Robust Text CAPTCHAs Using Adversarial Examples

TL;DR

This paper introduces Robust Text CAPTCHA (RTC), a user-friendly and highly secure text-based CAPTCHA system that leverages adversarial examples to resist automated solving by various AI models and defenses.

Contribution

The paper presents a novel CAPTCHA generation method that synthesizes pseudo adversarial CAPTCHAs and employs transferable adversarial attacks to enhance security against AI-based solvers.

Findings

Failure rate lower than one millionth across models

Robust against adversarial training and data pre-processing

High usability maintained

Abstract

CAPTCHA (Completely Automated Public Truing test to tell Computers and Humans Apart) is a widely used technology to distinguish real users and automated users such as bots. However, the advance of AI technologies weakens many CAPTCHA tests and can induce security concerns. In this paper, we propose a user-friendly text-based CAPTCHA generation method named Robust Text CAPTCHA (RTC). At the first stage, the foregrounds and backgrounds are constructed with randomly sampled font and background images, which are then synthesized into identifiable pseudo adversarial CAPTCHAs. At the second stage, we design and apply a highly transferable adversarial attack for text CAPTCHAs to better obstruct CAPTCHA solvers. Our experiments cover comprehensive models including shallow models such as KNN, SVM and random forest, various deep neural networks and OCR models. Experiments show that our CAPTCHAs have a failure rate lower than one millionth in general and high usability. They are also robust against various defensive techniques that attackers may employ, including adversarial training, data pre-processing and manual tagging.