A simple generic attack on text captchas

Electronic data

simple-generic-attack-text-captchas
Rights statement: Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author’s employer if the paper was prepared within the scope of employment. NDSS ’16, 21-24 February 2016, San Diego, CA, USA Copyright 2016 Internet Society
Final published version, 811 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Text available via DOI:

https://doi.org/10.14722/ndss.2016.23154
Final published version

View graph of relations

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Published

Jeff Yan

More...

Publication date	22/02/2016
Host publication	NDSS Symposium 2016
Number of pages	14
<mark>Original language</mark>	English
Event	Network and Distributed System Security Symposium 2016 - Catamaran Resort Hotel & Spa, San Diego, United States Duration: 21/02/2016 → 24/02/2016 http://www.internetsociety.org/events/ndss-symposium-2016

Symposium

Symposium	Network and Distributed System Security Symposium 2016
Abbreviated title	NDSS ’16
Country/Territory	United States
City	San Diego
Period	21/02/16 → 24/02/16
Internet address	http://www.internetsociety.org/events/ndss-symposium-2016

Symposium

Symposium	Network and Distributed System Security Symposium 2016
Abbreviated title	NDSS ’16
Country/Territory	United States
City	San Diego
Period	21/02/16 → 24/02/16
Internet address	http://www.internetsociety.org/events/ndss-symposium-2016

Abstract

Text-based Captchas have been widely deployed across the Internet to defend against undesirable or malicious bot programs. Many attacks have been proposed; these fine prior art advanced the scientific understanding of Captcha robustness, but most of them have a limited applicability. In this paper, we report a simple, low-cost but powerful attack that effectively breaks a wide range of text Captchas with distinct design features, including those deployed by Google, Microsoft, Yahoo!, Amazon and other Internet giants. For all the schemes, our attack achieved a success rate ranging from 5% to 77%, and achieved an average speed of solving a puzzle in less than 15 seconds on a standard desktop computer (with a 3.3GHz Intel Core i3 CPU and 2 GB RAM). This is to date the simplest generic attack on text Captchas. Our attack is based on Log-Gabor filters; a famed application of Gabor filters in computer security is John Daugman’s iris recognition algorithm. Our work is the first to apply Gabor filters for breaking Captchas.

Bibliographic note

Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author’s employer if the paper was prepared within the scope of employment. NDSS ’16, 21-24 February 2016, San Diego, CA, USA Copyright 2016 Internet Society

Research

Electronic data

Links

Text available via DOI: