A Paradigm Shift for the CAPTCHA Race

Adding Uncertainty to the Process

Shinil Kwon, Sungdeok Cha

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) challenges are often correctly solved by software but have increasingly become too difficult for humans to pass. If the correct response to a challenge remains the same, robots can gather invaluable information from accidental successes and will easily defeat future challenges through heuristic learning. Introducing uncertainty to the challenges will fundamentally change the rules of image-based CAPTCHA systems. This new approach temporarily excludes some images from a challenge's results, assigning them a neutral role. However, future challenges might include these images. So, successful responses might differ between challenges even though the challenges use the same images, thereby eliminating the threat of heuristic attacks. To further reduce the chance of robots accidently passing a challenge, this approach analyzes the decisions made on neutral images. If the outcome would have been different had the challenge results included the neutral images, those images are added to a 'trap'' database and included in future challenges. In experiments, this approach almost always defeated powerful robots (for example, robots using heuristic learning or a search engine), but humans could still easily pass the challenges.

Original languageEnglish
Article number7412614
Pages (from-to)80-85
Number of pages6
JournalIEEE Software
Volume33
Issue number6
DOIs
Publication statusPublished - 2016 Nov 1

Fingerprint

Robots
Search engines
Uncertainty
Experiments

Keywords

  • automated Turing test
  • CAPTCHA
  • heuristic attack
  • software development
  • software engineering

ASJC Scopus subject areas

  • Software

Cite this

A Paradigm Shift for the CAPTCHA Race : Adding Uncertainty to the Process. / Kwon, Shinil; Cha, Sungdeok.

In: IEEE Software, Vol. 33, No. 6, 7412614, 01.11.2016, p. 80-85.

Research output: Contribution to journalArticle

@article{5bc4e3ea2cd74b4db8aa238c9b296d67,
title = "A Paradigm Shift for the CAPTCHA Race: Adding Uncertainty to the Process",
abstract = "CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) challenges are often correctly solved by software but have increasingly become too difficult for humans to pass. If the correct response to a challenge remains the same, robots can gather invaluable information from accidental successes and will easily defeat future challenges through heuristic learning. Introducing uncertainty to the challenges will fundamentally change the rules of image-based CAPTCHA systems. This new approach temporarily excludes some images from a challenge's results, assigning them a neutral role. However, future challenges might include these images. So, successful responses might differ between challenges even though the challenges use the same images, thereby eliminating the threat of heuristic attacks. To further reduce the chance of robots accidently passing a challenge, this approach analyzes the decisions made on neutral images. If the outcome would have been different had the challenge results included the neutral images, those images are added to a 'trap'' database and included in future challenges. In experiments, this approach almost always defeated powerful robots (for example, robots using heuristic learning or a search engine), but humans could still easily pass the challenges.",
keywords = "automated Turing test, CAPTCHA, heuristic attack, software development, software engineering",
author = "Shinil Kwon and Sungdeok Cha",
year = "2016",
month = "11",
day = "1",
doi = "10.1109/MS.2016.32",
language = "English",
volume = "33",
pages = "80--85",
journal = "IEEE Software",
issn = "0740-7459",
publisher = "IEEE Computer Society",
number = "6",

}

TY - JOUR

T1 - A Paradigm Shift for the CAPTCHA Race

T2 - Adding Uncertainty to the Process

AU - Kwon, Shinil

AU - Cha, Sungdeok

PY - 2016/11/1

Y1 - 2016/11/1

N2 - CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) challenges are often correctly solved by software but have increasingly become too difficult for humans to pass. If the correct response to a challenge remains the same, robots can gather invaluable information from accidental successes and will easily defeat future challenges through heuristic learning. Introducing uncertainty to the challenges will fundamentally change the rules of image-based CAPTCHA systems. This new approach temporarily excludes some images from a challenge's results, assigning them a neutral role. However, future challenges might include these images. So, successful responses might differ between challenges even though the challenges use the same images, thereby eliminating the threat of heuristic attacks. To further reduce the chance of robots accidently passing a challenge, this approach analyzes the decisions made on neutral images. If the outcome would have been different had the challenge results included the neutral images, those images are added to a 'trap'' database and included in future challenges. In experiments, this approach almost always defeated powerful robots (for example, robots using heuristic learning or a search engine), but humans could still easily pass the challenges.

AB - CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) challenges are often correctly solved by software but have increasingly become too difficult for humans to pass. If the correct response to a challenge remains the same, robots can gather invaluable information from accidental successes and will easily defeat future challenges through heuristic learning. Introducing uncertainty to the challenges will fundamentally change the rules of image-based CAPTCHA systems. This new approach temporarily excludes some images from a challenge's results, assigning them a neutral role. However, future challenges might include these images. So, successful responses might differ between challenges even though the challenges use the same images, thereby eliminating the threat of heuristic attacks. To further reduce the chance of robots accidently passing a challenge, this approach analyzes the decisions made on neutral images. If the outcome would have been different had the challenge results included the neutral images, those images are added to a 'trap'' database and included in future challenges. In experiments, this approach almost always defeated powerful robots (for example, robots using heuristic learning or a search engine), but humans could still easily pass the challenges.

KW - automated Turing test

KW - CAPTCHA

KW - heuristic attack

KW - software development

KW - software engineering

UR - http://www.scopus.com/inward/record.url?scp=84994528924&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84994528924&partnerID=8YFLogxK

U2 - 10.1109/MS.2016.32

DO - 10.1109/MS.2016.32

M3 - Article

VL - 33

SP - 80

EP - 85

JO - IEEE Software

JF - IEEE Software

SN - 0740-7459

IS - 6

M1 - 7412614

ER -