EnSolver: Uncertainty-Aware Ensemble CAPTCHA Solvers with Theoretical Guarantees
0
⛏️
Sign in to get full access
Overview
- Researchers have been studying CAPTCHA solvers to understand the weaknesses of text-based CAPTCHAs and make them more secure.
- Recent CAPTCHA solvers built on deep learning can crack even challenging CAPTCHAs with high accuracy.
- However, these solvers often perform poorly on "out-of-distribution" CAPTCHA samples that contain visual features different from the training data.
- They also lack the ability to detect and avoid these out-of-distribution samples, making them susceptible to being locked out by defense systems.
Plain English Explanation
The paper introduces a new family of CAPTCHA solvers called EnSolver that use deep ensemble uncertainty to detect and skip out-of-distribution CAPTCHAs. This makes it harder for EnSolver to be detected and blocked by defense systems.
Beyond Known Adversarial Autoencoders for Novelty Detection and A Robust Autoencoder Ensemble-based Approach for Anomaly Detection are examples of prior work on using ensemble methods for anomaly and novelty detection. The EnSolver approach builds on these ideas to handle out-of-distribution CAPTCHA samples.
The key insight is that by using an ensemble of CAPTCHA solvers and measuring the uncertainty in their predictions, EnSolver can identify CAPTCHAs that are significantly different from the training data. It can then choose to skip these problematic samples, making it more difficult for defense systems to detect and block the solver.
Technical Explanation
The paper proposes the EnSolver family of CAPTCHA solvers that leverage deep ensemble uncertainty to detect and skip out-of-distribution CAPTCHA samples. The authors provide novel theoretical bounds on the effectiveness of their solvers and demonstrate their use with state-of-the-art CAPTCHA solvers.
The approach works by training an ensemble of CAPTCHA solvers, each with a different deep learning architecture. When presented with a new CAPTCHA, EnSolver runs it through the ensemble and measures the uncertainty in the predicted labels across the models. If the uncertainty is above a certain threshold, indicating the CAPTCHA is significantly different from the training data, EnSolver will skip that sample.
The authors evaluate their approach on CAPTCHA datasets containing both in-distribution and out-of-distribution samples. The results show that EnSolver performs well at cracking the CAPTCHAs while being more robust to the out-of-distribution samples than previous solvers.
Critical Analysis
The paper makes a valuable contribution by addressing a key limitation of existing CAPTCHA solvers - their poor performance on out-of-distribution samples. The proposed EnSolver approach using deep ensemble uncertainty is a novel and promising solution to this problem.
However, the paper does not provide a detailed discussion of the potential limitations or caveats of the EnSolver approach. For example, it is not clear how the ensemble is constructed or how the uncertainty threshold is determined. Additionally, the evaluation is limited to a single CAPTCHA dataset, and further testing on a wider range of CAPTCHA types would be useful to assess the generalizability of the approach.
Advanced Detection of Source Code Clones via Ensemble and Constraint-Enforcing Reward for Adversarial Attacks on Text Classifiers provide examples of how ensemble methods can be used for novelty detection and robustness in other domains. Exploring these connections could help strengthen the theoretical foundations and practical applications of the EnSolver approach.
Conclusion
This paper presents EnSolver, a family of CAPTCHA solvers that use deep ensemble uncertainty to detect and skip out-of-distribution CAPTCHA samples. This makes the solvers more robust to defense systems that might block them after a certain number of failed attempts.
The key innovation is the use of ensemble methods to measure the uncertainty in CAPTCHA predictions, allowing EnSolver to identify and avoid CAPTCHAs that are significantly different from the training data. This represents an important step forward in making CAPTCHA solvers more secure and effective.
While the paper provides a strong technical foundation, further research is needed to fully explore the limitations and potential extensions of the EnSolver approach. Nonetheless, this work contributes valuable insights to the ongoing efforts to improve the security of text-based CAPTCHAs.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
⛏️
0
EnSolver: Uncertainty-Aware Ensemble CAPTCHA Solvers with Theoretical Guarantees
Duc C. Hoang, Behzad Ousat, Amin Kharraz, Cuong V. Nguyen
The popularity of text-based CAPTCHA as a security mechanism to protect websites from automated bots has prompted researches in CAPTCHA solvers, with the aim of understanding its failure cases and subsequently making CAPTCHAs more secure. Recently proposed solvers, built on advances in deep learning, are able to crack even the very challenging CAPTCHAs with high accuracy. However, these solvers often perform poorly on out-of-distribution samples that contain visual features different from those in the training set. Furthermore, they lack the ability to detect and avoid such samples, making them susceptible to being locked out by defense systems after a certain number of failed attempts. In this paper, we propose EnSolver, a family of CAPTCHA solvers that use deep ensemble uncertainty to detect and skip out-of-distribution CAPTCHAs, making it harder to be detected. We prove novel theoretical bounds on the effectiveness of our solvers and demonstrate their use with state-of-the-art CAPTCHA solvers. Our experiments show that the proposed approaches perform well when cracking CAPTCHA datasets that contain both in-distribution and out-of-distribution samples.
Read more7/1/2024
2
New!Breaking reCAPTCHAv2
Andreas Plesner, Tobias Vontobel, Roger Wattenhofer
Our work examines the efficacy of employing advanced machine learning methods to solve captchas from Google's reCAPTCHAv2 system. We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification. Our main result is that we can solve 100% of the captchas, while previous work only solved 68-71%. Furthermore, our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2. This implies that current AI technologies can exploit advanced image-based captchas. We also look under the hood of reCAPTCHAv2, and find evidence that reCAPTCHAv2 is heavily based on cookie and browser history data when evaluating whether a user is human or not. The code is provided alongside this paper.
Read more9/16/2024
0
Seeing Through the Mask: Rethinking Adversarial Examples for CAPTCHAs
Yahya Jabary, Andreas Plesner, Turlan Kuzhagaliyev, Roger Wattenhofer
Modern CAPTCHAs rely heavily on vision tasks that are supposedly hard for computers but easy for humans. However, advances in image recognition models pose a significant threat to such CAPTCHAs. These models can easily be fooled by generating some well-hidden random noise and adding it to the image, or hiding objects in the image. However, these methods are model-specific and thus can not aid CAPTCHAs in fooling all models. We show in this work that by allowing for more significant changes to the images while preserving the semantic information and keeping it solvable by humans, we can fool many state-of-the-art models. Specifically, we demonstrate that by adding masks of various intensities the Accuracy @ 1 (Acc@1) drops by more than 50%-points for all models, and supposedly robust models such as vision transformers see an Acc@1 drop of 80%-points. These masks can therefore effectively fool modern image classifiers, thus showing that machines have not caught up with humans -- yet.
Read more9/10/2024
0
D-CAPTCHA++: A Study of Resilience of Deepfake CAPTCHA under Transferable Imperceptible Adversarial Attack
Hong-Hanh Nguyen-Le, Van-Tuan Tran, Dinh-Thuc Nguyen, Nhien-An Le-Khac
The advancements in generative AI have enabled the improvement of audio synthesis models, including text-to-speech and voice conversion. This raises concerns about its potential misuse in social manipulation and political interference, as synthetic speech has become indistinguishable from natural human speech. Several speech-generation programs are utilized for malicious purposes, especially impersonating individuals through phone calls. Therefore, detecting fake audio is crucial to maintain social security and safeguard the integrity of information. Recent research has proposed a D-CAPTCHA system based on the challenge-response protocol to differentiate fake phone calls from real ones. In this work, we study the resilience of this system and introduce a more robust version, D-CAPTCHA++, to defend against fake calls. Specifically, we first expose the vulnerability of the D-CAPTCHA system under transferable imperceptible adversarial attack. Secondly, we mitigate such vulnerability by improving the robustness of the system by using adversarial training in D-CAPTCHA deepfake detectors and task classifiers.
Read more9/12/2024