AI can easily break text CAPTCHA: new research

Source: Xinhua| 2018-12-24 09:51:08|Editor: mmm
Video PlayerClose

XI'AN, Dec. 24 (Xinhua) -- A new study suggested that text-based CAPTCHAs, one of the most widely used website security mechanisms, are no longer safe when facing smarter artificial intelligence.

Text-based CAPTCHA uses a jumble of distorted or blurred letters, characters and numbers to distinguish humans from computer programs, to block the latter from accessing polls and auctions disguised as a human user. This reverse Turing test builds on the belief that people are more adept at recognizing these symbols than machines.

But researchers from China's Northwest University, Peking University, and Lancaster University in Britain said they developed a new algorithm, based on machine learning, that can break most text-based CAPTCHAs within 0.05 seconds.

The research was published in a paper presented at the ACM Conference on Computer and Communications Security (CCS) 2018 in Toronto. It described the algorithm as "generic, low-effort yet effective" compared with previous attacks on CAPTCHAs that could be laborious and scheme-specific.

Fang Dingyi, co-author of the paper at Northwest University, said the program had been tested on CAPTCHA schemes used by 50 popular websites including those operated by Google, Wikipedia, Microsoft, Baidu, Alibaba, and Tencent.

Overall, the program had a success rate of over 50 percent of decoding CAPTCHAs on most websites within 0.05 seconds. Its success rate of decoding certain Google CAPTCHAs, considered to be the most difficult, stood at 3 percent.

"It is widely believed that a CAPTCHA scheme is ineffective if the decoding rate is above 1 percent," said Tang Zhanyong, co-author of the paper at Northwest University.

The AI tool draws on a technique known as the "generative adversarial network," or GAN. It teaches a CAPTCHA generator program to produce large numbers of training CAPTCHAs, which are then used to train a solver to break real CAPTCHAs.

"This research suggests one can easily launch an attack on a new CAPTCHA scheme using AI. It means that this first defense of many websites is no longer reliable," said Fang.

The researchers advised website owners to consider deploying alternative multiple-layer security mechanisms. Fang said his team is looking at ways to develop a more reliable CAPTCHA system.

"We want to offer an alternative to the current text-based CAPTCHA scheme. The alternative should improve its security without compromising the user experience," Fang said.

TOP STORIES
EDITOR’S CHOICE
MOST VIEWED
EXPLORE XINHUANET
010020070750000000000000011100001376950661
国产无码在线观看免费在线,37pao国产成视频,日韩一区二区视频在线,国产国产人免费人成免费视频麻豆
中文字幕一精品亚洲无线一区 | 日本有码视频中文字幕 | 在线亚洲精品国产二区图片欧美 | 亚洲欧美中文日韩aⅴ手机版 | 一级国产加日韩加欧美 | 亚洲精品国产精品乱卡 |