aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA

TL;DR

This paper introduces a novel audio adversarial CAPTCHA system called aaeCAPTCHA that significantly improves security against speech recognition attacks while maintaining acceptable usability levels.

Contribution

The paper presents the design, implementation, and rigorous security evaluation of aaeCAPTCHA, a new audio CAPTCHA leveraging adversarial examples to resist advanced speech recognition attacks.

Findings

aaeCAPTCHA is highly secure against state-of-the-art ASR systems

It maintains high usability with moderate usability costs

The system effectively enhances traditional audio CAPTCHA security

Abstract

CAPTCHAs are designed to prevent malicious bot programs from abusing websites. Most online service providers deploy audio CAPTCHAs as an alternative to text and image CAPTCHAs for visually impaired users. However, prior research investigating the security of audio CAPTCHAs found them highly vulnerable to automated attacks using Automatic Speech Recognition (ASR) systems. To improve the robustness of audio CAPTCHAs against automated abuses, we present the design and implementation of an audio adversarial CAPTCHA (aaeCAPTCHA) system in this paper. The aaeCAPTCHA system exploits audio adversarial examples as CAPTCHAs to prevent the ASR systems from automatically solving them. Furthermore, we conducted a rigorous security evaluation of our new audio CAPTCHA design against five state-of-the-art DNN-based ASR systems and three commercial Speech-to-Text (STT) services. Our experimental evaluations demonstrate that aaeCAPTCHA is highly secure against these speech recognition technologies, even when the attacker has complete knowledge of the current attacks against audio adversarial examples. We also conducted a usability evaluation of the proof-of-concept implementation of the aaeCAPTCHA scheme. Our results show that it achieves high robustness at a moderate usability cost compared to normal audio CAPTCHAs. Finally, our extensive analysis highlights that aaeCAPTCHA can significantly enhance the security and robustness of traditional audio CAPTCHA systems while maintaining similar usability.