: evaluation of task completion strategies

  • Sauer, G., Lazar, J., Hochheiser, H., & Feng, J. (2010). Towards a universally usable human interaction proof: evaluation of task completion strategies. ACM Transactions on Accessible Computing (TACCESS), 2(4), 15. 

=== Toward Improved Audio Captchas Based on Auditory Perception and Language Understanding

  • Meutzner, H., Gupta, S., Nguyen, V. H., Holz, T., & Kolossa, D. (2016). Toward Improved Audio CAPTCHAs Based on Auditory Perception and Language Understanding. ACM Transactions on Privacy and Security (TOPS), 19(4), 10.

 

Biometric Alternatives to CAPTCHA: Exploring Accessible User Interface Options

  • Foley, A. (2012). Biometric alternatives to CAPTCHA: Exploring accessible interface options. 

The Effect of CAPTCHA on User Experience among Users with and without Learning Disabilities. 

  • Gafni, R., & Nagar, I. The Effect of CAPTCHA on User Experience among Users with and without Learning Disabilities. 

List of CAPTCHA References without an Accessibility Focus

The following references don't have a direct focus on accessibility, but may present information that has implications for accessibility and people with disabilities.

Tech: Siri For Your Living Room

  • Reference Type:  Journal Article
  • Author: Alexander, George
  • Year: 2015
  • Journal: Popular Mechanics
  • Volume: 192
  • Issue: 3
  • Pages: 20
  • ISSN: 00324558
  • Keywords: Biometrics, Passwords, Google Inc
  • Notes: mobile devices

Abstract:  The Eutogy Captecha You know CAPTCHA, the hard-to-read jumble of letters, numbers, and obfuscating lines that supposedly confirm your humanity every time you go to buy Taylor Swift tickets? Besides being infuriating to real people, especially those using mobile devices, CAPTCHA is no longer fooling the robots. Succeeding it is Google's No CAPTCHA reCAPTCHA, a much simpler set of boxes you click in answer to basic prompts ("Pick your favorite color," "I'm not a robot") that started rolling out late last year.

CLASSIFICATION OF VOIP AND NON-VOIP TRAFFIC USING MACHINE LEARNING APPROACHES

  • Reference Type:  Journal Article
  • Author: Al-Naymat, Ghazi, Al-Kasassbeh, Mouhammd, Abu-Samhadanh, Nosaiba and Sakr, Sherif
  • Year: 2016
  • Journal: Journal of Theoretical and Applied Information Technology
  • Volume: 92
  • Issue: 2
  • Pages: 403-414
  • ISSN: 18173195
  • Notes: machine learning

Abstract:  Enhancing network services and security can be achieved by performing network traffic classification identifying applications, which is one of the primary components of network operations and management. The traditional transport-layer and port-based classification approaches have some limitations in achieving accurate identification. In this paper, a real test bed is used to collect first-hand traffic dataset from five different VoIP and Non-VoIP applications that are used by majority of Internet community, namely Skype, YouTube, Yahoo Messenger, GTalk and PayPal. The collected data encompasses new features that have never been used before. In addition, a classification step is performed using off-the-shelf machine learning techniques, specifically Random Forest J48, meta.AdaBoost (J48) and MultiLayer Perceptron to classify the traffic. Our experimental results show that using the new features can dramatically improve the true positive ratio by up to 98% and this is significant outcome towards providing accurate traffic classification.

 

Text-based CAPTCHA strengths and weaknesses

  • Reference Type:  Generic
  • Author: Bursztein, E., Martin, M. and Mitchell, J. C.
  • Year: 2011
  • Pages: 125-137
  • ISBN/ISSN: 15437221
  • DOI: 10.1145/2046707.2046724
  • Keywords: Captcha, Knn Classifier, Machine Learning, Reverse Turing Test, Svm, Vision Algorithm
  • Notes: machine learning


 

CAPTCHaStar! A novel CAPTCHA based on interactive shape discovery

  • Reference Type:  Journal Article
  • Author: Conti, Mauro, Guarisco, Claudio and Spolaor, Riccardo
  • Year: 2015
  • Keywords: Computer Science - Human-Computer Interaction
  • Notes: machine learning

Abstract: Over the last years, most websites on which users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure against automated attacks. The battle of wits between designers and attackers of CAPTCHAs led to current ones being annoying and hard to solve for users, while still being vulnerable to automated attacks. In this paper, we propose CAPTCHaStar, a new image-based CAPTCHA that relies on user interaction. This novel CAPTCHA leverages the innate human ability to recognize shapes in a confused environment. We assess the effectiveness of our proposal for the two key aspects for CAPTCHAs, i.e., usability, and resiliency to automated attacks. In particular, we evaluated the usability, carrying out a thorough user study, and we tested the resiliency of our proposal against several types of automated attacks: traditional ones designed ad-hoc for our proposal and based on machine learning. Compared to the state of the art, our proposal is more user friendly (e.g., only some 35% of the users prefer current solutions, such as text-based CAPTCHAs) and more resilient to automated attacks.   

Authentication for multi-located parties and wireless ad hoc networks

  • Reference Type:  Generic
  • Author: Dantala, Pradeep
  • Year: 2011
  • Secondary Author: Kak, Subhash, Cline, David and Thomas, Johnson
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Ad Hoc Networks, Authentication, Authentication Agents, Multi-Located Parties, Three Stage Protocol, Wireless Networks
  • Notes: machine learning

Abstract: This thesis present a new authentication protocol for multi-located parties which uses an agent based scheme that divides the message into two parts together with a key distribution center to ensure stronger authentication. It also presents a protocol for wireless ad hoc networks to combat spamming and reduce traffic overload. The appropriate number of authentication agents was calculated for a wireless ad hoc network. Simulations were run for networks of 200, 1000, 2000 and 4000 nodes and it was found that 0.075 n (n is the number of nodes in the network) authentication agents work well to distribute the load evenly amongst them.  

Semantics and aesthetics inference for image search: Statistical learning approaches

  • Reference Type:  Generic
  • Author: Datta, Ritendra
  • Year: 2009
  • Secondary Author: Wang, James Z. and Li, Jia
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Artificial Intelligence, Computer Science, Applied Sciences, Automatic Image Annotation, Captcha, Image Recognition, Image Search, Machine Learning
  • Notes: machine learning

Abstract: The automatic inference of image semantics is an important but highly challenging research problem whose solutions can greatly benefit content-based image search and automatic image annotation. In this thesis, I present algorithms and statistical models for inferring image semantics and aesthetics from visual content, specifically aimed at improving real-world image search. First, a novel approach to automatic image tagging is presented which furthers the state-of-the-art in both speed and accuracy. The direct use of automatically generated tags in real-world image search is then explored, and its efficacy demonstrated experimentally. An assumption which makes most annotation models misrepresent reality is that the state of the world is static, whereas it is fundamentally dynamic. I explore learning algorithms for adapting automatic tagging to different scenario changes. Specifically, a meta-learning model is proposed which can augment a black-box annotation model to help provide adaptability for personalization, time evolution, and contextual changes.

Instead of retraining expensive annotation models, adaptability is achieved through efficient incremental learning of only the meta-learning component. Large scale experiments convincingly support this approach. In image search, when semantics alone yields many matches, one way to rank images further is to look beyond semantics and consider visual quality. I explore the topic of data-driven inference of aesthetic quality of images. Owing to minimal prior art, the topic is first explored in detail. Then, methods for extracting a number of high-level visual features, presumed to have correlation with aesthetics, are presented. Through feature selection and machine learning, an aesthetics inference model is trained and found to perform moderately on real-world data. The aesthetics-correlated visual features are then used in the problem of selecting and eliminating images at the high and low extremes of the aesthetics scale respectively, using a novel statistical model. Experimentally, this approach is found to work well in visual quality based filtering. Finally, I explore the use of image search techniques for designing a novel image-based CAPTCHA, a Web security test aimed at distinguishing humans from machines. Assuming image search metrics to be potential attack tools, they are used in the loop to design attack-resistant CAPTCHAs.  

Mitigating botnet-based DDoS attacks against web servers

  • Reference Type:  Generic
  • Author: Djalaliev, Peter
  • Year: 2013
  • Secondary Author: Lee, Adam
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Botnets, Distributed Denial-of-Service, Federated Authentication, Hardware Tokens, Kerberos Protocol
  • Notes: machine learning

Abstract: Distributed denial-of-service (DDoS) attacks have become wide-spread on the Internet. They continuously target retail merchants, financial companies and government institutions, disrupting the availability of their online resources and causing millions of dollars of financial losses. Software vulnerabilities and proliferation of malware have helped create a class of application-level DDoS attacks using networks of compromised hosts (botnets). In a botnet-based DDoS attack, an attacker orders large numbers of bots to send seemingly regular HTTP and HTTPS requests to a web server, so as to deplete the server's CPU, disk, or memory capacity. Researchers have proposed client authentication mechanisms, such as CAPTCHA puzzles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This dissertation proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. The federated authentication solution must resist both man-in-the-middle and denial-of-service attacks.

The proposed system architecture uses the Kerberos protocol to satisfy both requirements. This work proposes novel extensions to Kerberos to make it more suitable for generic web authentication. A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes Sentinel, a dedicated front-end network device that intercepts server-bound traffic, verifies authentication credentials and filters blacklisted traffic before it reaches the server. Using a front-end device also allows transparently deploying hardware acceleration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources. We implement the proposed system architecture by integrating existing software applications and libraries. We validate the system implementation by evaluating its performance under DDoS attacks consisting of floods of HTTP and HTTPS requests.  

Machine learning attacks against the asirra CAPTCHA

  • Reference Type:  Generic
  • Author: Golle, Philippe
  • Year: 2008
  • Pages: 535-542
  • ISBN/ISSN: 15437221
  • DOI: 10.1145/1455770.1455838
  • Keywords: Captcha, Classifier, Machine Learning, Reverse Turing Test, Support Vector Machine
  • Notes: machine learning

Developing a secure and usable user-cognitive authentication scheme

  • Reference Type:  Generic
  • Author: Hayata, Tomohiro
  • Year: 2012
  • Secondary Author: Beheshti, Mohsen
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences
  • Notes: mobile devices

Abstract: Today's online services are threatened by malicious programs which would illegally gain credentials at the expense of legitimate human users. As a human authentication test, CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart) have many applications for preventing them. The existing text-based CAPTCHAs are not safe as computer-vision techniques develop rapidly. The modified solutions are still in the stage of infancy because they are either hard to solve and costly to implement or easily trespassed due to compromised security. CAPTCHAs are supposed to be easy for humans but difficult for computers. The project design for a novel authentication scheme assumes no need for costly modifications or investment while maximizing rational thinking and creativity to ensure user-cognitive challenge response test whose background protocols and upfront user interface provide secure and usable real-time protection. This research is intended to be the basis for Authentication-as-a-Service for today's web services.   

Machine learning and empathy: the Civil Rights CAPTCHA

  • Reference Type:  Journal Article
  • Author: Hernández‐Castro, Carlos Javier, Barrero, David F. and R‐Moreno, María D.
  • Year: 2016
  • Journal: Concurrency and Computation: Practice and Experience
  • Volume: 28
  • Issue: 4
  • Pages: 1310-1323
  • ISSN: 1532-0626
  • DOI: 10.1002/cpe.3632
  • Keywords: Captcha, Hip, Machine Learning, Wordnet, Artificial Intelligence
  • Notes: machine learning

Abstract: Human interactive proofs (HIPs) are a basic security measure on the Internet to avoid automatic attacks. There is an ongoing effort to find a HIP that is secure enough yet easy for humans. Recently, a new HIP has been designed aiming at higher security: the Civil Rights Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). It employs the empathy capacity of humans to further strengthen Securimage, a well‐known text CAPTCHA. In this paper, we analyze it from a security perspective, finding fundamental design flaws. Using several well‐known machine learning (ML) algorithms, we analyze to what extent these flaws affect its security.

We discover that thanks to them, we can create a successful side‐channel attack. This attack is able to correctly solve the HIP on 20.7 of occasions, much more than enough to consider it broken. Thus, we show that there is no need to solve the problem of optical character recognition nor empathy analysis for computers to break this particular HIP. ML can be successfully used to break a HIP that uses both with a side‐channel attack. This security analysis can be applied to other HIPs. It will allow to test whether they are too much information by unexpected ways, given non‐evident design flaws.  

CAPTCHAs: An Artificial Intelligence Application to Web Security

  • Reference Type:  Journal Article
  • Author: Hidalgo, José María Gómez and Alvarez, Gonzalo
  • Year: 2011
  • Journal: Advances In Computers
  • Volume: 83
  • Pages: 109-181
  • ISSN: 0065-2458
  • DOI: 10.1016/B978-0-12-385510-7.00003-5
  • Notes: machine learning

Abstract: Nowadays, it is hard to find a popular Web site with a registration form that is not protected by an automated human proof test which displays a sequence of characters in an image, and requests the user to enter the sequence into an input field. This security mechanism is based on the Turing Test—one of the oldest concepts in Artificial Intelligence—and it is most often called Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). This kind of test has been conceived to prevent the automated access to an important Web resource, for example, a Web mail service or a Social Network. There are currently hundreds of these tests, which are served millions of times a day, thus involving a huge amount of human work. On the other side, a number of these tests have been broken, that is, automated programs designed by researchers, hackers, and spammers have been able to automatically serve the correct answer. In this chapter, we present the history and the concept of CAPTCHAs, along with their applications and a wide review of their instantiations. We also discuss their evaluation, both from the user and the security perspectives, including usability, attacks, and countermeasures. We expect this chapter provides to the reader a good overview of this interesting field.  

Breaking the Multi Colored Box: A Study of CAPTCHA

  • Reference Type:  Generic
  • Author: Khanna, Sumit
  • Year: 2009
  • Secondary Author: Harris, Billy, Kizza, Joseph and Thompson, Jack
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Captcha, Filtering, Ocr, Recognition
  • Notes: machine learning

Abstract: Communication is faster than ever. Innovations in low cost network computing have brought an era in which people can effortlessly and instantaneously view and post opinions collaboratively with others across the world. With such an infrastructure of public message boards, chat rooms and instant messaging systems, there is also a large potential for abuse by people wishing to capitalize on such open services by posting unsolicited advertisements. An entire industry has been constructed around the prevention of unsolicited electronic advertisements (SPAM). This thesis examines various techniques for preventing SPAM, focusing on Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHA), a challenge/response technique where an image is displayed with text that is heavily distorted. It also examines the feasibility of breaking CAPTCHA programmatically, alternatives to CAPTCHA based on filtering, improvements to CAPTCHA using photo recognition and avoiding the need for CAPTCHA using naïve approaches.    

FaceCAPTCHA: a CAPTCHA that identifies the gender of face images unrecognized by existing gender classifiers

  • Reference Type:  Journal Article
  • Author: Kim, Jonghak, Kim, Sangtae, Yang, Joonhyuk, Ryu, Jung-hee and Wohn, KwangYun
  • Year: 2014
  • Journal: An International Journal
  • Volume: 72
  • Issue: 2
  • Pages: 1215-1237
  • ISSN: 1380-7501
  • DOI: 10.1007/s11042-013-1422-z
  • Keywords: CAPTCHA, Crowdsourcing, Gender classification, Human computation, Image tagging, Web application
  • Notes: machine learning

Abstract: Computers tend to fail to classify human faces by gender, especially upon changes in viewpoint or upon occlusion that make it more difficult to extract the necessary image features. In contrast, humans are good at identifying gender but have difficulties in dealing with a large number of images. Accounting for this gap, we proposed FaceCAPTCHA, a novel image-based CAPTCHA that asks users to identify the gender of face images whose gender cannot be recognized by computers (gender-indiscernible faces). By converting the manual gender classification task into a CAPTCHA test, FaceCAPTCHA was designed to not only continuously identify the gender of gender-indiscernible faces but also differentiate between humans and computers and generate new test images. Our user studies showed that FaceCAPTCHA reliably identifies gender-indiscernible faces. A single eight-image FaceCAPTCHA test was completed in 12.41 s on average with a human success rate of 86.51 %, which can be further increased by filtering error-prone test images. In contrast, the probability of passing a FaceCAPTCHA test by random guessing was 0.006 %. We could therefore conclude that FaceCAPTCHA is robust against malicious attacks and easy enough for practical use.

A new image-based CAPTCHA using the orientation of the polygonally cropped sub-images

  • Reference Type:  Journal Article
  • Author: Kim, Jong-Woo, Chung, Woo-Keun and Cho, Hwan-Gue
  • Year: 2010
  • Journal: International Journal of Computer Graphics
  • Volume: 26
  • Issue: 6
  • Pages: 1135-1143
  • ISSN: 0178-2789
  • DOI: 10.1007/s00371-010-0469-3
  • Keywords: Image orientation, CAPTCHA, Machine learning, Perceptual recognition
  • Notes: machine learning

Abstract: With an increasing number of automated software bots and automated scripts that exploit public web services, the user is commonly required to solve a Turing test problem, namely a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), before they are allowed to use web services. As a solution of CAPTCHAs, the Image Orientation CAPTCHA is based on the hardness of image orientation. So, there is a close correlation between image orientation detection and the performance of image orientation CAPTCHA. In this paper, we introduce a reliable and effective CAPTCHA based on the orientation of cropped sub-images. Also, we try to investigate the key spatial features of sub-image orientation detection such as crop size, major color components, and the number of orientations. So, the goal of this paper is discovering the relationship between these spatial features and the detecting sub-image orientation by human manual work and machine learning-based softwares, respectively. Our experimental results enable our CAPTCHA system to filter out any sub-images difficult for human. Therefore, our experiment showed that exploiting the key spatial features of cropped sub-images is very useful to design a new image-based CAPTCHA system.

Evaluating the usability and security of a video CAPTCHA

  • Reference Type:  Generic
  • Author: Kluever, Kurt
  • Year: 2008
  • Secondary Author: Zanibbi, Richard, Butler, Zack and Canosa, Roxanne
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Captcha, Completely Automated Public Turing Test to Tell Computers and Humans Apart, Hip, Human Interactive Proof, Video Tagging, Youtube
  • Notes: machine learning

Abstract: A CAPTCHA is a variation of the Turing test, in which a challenge is used to distinguish humans from computers ("bots") on the internet. They are commonly used to prevent the abuse of online services. CAPTCHAs discriminate using hard artificial intelligence problems: the most common type requires a user to transcribe distorted characters displayed within a noisy image. Unfortunately, many users find them frustrating and break rates as high as 60% have been reported (for Microsoft's Hotmail). We present a new CAPTCHA in which users provide three words ("tags") that describe a video. A challenge is passed if a user's tag belongs to a set of automatically generated ground-truth tags.

In an experiment, we were able to increase human pass rates for our video CAPTCHAs from 69.7% to 90.2% (184 participants over 20 videos). Under the same conditions, the pass rate for an attack submitting the three most frequent tags (estimated over 86,368 videos) remained nearly constant (5% over the 20 videos, roughly 12.9% over a separate sample of 5146 videos). Challenge videos were taken from YouTube.com. For each video, 90 tags were added from related videos to the ground-truth set security was maintained by pruning all tags with a frequency ≥ 0.6%. Tag stemming and approximate matching were also used to increase human pass rates. Only 20.1% of participants preferred text-based CAPTCHAs, while 58.2% preferred our video-based alternative. Finally, we demonstrate how our technique for extending the ground truth tags allows for different usability/security trade-offs, and discuss how it can be applied to other types of CAPTCHAs.  

Social and egocentric image classification for scientific and privacy applications

  • Reference Type:  Generic
  • Author: Korayem, Mohammed
  • Year: 2015
  • Secondary Author: Crandall, David, Bollen, Johan, Kapadia, Apu and Radivojac, Predrag
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Deep Learning, Ecology, Image Classification, Large Scale, Mining Photos, Vision for Privacy
  • Notes: machine learning

Abstract: Image classification is a fundamental computer vision problem with decades of related work. It is a complex task and is a crucial part of many applications. The vision community has created many standard data sets for object recognition and image classification. While these benchmarks are created with the goal of being a realistic, representative sample of the visual world, they often contain implicit biases relating to how the images were selected (as well as which were ignored). In this thesis, we present two lines of work that apply and test image classification in much more realistic problems. We present systems that utilize image classification, deep learning and probabilistic models on large-scale, realistic, unconstrained, and automatically collected datasets. These capture a wider breadth of life on Earth than conventional datasets due to their scale and diversity. Besides these new datasets and the image classification systems developed, the novel applications we present are interesting in their own right. The first line of work explores the potential of social media imagery to power large-scale scientific analysis.

We focus on two prototype problems motivated by ecology: automatically detecting snowfall and vegetation. Using over 200 million Flickr images, each representing a rich description of the world at a specific time and place. Our results indicate that a combination of text mining techniques and image classification can produce high quality data for scientists from large-scale, noisy social images. The second line of work addresses privacy concerns related to wearable cameras, by automatically detecting private imagery. We present two systems that focus on different aspects of what makes an image private. The first is PlaceAvoider, which recognizes images taken in sensitive places such as bedrooms or bathrooms. The second is ObjectAvoider, which tries to detect key objects that may signal private content.  

Learning Visual Features for the Avatar Captcha Recognition Challenge

  • Reference Type:  Generic
  • Author: Korayem, M., Mohamed, A. A., Crandall, D. and Yampolskiy, R. V.
  • Year: 2012
  • Volume: 2
  • Pages: 584-587
  • DOI: 10.1109/ICMLA.2012.200
  • Keywords: Components, Circuits, Devices and Systems, Computing and Processing, Bioengineering, Engineered Materials, Dielectrics and Plasmas, Fields, Waves and Electromagnetics, Power, Energy and Industry Applications, Robotics and Control Systems, Signal Processing and Analysis
  • Notes: machine learning

Abstract: Captchas are frequently used on the modern world wide web to differentiate human users from automated bots by giving tests that are easy for humans to answer but difficult or impossible for algorithms. As artificial intelligence algorithms have improved, new types of Captchas have had to be developed. Recent work has proposed a new system called Avatar Captcha, in which a user is asked to distinguish between facial images of real humans and those of avatars generated by computer graphics. This novel system has been proposed on the assumption that this Captcha is very difficult for computers to break. In this paper we test a variety of modern visual features and learning algorithms on this avatar recognition task. We find that relatively simple techniques can perform very well on this task, and in some cases can even surpass human performance.

Inference Compilation and Universal Probabilistic Programming

  • Reference Type:  Journal Article
  • Author: Le, Tuan Anh, Baydin, Atilim Gunes and Wood, Frank
  • Year: 2016
  • Keywords: Computer Science - Artificial Intelligence, Computer Science - Learning, Statistics - Machine Learning, 68t37, 68t05, G.3, I.2.6
  • Notes: machine learning

Abstract: We introduce a method for using deep neural networks to amortize the cost of inference in models from the family induced by universal probabilistic programming languages, establishing a framework that combines the strengths of probabilistic programming and deep learning methods. We call what we do "compilation of inference" because our method transforms a denotational specification of an inference problem in the form of a probabilistic program written in a universal programming language into a trained neural network denoted in a neural network specification language. When at test time this neural network is fed observational data and executed, it performs approximate inference in the original model specified by the probabilistic program. Our training objective and learning procedure are designed to allow the trained neural network to be used as a proposal distribution in a sequential importance sampling inference engine. We illustrate our method on mixture models and Captcha solving and show significant speedups in the efficiency of inference.

A computer vision attack on the ARTiFACIAL CAPTCHA

  • Reference Type:  Journal Article
  • Author: Li, Qiujie
  • Year: 2015
  • Journal: An International Journal
  • Volume: 74
  • Issue: 13
  • Pages: 4583-4597
  • ISSN: 1380-7501
  • DOI: 10.1007/s11042-013-1823-z
  • Keywords: CAPTCHA, ARTiFACIAL, Attack, Computer vision
  • Notes: machine learning

Abstract: Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a reverse Turing test that is used to differentiate bots from humans. Text CAPTCHAs have been widely used in commercial applications, but most of the text CAPTCHAs have been successfully attacked. An alternative is to develop image CAPTCHAs to replace text CAPTCHAs. ARTiFACIAL (Automated Reverse Turing test using FACIAL features) Rui and Liu (2003) is an image CAPTCHA system based on detecting human face and facial features and claimed to be attack-resistant and user-friendly.

This paper proposes a compute vision attack on ARTiFACIAL. By carefully analyzing the limitations of face and facial feature detectors that ARTiFACIAL exploits, tailor-made attacking algorithm is designed instead of using general face and facial feature detectors directly. When tested with the 800 ARTiFACIAL challenges, the overall success rate of the attacking algorithm is 18.0 %, which is significantly higher than the estimate of 0.0006 % given in Rui and Liu (2003) for computer vision attacks. It takes an average time 1.47s for a PC with 3.2GHz Intel P4 and 2GB memory to pass an ARTiFACIAL test, compared with 14s for a human subject given in Rui and Liu (2003). From the successful attack, useful lessons for guiding the design of image CAPTCHAs are derived to advance the current understanding of the design of image CAPTCHAs and lead to more secure design.

Enhancing CAPTCHA Security Using Interactivity, Dynamism, and Mouse Movement Patterns

  • Reference Type:  Journal Article
  • Author: Miller, James and Roshanbin, Narges
  • Year: 2016
  • Journal: International Journal of Systems and Service-Oriented Engineering (IJSSOE)
  • Volume: 6
  • Issue: 1
  • Pages: 17-36
  • ISSN: 1947-3052
  • DOI: 10.4018/IJSSOE.2016010102
  • Keywords: Captchas, Interactive Captchas, Matching Task, Mouse Dynamics, Security
  • Notes: mobile devices

Abstract: Many existing CAPTCHAs require users to identify characters in a static image and match them with their counterparts in another image. Requiring intelligent human interaction in the matching task of these CAPTCHAs will pose a second challenge, which is straightforward for human users but difficult to emulate for Bots. In this paper, the authors develop several interactive matching tasks involving dynamic elements and demonstrate their impact on CAPTCHA security and usability in a series of tests and user studies. Their tests indicate that requiring intelligent human interaction can substantially decrease the likelihood of a CAPTCHA being broken in addition to making an attack computationally expensive. The authors' results provide both a security and a usability benchmark for the development of interactive dual-challenge CAPTCHAs. Their proposed findings from users' mouse movement data analysis can be readily incorporated in several types of existing CAPTCHA to enhance their security.

Defeating line-noise CAPTCHAs with multiple quadratic snakes

  • Reference Type:  Journal Article
  • Author: Nakaguro, Yoichi, Dailey, Matthew N., Marukatat, Sanparith and Makhanov, Stanislav S.
  • Year: 2013
  • Journal: Computers & Security
  • Volume: 37
  • Pages: 91-110
  • ISSN: 0167-4048
  • DOI: 10.1016/j.cose.2013.05.003
  • Keywords: Captcha, Segmentation, Gvf Snake, Opencv, Ocr
  • Notes: machine learning

Abstract: Optical character recognition (OCR) is one of the fundamental problems in artificial intelligence and image processing, but recent progress in OCR represents a security challenge for Web sites that throttle requests with image based CAPTCHAs (Completely Automated Public Turing Tests to Tell Computers and Humans Apart). A CAPTCHA is challenge-response test placed within web forms to determine whether the user is human. Unfortunately, algorithms capable of solving image based CAPTCHAs can be used to create spam accounts and design malicious denial of service (DoS) attacks, causing financial and social damage. The problem of defeating digital image CAPTCHAs is thus twofold. On the one hand, it is an important problem in artificial intelligence and image processing. On the other hand, publicly available CAPTCHAs that are not tested against state of the art machine recognition algorithms may make the systems vulnerable to attack by software bots.

This paper considers a very important subclass of text CAPTCHAs, those characterized by salt and pepper noise combined with line (curve) noise. Thus far, attacks on CAPTCHAs with this type of noise have used relatively simple image processing methods with some success, but state-of-the-art segmentation methods have not been fully exploited. In this paper, we propose and benchmark two strong segmentation methods. The first method is a modification of a multiple quadratic snake proposed for road extraction from satellite images. The second competing method is a boundary tracing routine available in the OpenCV open source library.A first numerical experiment indicates excellent accuracy for both methods. A second experiment on human recognition shows that the CAPTCHAs used in the study are already near the threshold of being too hard for humans. Finally, a third numerical experiment presents a more difficult set of CAPTCHAs with the addition of anti-binarization methods.

The snake-based method is shown to be more resilient to anti-binarization schemes than boundary tracing and state-of-the art projection-based attacks on CAPTCHAs.Since CAPTCHAs corrupted by small line noise are shown to be difficult for humans and relatively easy for our algorithm, CAPTCHA designers should introduce more challenging distortions into their CAPTCHAs, lest the security of systems based on them be compromised.

Human Cognition in Automated Turing Test Design

  • Reference Type:  Journal Article
  • Author: Nayeem, Mir, Akand, Mamunur, Sakib, Nazmus and Kabir, Wasi
  • Year: 2014
  • Journal: International Journal of Software Science and Computational Intelligence (IJSSCI)
  • Volume: 6
  • Issue: 4
  • Pages: 1-19
  • ISSN: 1942-9045
  • DOI: 10.4018/ijssci.2014100101
  • Keywords: Captcha, Cognitive Psychology, Context, Conversation, Human Interactive Proofs (Hips), Ocr, Usability, Web Services
  • Notes: machine learning

Abstract: Nowadays, many services in the internet including Email, search engine, social networking are provided with free of charge due to enormous growth of web users. With the expansion of Web services, denial of service (DoS) attacks by malicious automated programs (e.g., web bots) is becoming a serious problem of web service accounts. A HIP, or Human Interactive Proofs, is a human authentication mechanism that generates and grades tests to determine whether the user is a human or a malicious computer program. Unfortunately, the existing HIPs tried to maximize the difficulty for automated programs to pass tests by increasing distortion or noise. Consequently, it has also become difficult for potential users too. So there is a tradeoff between the usability and robustness in designing HIP tests. In their propose technique the authors tried to balance the readability and security by adding contextual information in the form of natural conversation without reducing the distortion and noise. In the result section, a microscopic large-scale user study was conducted involving 110 users to investigate the actual user views compare to existing state of the art CAPTCHA systems like Google's reCAPTCHA and Microsoft's CAPTCHA in terms of usability and security and found the authors' system capable of deploying largely over internet.

On the security of text-based 3D CAPTCHAs

  • Reference Type:  Journal Article
  • Author: Nguyen, Vu Duc, Chow, Yang-Wai and Susilo, Willy
  • Year: 2014
  • Journal: Computers & Security
  • Volume: 45
  • Pages: 84-99
  • ISSN: 0167-4048
  • DOI: 10.1016/j.cose.2014.05.004
  • Keywords: 3d Captcha, Character Extraction, Optical Character Recognition, Automated Attack, Security
  • Notes: machine learning

Abstract: CAPTCHAs have become a standard security mechanism that are used to deter automated abuse of online services intended for humans. However, many existing CAPTCHA schemes to date have been successfully broken. As such, a number of CAPTCHA developers have explored alternative methods of designing CAPTCHAs. 3D CAPTCHAs is a design alternative that has been proposed to overcome the limitations of traditional CAPTCHAs. These CAPTCHAs are designed to capitalize on the human visual system's natural ability to perceive 3D objects from an image. The underlying security assumption is that it is difficult for a computer program to identify the 3D content.

This paper investigates the robustness of text-based 3D CAPTCHAs. In particular, we examine three existing text-based 3D CAPTCHA schemes that are currently deployed on a number of websites. While the direct use of Optical Character Recognition (OCR) software is unable to correctly solve these text-based 3D CAPTCHA challenges, we highlight certain patterns in the 3D CAPTCHAs can be exploited to identify important information within the CAPTCHA. By extracting this information, this paper demonstrates that automated attacks can be used to solve these 3D CAPTCHAs with a high degree of success. •The robustness of text-based 3D CAPTCHAs against automated attacks is investigated.•Characteristics and vulnerabilities of three existing 3D CAPTCHAs are identified.•Invariant features in the design of 3D CAPTCHAs can be exploited.•We demonstrate that 3D CAPTCHAs are no more secure than their 2D counterparts.

SPEAKER IDENTIFICATION FROM YOUTUBE OBTAINED DATA

  • Reference Type:  Journal Article
  • Author: Nitesh Kumar, Chaudhary and Shraddha, Srivastav
  • Year: 2014
  • Journal: Signal & Image Processing
  • Volume: 05
  • Issue: 05
  • Pages: 27-33
  • ISSN: 2229-3922
  • DOI: 10.5121/sipij.2014.5503
  • Keywords: Captcha, Gaussian Blur, Image Transformations, Optical Character Recognition (Ocr)
  • Notes: machine learning

Abstract: An efficient, and intuitive algorithm is presented for the identification of speakers from a long dataset (like YouTube long discussion, Cocktail party recorded audio or video).The goal of automatic speaker identification is to identify the number of different speakers and prepare a model for that speaker by extraction, characterization and speaker-specific information contained in the speech signal. It has many diverse application specially in the field of Surveillance , Immigrations at Airport , cyber security , transcription in multi-source of similar sound source, where it is difficult to assign transcription arbitrary. The most commonly speech parameterization used in speaker verification, K-mean, cepstral analysis, is detailed.

Gaussian mixture modeling, which is the speaker modeling technique is then explained. Gaussian mixture models (GMM), perhaps the most robust machine learning algorithm has been introduced to examine and judge carefully speaker identification in text independent. The application or employment of Gaussian mixture models for monitoring & Analysing speaker identity is encouraged by the familiarity, awareness, or understanding gained through experience that Gaussian spectrum depict the characteristics of speaker's spectral conformational pattern and remarkable ability of GMM to construct capricious densities after that we illustrate 'Expectation maximization' an iterative algorithm which takes some arbitrary value in initial estimation and carry on the iterative process until the convergence of value is observed We have tried to obtained 85 ~ 95% of accuracy using speaker modeling of vector quantization and Gaussian Mixture model ,so by doing various number of experiments we are able to obtain 79 ~ 82% of identification rate using Vector quantization and 85 ~ 92.6% of identification rate using GMM modeling by Expectation maximization parameter estimation depending on variation of parameter.

fgCAPTCHA: Genetically Optimized Face Image CAPTCHA 5

  • Reference Type:  Journal Article
  • Author: Powell, Brian M., Goswami, Gaurav, Vatsa, Mayank, Singh, Richa and Noore, Afzel
  • Year: 2014
  • Journal: Access, IEEE
  • Volume: 2
  • Pages: 473-484
  • DOI: 10.1109/ACCESS.2014.2321001
  • Keywords: Aerospace, Bioengineering, Communication, Networking and Broadcast Technologies, Components, Circuits, Devices and Systems, Computing and Processing, Engineered Materials, Dielectrics and Plasmas, Engineering Profession, Fields, Waves and Electromagnetics, General Topics for Engineers, Geoscience, Nuclear Engineering, Photonics and Electrooptics, Power, Energy and Industry Applications, Robotics and Control Systems, Signal Processing and Analysis, Transportation
  • Notes: mobile devices

Abstract: The increasing use of smartphones, tablets, and other mobile devices poses a significant challenge in providing effective online security. CAPTCHAs, tests for distinguishing human and computer users, have traditionally been popular however, they face particular difficulties in a modern mobile environment because most of them rely on keyboard input and have language dependencies. This paper proposes a novel image-based CAPTCHA that combines the touch-based input methods favored by mobile devices with genetically optimized face detection tests to provide a solution that is simple for humans to solve, ready for worldwide use, and provides a high level of security by being resilient to automated computer attacks. In extensive testing involving over 2600 users and 40000 CAPTCHA tests, fgCAPTCHA demonstrates a very high human success rate while ensuring a 0% attack rate using three well-known face detection algorithms.

CAPTCHA Celebrating its Quattuordecennial - A Complete Reference

  • Reference Type:  Journal Article
  • Author: Ragavi, V. and Geetha, G.
  • Year: 2011
  • Journal: International Journal of Computer Science Issues (IJCSI)
  • Volume: 8
  • Issue: 6
  • Pages: 340-349
  • ISSN: 1694-0814
  • Notes: machine learning

Accents in Handwriting: A Hierarchical Bayesian Approach to Handwriting Analysis

  • Reference Type:  Generic
  • Author: Ramaiah, Chetan
  • Year: 2015
  • Secondary Author: Govindaraju, Venu, Chen, Chang Wen and Jayaraman, Bharat
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Computer Vision, Handwriting Analysis, Machine Learning, Pgm
  • Notes: machine learning

Abstract: The individuality of handwriting has been studied extensively in the handwriting analysis domain. An individual's handwriting is believed to be influenced by genetic and cultural factors. Genetic factors include pen grip style, pen pressure, Kinesthesia, motor skills etc., whereas cultural factors include learning through imitation and multilingualism. The traditional approaches in handwriting analysis generally do not attempt to model or quantify these factors. They function on the assumption that each individual's handwriting is unique, without any shared components among individuals. In our dissertation, we first provide evidence to demonstrate the existence of shared influences in handwriting. We postulate that a handwriting sample can be represented as a distribution over a finite set of handwriting styles. We introduce the concept of accent in handwriting, which is defined to be the influence that a person's native script has when learning to write in a different script. We then exploit the concept of accents in handwriting to demonstrably improve on the state of the art results in several handwriting analysis problems.

We present three distinct hierarchical Bayesian models to analyze and quantify the influences in handwriting. We demonstrate that a mixture of influences of cultural and genetic factors is the ideal representation for handwriting samples. In our models, each handwritten sample is first represented as a bag of features. The feature representation is modeled as a distribution over a set of finite handwriting styles, and classification in the style space representation is performed to identify the accent. Each writing style is thus represented as a distribution over features. In addition, we propose a generic hierarchical framework for handwriting analysis problems. The first step of the framework is accent identification, after which, an accent specific model is learned for the problem. We have validated our approach on two data sets: (i) an in-house data set collected exclusively for the accents in handwriting task and, (ii) the UNIPEN data set, which has the necessary annotations for our purpose. The performance of our approach is demonstrated by comparing the proposed hierarchical approach with the state of the art approaches in various handwriting analysis problems. In particular, we have shown improved performance in both writer identification and handwriting recognition tasks. Finally, we present a novel handwritten CAPTCHA generation technique where the idea of accents in handwriting enhances the robustness of the CAPTCHA generation process.

HMM-based Attacks on Google's ReCAPTCHA with Continuous Visual and Audio Symbols

  • Reference Type:  Journal Article
  • Author: Sano, Shotaro, Otsuka, Takuma, Itoyama, Katsutoshi and Okuno, Hiroshi G.
  • Year: 2015
  • Journal: Journal of Information Processing
  • Volume: 23
  • Issue: 6
  • Pages: 814-826
  • ISSN: 1882-6652
  • DOI: 10.2197/ipsjjip.23.814
  • Keywords: Captcha, Human Interaction Proof, Hidden Markov Model, Continuous Character/Speech Recognition
  • Notes: machine learning

Abstract: CAPTCHAs distinguish humans from automated programs by presenting questions that are easy for humans but difficult for computers, e.g., recognition of visual characters or audio utterances. The state of the art research suggests that the security of visual and audio CAPTCHAs mainly lies in anti-segmentation techniques, because individual symbol recognition after segmentation can be solved with a high success rate with certain machine learning algorithms. Thus, most recent commercial CAPTCHAs present continuous symbols to prevent automated segmentation. We propose a novel framework that can automatically decode continuous CAPTCHAs and assess its effectiveness with actual CAPTCHA questions from Google's reCAPTCHA.

Our framework is constructed on the basis of a sequence recognition method based on hidden Markov models (HMMs), which can be concisely implemented by using an off-the-shelf library HMM toolkit. This method concatenates several HMMs, each of which recognizes a symbol, to build a larger HMM that recognizes a question. Our experimental results reveal vulnerabilities in continuous CAPTCHAs because the solver cracks the visual and audio reCAPTCHA systems with 31.75% and 58.75% accuracy, respectively. We further propose guidelines to prevent possible attacking from HMM-based CAPTCHA solvers on the basis of synthetic experiments with simulated continuous CAPTCHAs.

A Survey of OCR Applications

  • Reference Type:  Journal Article
  • Author: Singh, Amarjot, Bacchuwar, Ketan and Bhasin, Akshay
  • Year: 2012
  • Journal: International Journal of Machine Learning and Computing
  • Volume: 2
  • Issue: 3
  • Pages: 314-318
  • ISSN: 2010-3700
  • DOI: 10.7763/IJMLC.2012.V2.137
  • Keywords: Texts, Websites, Algorithms, Searching, Genetic Algorithms, Electronics, Optical Character Recognition, Character Recognition, Learning (Ci)
  • Notes: machine learning

Abstract: Optical Character Recognition or OCR is the electronic translation of handwritten, typewritten or printed text into machine translated images. It is widely used to recognize and search text from electronic documents or to publish the text on a website. The paper presents a survey of applications of OCR in different fields and further presents the experimentation for three important applications such as Captcha, Institutional Repository and Optical Music Character Recognition. We make use of an enhanced image segmentation algorithm based on histogram equalization using genetic algorithms for optical character recognition. The paper will act as a good literature survey for researchers starting to work in the field of optical character recognition.

Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges

  • Reference Type:  Journal Article
  • Author: Singh, Karanpreet, Singh, Paramvir and Kumar, Krishan
  • Year: 2016
  • Journal: Computers & Security
  • ISSN: 0167-4048
  • DOI: 10.1016/j.cose.2016.10.005
  • Keywords: Systematic Survey, Application Layer Ddos Attacks, Denial of Service, Http-Get Flood, Sophisticated Attacks
  • Notes: machine learning

Abstract: Application layer Distributed Denial of Service (DDoS) attacks have empowered conventional flooding based DDoS with more subtle attacking methods that pose an ever-increasing challenge to the availability of Internet based web services. These attacks hold the potential to cause similar damaging effects as their lower layer counterparts using relatively fewer attacking assets. Being the dominant part of the Internet, HTTP is the prime target of GET flooding attacks, a common practice followed among various application layer DDoS attacks. With the presence of new and improved attack programs, identifying these attacks always seems convoluted. A swift rise in the frequency of these attacks has led to a favorable shift in interest among researchers. Over the recent years, a significant research contribution has been dedicated toward devising new techniques for countering HTTP-GET flood DDoS attacks. In this paper, we conduct a survey of such research contributions following a well-defined systematic process.

A total of 63 primary studies published before August 2015 were selected from six different electronic databases following a careful scrutinizing process. We formulated four research questions that capture various aspects of the identified primary studies. These aspects include detection attributes, datasets, software tools, attack strategies, and underlying modeling methods. The field background required to understand the evolution of HTTP-GET flood DDoS attacks is also presented. The aim of this systematic survey is to gain insights into the current research on the detection of these attacks by comprehensively analyzing the selected primary studies to answer a predefined set of research questions. This survey also discusses various challenges that need to be addressed, and acquaints readers with recommendations for possible future research directions.

Audio CAPTCHA: Existing solutions assessment and a new implementation for VoIP telephony

  • Reference Type:  Journal Article
  • Author: Soupionis, Yannis and Gritzalis, Dimitris
  • Year: 2010
  • Journal: Computers & Security
  • Volume: 29
  • Issue: 5
  • Pages: 603-618
  • ISSN: 0167-4048
  • DOI: 10.1016/j.cose.2009.12.003
  • Keywords: Spit, Audio Captcha Attributes, Voip, Authentication, Evaluation, Speech Recognition, Turing Test
  • Notes: machine learning

Abstract: SPam over Internet Telephony (SPIT) is a potential source of future annoyance in Voice over IP (VoIP) systems. A typical way to launch a SPIT attack is the use of an automated procedure (i.e., bot), which generates calls and produces unsolicited audio messages. A known way to protect against SPAM is a Reverse Turing Test, called CAPTCHA (Completely Automated Public Turing Test to Tell Computer and Humans Apart). In this paper, we evaluate existing audio CAPTCHA, as this type of format is more suitable for VoIP systems, to help them fight bots. To do so, we first suggest specific attributes-requirements that an audio CAPTCHA should meet in order to be effective. Then, we evaluate this set of popular audio CAPTCHA, and demonstrate that there is no existing implementation suitable enough for VoIP environments. Next, we develop and implement a new audio CAPTCHA, which is suitable for SIP-based VoIP telephony. Finally, the new CAPTCHA is tested against users and bots and demonstrated to be efficient.

Authentication Via Multiple Associated Devices

  • Reference Type:  Generic
  • Author: Subils, Jean-Baptiste
  • Year: 2015
  • Secondary Author: Ligatti, Jay, Goldgof, Dmitry and Liu, Yao
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Access Control, Online Authorization, Online Security
  • Notes: machine learning

Abstract: This thesis presents a practical method of authentication utilizing multiple devices. The factors contributing to the practicality of the method are: the utilization of devices already commonly possessed by users and the amenability to being implemented on a wide variety of devices. The term "device" refers to anything able to perform cryptographic operations, store data, and communicate with another such device. In the method presented herein, multiple devices need to be associated with a single user to provide this user an identity in the system. A public key infrastructure is used to provide this identity. Each of the devices associated with a user possesses a public and private key which allow cryptographic operations to be performed. These operations include signing and encrypting data and will prove the identity of each device. The addition of these identities helps authenticate a single user.

A wide variety of devices qualifies to be used by this authentication method. The minimum requirements are: the storage of data such as a private key, the ability to communicate, and a processor to perform the cryptographic operations. Smart devices possess these requirements and the manufacture of such devices can be realized at a reasonable cost. This method is malleable and implemented in numerous authentication protocols.

This thesis illustrates and explains several instances of these protocols. The method's primary novelty is its resistance to theft-based attacks, which results from the utilization of multiple devices to authenticate users. A user associated with multiple devices needs to be in possession of these devices to correctly perform the authentication task. This thesis focuses on the system design of this novel authentication method.

A novel approach for re-authentication protocol using personalized information

  • Reference Type:  Generic
  • Author: Szu-Yu Lin, A. B., Te-En Wei, A. B., Hahn-Ming Lee, A. B., Jeng, A. B. and Chien-Tsung Liu, A. B.
  • Year: 2012
  • Volume: 5
  • Pages: 1826-1829
  • ISBN/ISSN: 2160-133X
  • DOI: 10.1109/ICMLC.2012.6359653
  • Keywords: Computing and Processing, Communication, Networking and Broadcast Technologies, Components, Circuits, Devices and Systems, Bioengineering, Signal Processing and Analysis
  • Notes: machine learning

Abstract: Since authentication is the key to access control security in Internet access for every user, therefore, how to verify a user is who he claimed to be is a very important requirement in Internet security. In some situations, users need to be re-authenticated to make sure that they are still actively engaged in real time interaction. For instance, people will be notified to dial to a specific server phone number to reconfirm his identity again before re-login using their account ID and passwords pairs. This approach has been adopted by many online game servers. In this paper, we proposed a novel approach for re-authentication protocol using personalized information with CAPTCHA.

Effects of Text Rotation, String Length, and Letter Format on Text-based CAPTCHA Robustness

  • Reference Type:  Journal Article
  • Author: Tangmanee, Chatpong
  • Year: 2016
  • Journal: Journal of Applied Security Research
  • Volume: 11
  • Issue: 3
  • Pages: 349-361
  • ISSN: 1936-1610
  • DOI: 10.1080/19361610.2016.1178553
  • Keywords: Article, Captcha, Text Rotation, String Length, Letter Format, Robustness
  • Notes: mobile devices

  Abstract: ABSTRACT CAPTCHA, standing for Completely Automated Public Turing test to tell Computers and Humans Apart, has been adopted as a security check. One way to assess robustness of a text-based CAPTCHA test is to use optical letter reader (OCR) software to read it. If the reading fails, the design is robust. Though many design features have been examined, no research has investigated the effects of text rotation, string length, or letter format on CAPTCHA robustness. Fourteen hundred sixty four text-based CAPTCHA tests were created based on the three variables. The main effects of all three variables and few of the interaction effects on robustness were significant. The findings have both theoretical and practical contributions.

Attitudes towards CAPTCHA: A Survey of Thai Internet Users

  • Reference Type:  Journal Article
  • Author: Tangmanee, Chatpong and Sujarit-Apirak, Paradorn
  • Year: 2013
  • Journal: Journal of Global Business Management
  • Volume: 9
  • Issue: 2
  • Pages: 29-41
  • ISSN: 18173179
  • Keywords: Thailand, Studies, User Behavior, Perceptions, Discriminant Analysis, Market Research, Asia & the Pacific, Experiment/Theoretical Treatment
  • Notes: machine learning

Abstract:  CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". It requires the deciphering of distorted texts, mostly in English that computers still cannot do well. It is also helpful in preventing the abuse of online services. The current text-based CAPTCHA requires users to be able to read English characters. For Thai Internet users who might not be very familiar with English, a Thai language based CAPTCHA may be a more appropriate option. To date, no published work has examined the extent to which Thai Internet users are familiar with CAPTCHA therefore, this study attempts to survey their awareness of, and attitudes towards, the online test.

Based on 340 usable online questionnaire submissions, it was found that Thai Internet users are aware of CAPTCHA, but their understanding of it does not go very deep. Using exploratory factor analysis, their attitudes towards CAPTCHA can be classified in two dimensions: (1) the perceived drawbacks of the CAPTCHA test and (2) the feasibility of Thai language CAPTCHA. In addition to providing our insights into the application of CAPTCHA in the Thai Internet user context, online service providers could take certain measures to improve users' attitudes and understanding regarding CATPCHA. [PUBLICATION ABSTRACT]

Enhancing cyber security through the use of synthetic handwritten CAPTCHAs

  • Reference Type:  Generic
  • Author: Thomas, Achint
  • Year: 2010
  • Secondary Author: Govindaraju, Venugopal, Rapaport, William and Scott, Peter
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Baseline Detection, Captcha, Cyber Security, Handwriting Generation, Reading Proficiency, Textlines
  • Notes: machine learning

Abstract: Online services which allow users to contribute content and interact remotely over the internet in some manner are common today. Many of these services, like spam control for blogs and email account sign-up, require that they be accessed only by humans and not machines (automated scripts or bots). One method of differentiating between humans and bots is by using a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). A number of different genres of CAPTCHAs exist (text-based, visual, auditory, and cognitive). Text-based CAPTCHAs are popular because automatic recognition of degraded, noisy, distorted text with background clutter is still a challenging task for machines, but is a task that humans perform with relative ease. However, recently a significant number of printed-text based CAPTCHAs have been successfully attacked by bots, thus rendering the services they protect vulnerable to attack. Thus there is an urgent need for exploring alternate CAPTCHAs and this serves as the prime motivation for our research. We explore three primary tracks of investigation in this work.

Firstly, we define a set of sound design principles, based on an exploit-avoid-resist philosophy, which must be adhered to while building secure CAPTCHAs. Secondly, we improve the effectiveness of text-based CAPTCHAs by substituting printed text with handwritten text and then layering on additional cognitive tasks. To this end, we develop a fully-automated framework for synthetic handwriting generation to design handwritten CAPTCHAs that will exploit the differential in handwriting reading proficiency between humans and machines. Prior work in this area has focused on synthesizing handwritten textlines to conform to a particular user’s style. We present techniques for simulating handwriting without being writer-specific. Unlike previous work, this is a fully-automated approach based on extracting principal curves from handwritten characters. These serve as a set of control points to allow character-level distortion. We use novel techniques for character baseline detection and ligature parameterization to construct the textlines. A parameterized sinusoid-based function is used to allow random perturbation of these textlines. Using this framework as a basis, we present handwritten CAPTCHAs that perform better than current text-based CAPTCHAs at distinguishing between humans and machines. We also present a novel handwritten CAPTCHA which exploits the mixed-text segmentation problem to deliver sub-0.01% machine recognition rates for respectable human performance.

Thirdly, we present in general terms a new class of CAPTCHA, the interaction-based CAPTCHA, which requires an entity to interact with the challenge to gain access to the solution space. We show how the interaction-based CAPTCHA requires an entity to solve three tasks – interaction, cognition, and recognition – to be able to solve a CAPTCHA challenge. Additionally, we present the 3D shadow CAPTCHA, a specific instance of this new class of CAPTCHAs. The 3D shadow CAPTCHA uses aspects of 3D scene rendering, ray casting, and perspective projection to present unique challenges to machines while remaining intuitive for humans to solve.

Protecting Web Contents against Persistent Crawlers

  • Reference Type:  Generic
  • Author: Wan, Shengye
  • Year: 2016
  • Secondary Author: Sun, Kun, Li, Qun and Zhou, Gang
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Confidential Documents, Crawler, Crawler Detection, Defense System, Web Security
  • Notes: machine learning

Abstract: Web crawlers have been developed for several malicious purposes like downloading server data without permission from website administrator. Armored stealthy crawlers are evolving against new anti-crawler mechanisms in the arms race between the crawler developers and crawler defenders. In this paper, we develop a new anti-crawler mechanism called PathMarker to detect and constrain crawlers that crawl content of servers stealthy and persistently. The basic idea is to add a marker to each web page URL and then encrypt the URL and marker. By using the URL path and user information contained in the marker as the novel features of machine learning, we could accurately detect stealthy crawlers at the earliest stage. Besides effectively detecting crawlers, PathMarker can also dramatically suppress the efficiency of crawlers before they are detected by misleading the crawlers visiting same page's URL with different markers. We deploy our approach on a forum website to collect normal users' data. The evaluation results show that PathMarker can quickly capture all 12 open-source and in-house crawlers, plus two external crawlers (i.e., Googlebots and Yahoo Slurp).

A New Text Based CAPTCHA

  • Reference Type:  Journal Article
  • Author: Wang, Eric and Ye, Yun
  • Year: 2013
  • Journal: Applied Mechanics and Materials
  • Volume: 373-375
  • Pages: 644
  • ISSN: 16609336
  • DOI: 10.4028/www.scientific.net/AMM.373-375.644
  • Keywords: Captcha, Css, Ocr-Based Attack, Replay Attack
  • Notes: machine learning

Abstract:  Attacks on text-based CAPTCHAs are getting more sophisticated. Most existing schemes defend attacks by increasing deformation or distortion rate of words which sacrifice the friendliness of the system. In this paper, we propose a secure one time text-based CAPTCHA scheme which can effectively defend multiple attacks without decreasing the friendliness of the scheme for valid users. The core of our design is an information obfuscation scheme which determines which character image to display and which to hide in an online manner from a sequence of 62 character images which makes it more difficult to attack. Encryption method is employed for protecting display policies which control showing and hiding of information. Prototype has been implemented and the preliminary results are encouraging.

Mitigating rapidly propagating worm threats in emergent networks

  • Reference Type:  Generic
  • Author: Xie, Liang
  • Year: 2008
  • Secondary Author: Zhu, Sencun
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Access Control, Emergent Networks, Peer-to-Peer, Wireless Communications, Worm Threats
  • Notes: machine learning

Abstract: This dissertation presents a series of techniques that help both client devices and network elements defend against a wide variety of worm attacks. These techniques can be deployed to secure emergent networks including peer-to-peer (P2P) file-sharing systems and wireless communication systems. In recent years, worms have emerged as one of the most disastrous security threats to various information systems and network infrastructures. Although Internet worms have been extensively studied, worm issues in such emergent networks as peer-to-peer (P2P) systems and cellular networks have yet received due attention. This dissertation aims at designing automated, realtime, and systematic countermeasures, which leverage the existing internal communication mechanisms and network infrastructure to contain worm propagation. The proposed defenses consist of security solutions for both client and system software. For P2P networks, this dissertation first proposes a partition-based scheme and a CDS-based scheme to contain ultra-fast topological worm spreads. These schemes leverage the underlying P2P overlay for distributing automated security patches to vulnerable machines. They are unique in adopting graph-theory techniques for containing fast spreading worms. This dissertation then proposes a P2P-tailored solution to combat file-sharing worms in P2P environments.

Our solution consists of a download-based scheme and a search-based scheme. Both schemes utilize the existing file-sharing mechanisms to internally disseminate security patches to participating peers in a timely and distributed fashion. For cell-phone networks, this dissertation proposes two device-level defenses for securing smartphone software, namely an access-control–based scheme and a GTT-based scheme. These schemes are unique in that they either enforce security policies in phone devices to identify and block worm attacks or leverage artificial intelligence (AI) methods to differentiate human or worm initiators of the phone applications. This dissertation also proposes a systematic countermeasure consisting of both terminal-level and network-level defenses for combating cell-phone worms. Unlike the existing solutions that split the collaboration between the terminal device and the network to throttle system-wide worm spreads, the proposed solution adopts an identity-based signature scheme at both the sender and the receiver side, and a detection-based automated patching scheme at the network side. Combining terminal-level and network-level defenses effectively speeds up the process of worm detection and victim disinfection. This dissertation also provides solid mathematical analyses, extensive simulations and experiments to evaluate the effectiveness and show the applicability of the proposed defenses. In addition, it discusses some open issues related to the proposed solutions and suggests some interesting directions in combating the worm threats as the emergent networks evolve.

Toward robust video event detection and retrieval under adversarial constraints

  • Reference Type:  Generic
  • Author: Xu, Yi
  • Year: 2016
  • Secondary Author: Frahm, Jan-Michael, Monronse, Fabian, Berg, Tamara, Crandall, David, and Dunn, Enrique
  • Publisher: ProQuest Dissertations Publishing
  • Keywords: Computer Science, Applied Sciences, Computer Vision, Detection, Privacy, Retrieval, Security, Video
  • Notes: mobile devices

Abstract: The continuous stream of videos that are uploaded and shared on the Internet has been leveraged by computer vision researchers for a myriad of detection and retrieval tasks, including gesture detection, copy detection, face authentication, etc. However, the existing state-of-the-art event detection and retrieval techniques fail to deal with several real-world challenges (e.g., low resolution, low brightness and noise) under adversary constraints. This dissertation focuses on these challenges in realistic scenarios and demonstrates practical methods to address the problem of robustness and efficiency within video event detection and retrieval systems in five application settings (namely, CAPTCHA decoding, face liveness detection, reconstructing typed input on mobile devices, video confirmation attack, and content-based copy detection).

Specifically, for CAPTCHA decoding, I propose an automated approach which can decode moving-image object recognition (MIOR) CAPTCHAs faster than humans. I showed that not only are there inherent weaknesses in current MIOR CAPTCHA designs, but that several obvious countermeasures (e.g., extending the length of the codeword) are not viable. More importantly, my work highlights the fact that the choice of underlying hard problem selected by the designers of a leading commercial solution falls into a solvable subclass of computer vision problems. For face liveness detection, I introduce a novel approach to bypass modern face authentication systems. More specifically, by leveraging a handful of pictures of the target user taken from social media, I show how to create realistic, textured, 3D facial models that undermine the security of widely used face authentication solutions. My framework makes use of virtual reality (VR) systems, incorporating along the way the ability to perform animations (e.g., raising an eyebrow or smiling) of the facial model, in order to trick liveness detectors into believing that the 3D model is a real human face. I demonstrate that such VR-based spoofing attacks constitute a fundamentally new class of attacks that point to a serious weaknesses in camera-based authentication systems. For reconstructing typed input on mobile devices, I proposed a method that successfully transcribes the text typed on a keyboard by exploiting video of the user typing, even from significant distances and from repeated reflections. This feat allows us to reconstruct typed input from the image of a mobile phone’s screen on a user’s eyeball as reflected through a nearby mirror, extending the privacy threat to include situations where the adversary is located around a corner from the user.

To assess the viability of a video confirmation attack, I explored a technique that exploits the emanations of changes in light to reveal the programs being watched. I leverage the key insight that the observable emanations of a display (e.g., a TV or monitor) during presentation of the viewing content induces a distinctive flicker pattern that can be exploited by an adversary. My proposed approach works successfully in a number of practical scenarios, including (but not limited to) observations of light effusions through the windows, on the back wall, or off the victim’s face. My empirical results show that I can successfully confirm hypotheses while capturing short recordings (typically less than 4 minutes long) of the changes in brightness from the victim’s display from a distance of 70 meters. Lastly, for content-based copy detection, I take advantage of a new temporal feature to index a reference library in a manner that is robust to the popular spatial and temporal transformations in pirated videos. My technique narrows the detection gap in the important area of temporal transformations applied by would-be pirates. My large-scale evaluation on real-world data shows that I can successfully detect infringing content from movies and sports clips with 90.0% precision at a 71.1% recall rate, and can achieve that accuracy at an average time expense of merely 5.3 seconds, outperforming the stat of the art by an order of magnitude.

CAPTCHA Security: A Case Study

  • Reference Type:  Journal Article
  • Author: Yan, J. and El Ahmad, A. S.
  • Year: 2009
  • Journal: Security & Privacy, IEEE
  • Volume: 7
  • Issue: 4
  • ISSN: 1540-7993
  • DOI: 10.1109/MSP.2009.84
  • Keywords: Computing and Processing
  • Notes: machine learning

Abstract: A simple but novel attack can break some CAPTCHAs with a success rate higher than 90 percent. In contrast to early work that relied on sophisticated computer vision or machine learning techniques, the authors used simple pattern recognition algorithms to exploit fatal design errors.

Game-based image semantic CAPTCHA on handset devices

  • Reference Type:  Journal Article
  • Author: Yang, Tzu- I., Koong, Chorng-Shiuh and Tseng, Chien-Chao
  • Year: 2015
  • Journal: An International Journal
  • Volume: 74
  • Issue: 14
  • Pages: 5141-5156
  • ISSN: 1380-7501
  • DOI: 10.1007/s11042-013-1666-7
  • Keywords: CAPTCHA, Human interactive proofs, Game-based, Unambiguous image semantic, GISCHA
  • Notes: machine learning

Abstract: A completely automated public turing test to tell computer and human apart (CAPTCHA) is based on the Turing test, which aims to protect Internet services from automatic script attacks and spams. However, most proposed or deployed CAPTCHAs have been breached. It is possible to enhance the security of an existing CAPTCHA by adding noises systematically adding noises, but distortions would make characters recognition difficult for humans. On the other hand, most of the traditional CPATCHAs require complicated operations using keyboards and mice which may become limitations of modern handset devices.

In this study, we propose a novel GISCHA using game-based image semantics with the contributions that:

  1. use simple keys, mouse, gesture, and accelerometer instead of complex alphabet inputs
  2. is language independent
  3. enhances the security level without annoying users
  4. is based on more advanced human cognitive abilities
  5. make CAPTCHAs more interesting.

The experiment results show that a single GISCHA challenge was completed in 9.06 s on average with a virtual keyboard and 10.25 s on average with accelerometers build in handset devices, and the pass rate of first time use is 94.8 %, which means that it is sufficiently easy for practical use.

Mobile user authentication system in cloud environment

  • Reference Type:  Journal Article
  • Author: Yeh, Her‐Tyan, Chen, Bing‐Chang and Wu, Yi‐Cong
  • Year: 2013
  • Journal: Security and Communication Networks
  • Volume: 6
  • Issue: 9
  • Pages: 1161-1168
  • ISSN: 1939-0114
  • DOI: 10.1002/sec.688
  • Keywords: Voiceprint Identification, One‐Time Password, Captcha, Visual Cryptography, Cloud
  • Notes: mobile devices

Abstract: In order to reach a safe environment that can be automatically used on the Internet and to take precautions against the Internet fishing attack, the system integrates some features including one‐time password, Completely Automated Public Turing Test to tell Computers and Humans Apart, voiceprint identification of creatural features, and visual cryptography, designing a formula wherein users do not need to remember any accounts and passwords when they surf the Internet through mobile devices, and it aims at smart phones and the Cloud. The formula is able to improve the problems of rampant Internet fishing and the management of passwords. In techniques, on one hand, it uses PIN information visual passwords in cell phones to improve the security of the account on the other hand, it uses voiceprint identification features so that the system center can ensure the user's identification with a view to improve the leak in mobile devices rather than only to check mobile devices. And then, it utilizes the voiceprint, which we use when we log in, to produce a one‐time password that is able to lower the risk of the account and passwords being attacked by Internet fishing.

Through the frame of this research, it can protect our cell phones from being lost and embezzled and can prevent the account and passwords from being attacked by Internet fishing. It can also solve the problem of users forgetting accounts and passwords, and reduce the operational burden of cell phones. Besides, it is capable of preventing the Cloud servers from incurring many malicious registrations and logins, keeping them working efficiently.

Hybrid spam filtering for mobile communication

  • Reference Type:  Journal Article
  • Author: Yoon, Ji Won, Kim, Hyoungshick and Huh, Jun Ho
  • Year: 2010
  • Journal: Computers & Security
  • Volume: 29
  • Issue: 4
  • Pages: 446-459
  • ISSN: 0167-4048
  • DOI: 10.1016/j.cose.2009.11.003
  • Keywords: Spam Sms Messages, Hybrid, Content-Based Filtering, Challenge-Response, Threshold Sensitivity Problem
  • Notes: mobile devices

Abstract: Spam messages are an increasing threat to mobile communication. Several mitigation techniques have been proposed, including white and black listing, challenge-response and content-based filtering. However, none are perfect and it makes sense to use a combination rather than just one. We propose an anti-spam framework based on the hybrid of content-based filtering and challenge-response. A message, that has been classified as uncertain through content-based filtering, is checked further by sending a challenge to the message sender. An automated spam generator is unlikely to send back a correct response, in which case, the message is classified as spam. Our simulation results show the trade-off between the accuracy of anti-spam classifiers and the incurring traffic overhead, and demonstrate that our hybrid framework is capable of achieving high accuracy regardless of the content-based filtering algorithm being used.

Captchas: Are those Needed Anymore?

Moradi, M., & Keyvanpour, M. (2015, October). CAPTCHAs, are those needed anymore?. In Computer and Knowledge Engineering (ICCKE), 2015 5th International Conference on (pp. 137-142). IEEE.