Breaking reCAPTCHAs with Unpredictable Collapse: Heuristic Character Segmentation and Recognition

  • Claudia Cruz-Perez
  • Oleg Starostenko
  • Fernando Uceda-Ponga
  • Vicente Alarcon-Aquino
  • Leobardo Reyes-Cabrera
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7329)

Abstract

In this paper we present a novel approach for automatic segmentation and recognition of reCAPTCHA in Web sites. It is based on CAPTCHA image preprocessing with character alignment, morphological segmentation with three-color bar character encoding and heuristic recognition. The original proposal consists in exploiting three-color bar code for characters in CAPTCHA for their robust segmentation with presence of random collapse overlapping letters and distortions by particular patterns of waving rotation. Additionally, a novel implementation of SVM-based learning classifier for recognition of combinations of characters in training corpus has been proposed that permits to increment more than twice the recognition success rate without time extension of system response. The main goal of this research is to reduce vulnerability of CAPTCHA from spam and frauds as well as to provide a novel approach for recognizing either handwritten or degraded and damaged texts in ancient manuscripts. Our designed framework implementing the proposed approach has been tested in real-time applications with sites used CAPTCHAS achieving segmentation success rate about of 82% and recognition success rate about of 94%.

Keywords

reCAPTCHA breaking segmentation attack unpredictable collapse three-color bar character encoding heuristic classifier 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. J. Commun. ACM 47, 56–60 (2004)CrossRefGoogle Scholar
  2. 2.
    Yan, J.: A low-cost attack on a Microsoft CAPTCHA. In: 15th ACM Conf. on Comp. and Com. Security, USA, pp. 543–554 (2008), http://homepages.cs.ncl.ac.uk/jeff.yan/msn_draft.pdf
  3. 3.
    Kluever, K.A., Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: 5th Symposium on Usable Privacy and Security, CA, USA (2009)Google Scholar
  4. 4.
    Yan, J., Salah, A., Ahmad, E.: The robustness of a new CAPTCHA. In: 3rd Workshop on System Security, NY, USA, pp. 36–41 (2010), http://doi.acm.org/10.1145/1752046.1752052
  5. 5.
    Chellapilla, K., Simard, P.Y.: Using Machine Learning to Break Visual Human Interaction Proofs (HIPs). In: Saul, L.K., Weiss, Y., Bottou, L. (eds.) Advances in Neural Information Processing Systems, pp. 265–272. MIT Press, MA (2005)Google Scholar
  6. 6.
    Elson, J.: Asirra: a CAPTCHA that exploits interest-aligned manual image categorization. In: 14th ACM Conf. on Computer and Com. Security, New York, USA, pp. 366–374 (2007)Google Scholar
  7. 7.
    Zhu, B., Yan, J., et al.: Attacks and design of image recognition CAPTCHAs. In: 17th ACM Conf. on Computer and Com. Security, NY, USA, pp. 187–200 (2010)Google Scholar
  8. 8.
    Vikram, S., Fan, Y., Gu, G.: Semage: a new image-based two-factor CAPTCHA. In: 27th Comp. Security Appl. Conf., NY, USA, pp. 237–246 (2011)Google Scholar
  9. 9.
    Yan, J., Salah, A.: Usability of CAPTCHAs or usability issues in CAPTCHA design. In: 4th Symp. on Usable Privacy and Security, NY, USA, pp. 44–52 (2008)Google Scholar
  10. 10.
    Bursztein, E., Bethard, S., et al.: How good are humans at solving CAPTCHAs? A large scale evaluation. In: IEEE Symp. on Security and Privacy, Washington, USA, pp. 399–413 (2010)Google Scholar
  11. 11.
    Bursztein, E., Matthieu, M., John, M.: Text-based CAPTCHA Strengths and Weaknesses. In: 18th ACM Conf. on Computer and Com. Security, Ill, USA, pp. 125–138 (2011), http://ly.tl/p22
  12. 12.
    Ahn, L., et al.: reCAPTCHA: Human-Based Character Recogn. via Web Security Measures. Science J. 321(5895), 1465–1468 (2008), http://www.sciencemag.org/content/321/5895/1465 MATHCrossRefGoogle Scholar
  13. 13.
    Mori, G.: Breaking a Vis. CAPTCHA (2012), http://www.cs.sfu.ca/~mori/research/gimpy/
  14. 14.
    Kluever, K., Zanibbi, R.: Breaking the PayPal CAPTCHA (2008), http://www.kloover.com/2008/05/12/breaking-the-paypalcom-captcha/
  15. 15.
    Dawson, K.: Windows Live Hotmail CAPTCHA Cracked, Exploited (2008), http://tech.slashdot.org/article.pl?sid=08/04/15/1941236&from=rss, and Gmail CAPTCHA Cracked, http://it.slashdot.org/article.pl?sid=08/02/27/0045242
  16. 16.
    Li, S., Syed, A., et al.: Breaking e-Baking CAPTCHAs. In: 26th Comp. Security Appl. Conf., NY, USA, pp. 171–180 (2010), http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=summary.php&id=53
  17. 17.
    Kruglov, S.: Defeating of weak CAPTCHAs (2012), http://www.captcha.ru/en/breakings/

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Claudia Cruz-Perez
    • 1
  • Oleg Starostenko
    • 1
  • Fernando Uceda-Ponga
    • 1
  • Vicente Alarcon-Aquino
    • 1
  • Leobardo Reyes-Cabrera
    • 1
  1. 1.CENTIA, Department of Computing, Electronics, and MechatronicsUniversidad de las Américas PueblaCholulaMéxico

Personalised recommendations