HMM-based attacks on Google’s ReCAPTCHA with continuous visual and audio symbols

Shotaro Sano, Takuma Otsuka, Katsutoshi Itoyama, Hiroshi G. Okuno

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

CAPTCHAs distinguish humans from automated programs by presenting questions that are easy for humans but difficult for computers, e.g., recognition of visual characters or audio utterances. The state of the art research suggests that the security of visual and audio CAPTCHAs mainly lies in anti-segmentation techniques, because individual symbol recognition after segmentation can be solved with a high success rate with certain machine learning algorithms. Thus, most recent commercial CAPTCHAs present continuous symbols to prevent automated segmentation. We propose a novel framework that can automatically decode continuous CAPTCHAs and assess its effectiveness with actual CAPTCHA questions from Google’s reCAPTCHA. Our framework is constructed on the basis of a sequence recognition method based on hidden Markov models (HMMs), which can be concisely implemented by using an offthe-shelf library HMM toolkit. This method concatenates several HMMs, each of which recognizes a symbol, to build a larger HMM that recognizes a question. Our experimental results reveal vulnerabilities in continuous CAPTCHAs because the solver cracks the visual and audio reCAPTCHA systems with 31.75% and 58.75% accuracy, respectively. We further propose guidelines to prevent possible attacking from HMM-based CAPTCHA solvers on the basis of synthetic experiments with simulated continuous CAPTCHAs.

Original languageEnglish
Pages (from-to)814-826
Number of pages13
JournalJournal of Information Processing
Volume23
Issue number6
DOIs
Publication statusPublished - 2015 Nov 15
Externally publishedYes

Keywords

  • CAPTCHA
  • Continuous character/speech recognition
  • Hidden markov model
  • Human interaction proof

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'HMM-based attacks on Google’s ReCAPTCHA with continuous visual and audio symbols'. Together they form a unique fingerprint.

  • Cite this