Home > Research > Publications & Outputs > Yet Another Text Captcha Solver

Electronic data

  • ccs18

    Rights statement: © ACM, 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3243734.3243754

    Accepted author manuscript, 2 MB, PDF-document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published

Standard

Yet Another Text Captcha Solver : A Generative Adversarial Network Based Approach. / Ye, Guixin; Tang, Zhanyong; Fang, Dingyi; Zhu, Zhanxing; Feng, Yansong; Xu, Pengfei; Chen, Xiaojiang; Wang, Zheng.

25th ACM Conference on Computer and Communications Security (CCS). New York : ACM, 2018. p. 332-348.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Harvard

Ye, G, Tang, Z, Fang, D, Zhu, Z, Feng, Y, Xu, P, Chen, X & Wang, Z 2018, Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach. in 25th ACM Conference on Computer and Communications Security (CCS). ACM, New York, pp. 332-348. https://doi.org/10.1145/3243734.3243754

APA

Ye, G., Tang, Z., Fang, D., Zhu, Z., Feng, Y., Xu, P., ... Wang, Z. (2018). Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach. In 25th ACM Conference on Computer and Communications Security (CCS) (pp. 332-348). New York: ACM. https://doi.org/10.1145/3243734.3243754

Vancouver

Ye G, Tang Z, Fang D, Zhu Z, Feng Y, Xu P et al. Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach. In 25th ACM Conference on Computer and Communications Security (CCS). New York: ACM. 2018. p. 332-348 https://doi.org/10.1145/3243734.3243754

Author

Ye, Guixin ; Tang, Zhanyong ; Fang, Dingyi ; Zhu, Zhanxing ; Feng, Yansong ; Xu, Pengfei ; Chen, Xiaojiang ; Wang, Zheng. / Yet Another Text Captcha Solver : A Generative Adversarial Network Based Approach. 25th ACM Conference on Computer and Communications Security (CCS). New York : ACM, 2018. pp. 332-348

Bibtex

@inproceedings{6ad49e66d54c433095f703b02e21ee50,
title = "Yet Another Text Captcha Solver: A Generative Adversarial Network Based Approach",
abstract = "Despite several attacks have been proposed, text-based CAPTCHAs are still being widely used as a security mechanism. One of the reasons for the pervasive use of text captchas is that many of theprior attacks are scheme-specific and require a labor-intensive and time-consuming process to construct. This means that a change in the captcha security features like a noisier background can simply invalid an earlier attack. This paper presents a generic, yet effective text captcha solver based on the generative adversarial network. Unlike prior machine-learning-based approaches that need a large volume of manually-labeled real captchas to learn an effective solver, our approach requires significantly fewer real captchas but yields much better performance. This is achieved by first learning a captcha synthesizer to automatically generate synthetic captchas tolearn a base solver, and then fine-tuning the base solver on a small set of real captchas using transfer learning. We evaluate our approach by applying it to 33 captcha schemes, including 11 schemes that are currently being used by 32 of the top-50 popular websites including Microsoft, Wikipedia, eBay and Google. Our approach is the most capable attack on text captchas seen to date. It outperforms four state-of-the-art text-captcha solvers by not only delivering a significantly higher accuracy on all testing schemes, but also successfully attacking schemes where others have zero chance. We show that our approach is highly efficient as it can solve a captcha within0.05 second using a desktop GPU. We demonstrate that our attack is generally applicable because it can bypass the advanced security features employed by most modern text captcha schemes. We hope the results of our work can encourage the community to revisit the design and practical use of text captchas.",
author = "Guixin Ye and Zhanyong Tang and Dingyi Fang and Zhanxing Zhu and Yansong Feng and Pengfei Xu and Xiaojiang Chen and Zheng Wang",
note = "{\circledC} ACM, 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3243734.3243754",
year = "2018",
month = "10",
day = "15",
doi = "10.1145/3243734.3243754",
language = "English",
isbn = "9781450356930",
pages = "332--348",
booktitle = "25th ACM Conference on Computer and Communications Security (CCS)",
publisher = "ACM",

}

RIS

TY - GEN

T1 - Yet Another Text Captcha Solver

T2 - A Generative Adversarial Network Based Approach

AU - Ye, Guixin

AU - Tang, Zhanyong

AU - Fang, Dingyi

AU - Zhu, Zhanxing

AU - Feng, Yansong

AU - Xu, Pengfei

AU - Chen, Xiaojiang

AU - Wang, Zheng

N1 - © ACM, 2018. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3243734.3243754

PY - 2018/10/15

Y1 - 2018/10/15

N2 - Despite several attacks have been proposed, text-based CAPTCHAs are still being widely used as a security mechanism. One of the reasons for the pervasive use of text captchas is that many of theprior attacks are scheme-specific and require a labor-intensive and time-consuming process to construct. This means that a change in the captcha security features like a noisier background can simply invalid an earlier attack. This paper presents a generic, yet effective text captcha solver based on the generative adversarial network. Unlike prior machine-learning-based approaches that need a large volume of manually-labeled real captchas to learn an effective solver, our approach requires significantly fewer real captchas but yields much better performance. This is achieved by first learning a captcha synthesizer to automatically generate synthetic captchas tolearn a base solver, and then fine-tuning the base solver on a small set of real captchas using transfer learning. We evaluate our approach by applying it to 33 captcha schemes, including 11 schemes that are currently being used by 32 of the top-50 popular websites including Microsoft, Wikipedia, eBay and Google. Our approach is the most capable attack on text captchas seen to date. It outperforms four state-of-the-art text-captcha solvers by not only delivering a significantly higher accuracy on all testing schemes, but also successfully attacking schemes where others have zero chance. We show that our approach is highly efficient as it can solve a captcha within0.05 second using a desktop GPU. We demonstrate that our attack is generally applicable because it can bypass the advanced security features employed by most modern text captcha schemes. We hope the results of our work can encourage the community to revisit the design and practical use of text captchas.

AB - Despite several attacks have been proposed, text-based CAPTCHAs are still being widely used as a security mechanism. One of the reasons for the pervasive use of text captchas is that many of theprior attacks are scheme-specific and require a labor-intensive and time-consuming process to construct. This means that a change in the captcha security features like a noisier background can simply invalid an earlier attack. This paper presents a generic, yet effective text captcha solver based on the generative adversarial network. Unlike prior machine-learning-based approaches that need a large volume of manually-labeled real captchas to learn an effective solver, our approach requires significantly fewer real captchas but yields much better performance. This is achieved by first learning a captcha synthesizer to automatically generate synthetic captchas tolearn a base solver, and then fine-tuning the base solver on a small set of real captchas using transfer learning. We evaluate our approach by applying it to 33 captcha schemes, including 11 schemes that are currently being used by 32 of the top-50 popular websites including Microsoft, Wikipedia, eBay and Google. Our approach is the most capable attack on text captchas seen to date. It outperforms four state-of-the-art text-captcha solvers by not only delivering a significantly higher accuracy on all testing schemes, but also successfully attacking schemes where others have zero chance. We show that our approach is highly efficient as it can solve a captcha within0.05 second using a desktop GPU. We demonstrate that our attack is generally applicable because it can bypass the advanced security features employed by most modern text captcha schemes. We hope the results of our work can encourage the community to revisit the design and practical use of text captchas.

U2 - 10.1145/3243734.3243754

DO - 10.1145/3243734.3243754

M3 - Conference contribution/Paper

SN - 9781450356930

SP - 332

EP - 348

BT - 25th ACM Conference on Computer and Communications Security (CCS)

PB - ACM

CY - New York

ER -