Research On Adversarial Attack And Defense Approaches Of CAPTCHA

The development of the Internet and artificial intelligence technology has led to the widespread popularity of intelligent systems.Ensuring that the system is protected from malicious intrusion is of great importance to keep it in a secure environment,and authentication is the first line of defense to prevent malicious intruders.CAPTCHA is one of the most popular mechanisms of identity authentication.It is based on a hard artificialintelligence problem which is easy for human to solve but difficult for machines.A CAPTCHA attempts to automatically distinguish between human and machine identities by using tasks that cannot be solved by machines.Although there are various forms of CAPTCHAs currently available,only text-based,image-based,and audio-based CAPTCHAs have been widely used,given the practical deployment and testing difficulties.Among them,text CAPTCHA is the most widely used due to its easy generation,simple deployment,low cost and strong compatibility.As the main authentication method,the security of CAPTCHAs has been of great concern and has attracted many researchers to research on it.Although there has been a large amount of work on the security of different CAPTCHA schemes,with the rapid development of deep learning technology,the security risk of CAPTCHA is increasing and facing many new challenges.The main problems are:(1)New CAPTCHA mechanisms are constantly proposed,but the robustness of these new CAPTCHAs still lacks experimental evaluation and systematic analysis,and it is still unknown whether they can really resist the attacks of existing deep learning techniques;(2)Existing text CAPTCHA cracking focuses more on theoretical values(success rate)and scenarios,which is practically inefficient and difficult to implement in real attack scenarios,and the attack efficiency needs to be further explored;(3)Existing CAPTCHAs lack effective protection methods against deep learning model attacks,and the latest development of adversarial learning technology brings new possibilities for the design of CAPTCHAs,and previous work lacks exploration and exploration of the advantages of combining the two.To address the above problems,this dissertation exploits the advantages of deep learning technology,as well as adversarial learning techniques,adversarial generation,transfer learning and ensemble learning,to investigate the following four aspects of CAPTCHA security.The main work is as follows:(1)We propose a segmentation-based attack for hollow CAPTCHAs.As an emerging CAPTCHA,the security of hollow CAPTCHA is highly expected because it is difficult to remove noise lines,cut characters and identify contours,etc.However,it is difficult to apply the existing solid character CAPTCHA directly to hollow characters.Therefore,this dissertation proposes a hollow CAPTCHA attack method based on graph search algorithm and convolutional neural network.In order to completely separate each hollow character,our method first detects all hollow concatenated domains,colors different character components based on the concatenated domains,then removes invalid component parts by the same threshold,and finally selects the optimal solution for the character by combining the graph search algorithm and convolutional neural network.The experimental results show that the method can successfully crack a large range of hollow CAPTCHAs,and also prove that hollow CAPTCHAs are not secure.(2)A new attack for text CAPTCHAs with large character sets is proposed.Text CAPTCHAs based on large character sets have huge character classes and classification levels,and apply multiple complex backgrounds and image fusion and other features to increase the recognition difficulty,however,their security has yet to be studied.For clickbased CAPTCHAs,this thesis first uses an image generator to simulate synthetic training samples,then trains a target detection model to extract the click-based CAPTCHA characters,and finally trains a recognizer to complete the recognition.For input-based CAPTCHAs,the proposed attention-based recognition model can achieve end-to-end cracking.The experimental results show that the method can successfully crack large character set CAPTCHAs without collecting real samples and performing image processing operations,in addition,it is also proved that text CAPTCHAs based on large character sets are not secure.(3)A low-cost transfer learning-based end-to-end attack for text CAPTCHAs is proposed.Deep learning-based cracking requires a large number of real samples to train the model,and it is difficult and costly to collect and label a large number of real samples in practical scenarios.In order to further improve the attack efficiency,this dissertation trains the basic recognition model using unrelated random CAPTCHAs generated at low cost,and then fine-tunes the model using a small number of real CAPTCHAs using transfer learning techniques to significantly improve the CAPTCHA recognition accuracy and cracking efficiency.The experimental results show that the method can achieve efficient cracking of a large number of Chinese and English CAPTCHAs,and it is demonstrated that the similarity between the samples used in the training of the base model and the real samples in the transfer learning-based attack is not critical.(4)We propose an audio adversarial CAPTCHA protection method based on adversarial examples.Based on the analysis of existing security research,we propose an adversarial example generation approach for audio CAPTCHAs,which takes advantage of the generation of generative adversarial networks to improve the robustness of audio CAPTCHAs by adding adversarial perturbations to the audio CAPTCHAs to resist the attacks of deep learning-based automatic speech recognition models.The experimental results show that the proposed approach can achieve efficient adversarial generation for different forms of audio CAPTCHAs,and the generated adversarial CAPTCHAs can effectively resist multiple recognition models without noise affecting human ear hearing.